Roundcube Webmail 0.1 - CSS Expression Input Validation

Roundcube Webmail 0.1 - CSS Expression Input Validation source: https://www.securityfocus.com/bid/26800/info Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages. Attackers can exploit this issue to execute arbitrary script code in the...

Roundcube Webmail 0.1 - CSS Expression Input Validation

source: https://www.securityfocus.com/bid/26800/info Roundcube Webmail is prone to an input-validation vulnerability because it fails to sanitize HTML email messages. Attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user. Successful attacks can...

roundcube-XSS.txt

There is an XSS vulnerability in roundcube webmail: http://demo.roundcube.net/?task=';alert%22XSS%22// Btw, we've been posting 0-day XSS vulnerabilities at http://sla.ckers.org/forum/list.php?3 to take it out of the full disclosure list since lots of people don't want to see the sheer volume of...

Roundcube Webmail 0.1 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21042/info Roundcube Webmail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in th...

Roundcube Webmail 0.1 - index.php Cross-Site Scripting

Roundcube Webmail 0.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21042/info Roundcube Webmail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script co...

CVE-2005-4368

roundcube webmail Alpha, with a default high verbose level $rcmailconfig'debuglevel' = 1, allows remote attackers to obtain the full path of the application via an invalidtask parameter, which leaks the path in an error message...

CVE-2005-4368

roundcube webmail Alpha, with a default high verbose level $rcmailconfig'debuglevel' = 1, allows remote attackers to obtain the full path of the application via an invalidtask parameter, which leaks the path in an error message...

CVE-2005-4368

CVE-2005-4368 affects Roundcube Webmail Alpha. When rcube_config['debug_level'] is set to 1 (default high verbose), an attacker can trigger an invalid_task to cause an error message that discloses the full application path. The available connected documents confirm the vulnerability description a...

CVE-2005-4368

roundcube webmail Alpha, with a default high verbose level $rcmailconfig'debuglevel' = 1, allows remote attackers to obtain the full path of the application via an invalidtask parameter, which leaks the path in an error message...

Fullpath disclosure in roundcube webmail

I try this request in my mailbox http://xxxx.com/roundcube/?auth=3Dcf559dcf52d8801ccd51cd1f3ba3eca08d1b0bce= &task=3Dma60il then roundcube shows this warning PHP Error in /usr/local/apache2/htdocs/roundcube/index.php 301: Invalid request failed/file not found The requested page was not found!...

CVE-2023-46267

Removed by vendor...