GLSA-202507-10 : Roundcube: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202507-10 Roundcube: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Roundcube. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block direct...

July “In the Trend of VM” (#17): vulnerabilities in Microsoft Windows and Roundcube

July "In the Trend of VM" 17: vulnerabilities in Microsoft Windows and Roundcube. A traditional monthly roundup. This time, it's a very short one. Post on Habr rus Digest on the PT website rus Only three trending vulnerabilities: Remote Code Execution - Internet Shortcut Files CVE-2025-33053...

About Remote Code Execution – Roundcube (CVE-2025-49113) vulnerability

About Remote Code Execution - Roundcube CVE-2025-49113 vulnerability. Roundcube is a popular open-source webmail client IMAP. An authenticated attacker can exploit this vulnerability to execute arbitrary code on the Roundcube Webmail server. The issue is caused by the Deserialization of Untrusted...

Exploit for CVE-2025-49113

CVE-2025-49113 – Roundcube Webmail RCE Exploit Python PoC...

Exploit for CVE-2025-49113

CVE-2025-49113 Roundcube Exploit A Python exploit for CVE-202...

Ubuntu: Security Advisory (USN-7636-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 24.04 LTS : Roundcube Webmail vulnerability (USN-7636-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7636-1 advisory. It was discovered that Roundcube Webmail incorrectly handled sanitization in the messagebody function. A remote attacker could possibly use this issue to send and...

USN-7636-1: Roundcube Webmail vulnerability

It was discovered that Roundcube Webmail incorrectly handled sanitization in the messagebody function. A remote attacker could possibly use this issue to send and receive emails as another user...

USN-7636-1 roundcube vulnerability

It was discovered that Roundcube Webmail incorrectly handled sanitization in the messagebody function. A remote attacker could possibly use this issue to send and receive emails as another user...

Metasploit Weekly Wrap-Up 06/17/2025

New Modules & Adapters, and Improvements! This week’s release brings new modules, additional adapter payloads and improvements to existing modules and features. These modules target software such as ThinManager, Remote for Mac, Roundcube and more. It also includes additional work from bcoles that...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2024-42008 RoundCube XSS Exploit Overview This reposi...

ROS-20250703-09

Vulnerability of RoundCube Webmail mail client is related to flaws in deserialization mechanism of from parameter processing. processing the from parameter. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code by sending a specially crafted request...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Roundcube vulnerability (USN-7584-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7584-1 advisory. It was discovered that Roundcube Webmail did not properly sanitize the from parameter in a URL,...

Ubuntu: Security Advisory (USN-7584-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for CVE-2025-49113

CVE-2025-49113 Scanner 🔍 Description A powerful, multi-me...

USN-7584-1: Roundcube vulnerability

It was discovered that Roundcube Webmail did not properly sanitize the from parameter in a URL, leading to PHP Object Deserialization. A remote attacker could possibly use this issue to execute arbitrary code...

USN-7584-1 roundcube vulnerability

It was discovered that Roundcube Webmail did not properly sanitize the from parameter in a URL, leading to PHP Object Deserialization. A remote attacker could possibly use this issue to execute arbitrary code...

TencentOS Server 4: roundcubemail (TSSA-2025:0184)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0184 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Exploit for CVE-2025-49113

VIETNAMESE - ✅ Tính năng: Hỗ trợ upload payload.p...

Roundcube 1.6.10 - Remote Code Execution (RCE)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization', 'Description' = %q Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allo...