2031 matches found
Exploit for CVE-2025-49113
CVE-2025-49113 PoC Repository Overview of CVE-2025-49113 C...
Vulnerability fixed in Roundcube Webmail
Roundcube has fixed a vulnerability in Roundcube Webmail specifically versions before 1.5.10 and 1.6.x before 1.6.11. An authenticated malicious party can exploit the vulnerability to execute arbitrary code. To do so, the malicious party must send a rogue HTTP request to the Roundcube application...
VulnCheck KEV: CVE-2024-42009
RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php...
Exploit for CVE-2025-49113
📧 Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserializat...
VulnCheck KEV: CVE-2025-49113
RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php...
The vulnerability of the RoundCube Webmail email client stems from deficiencies in the deserialization mechanism when processing the _from parameter. This allows attackers to execute arbitrary code.
The vulnerability of the RoundCube Webmail email client is related to deficiencies in the deserialization mechanism when processing the from parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...
FreeBSD : Post-Auth Remote Code Execution found in Roundcube Webmail (0d6094a2-4095-11f0-8c92-00d861a0e66d)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0d6094a2-4095-11f0-8c92-00d861a0e66d advisory. Roundcube Webmail reports: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v Tenable...
Exploit for CVE-2025-49113
CVE-2025-49113 Detection NOTE This template has now been...
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code
Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code. The vulnerability, tracked as CVE-2025-49113 , carries a CVSS sco...
SUSE CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
Debian: Security Advisory (DSA-5934-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5934-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5934-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 02, 2025 https://www.debian.org/security/faq -...
CVE-2025-49113
A flaw was found in Roundcube Webmail. This vulnerability allows remote code execution by authenticated users via PHP object deserialization through unvalidated from parameter in upload.php. Mitigation To mitigate this vulnerability, update Roundcube Webmail to version 1.5.10 or 1.6.11, which...
GHSA-8J8W-WWQC-X596 Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
DEBIAN-CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
UBUNTU-CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...