DLA-3577-1 roundcube - security update

Bulletin has no description...

Vulnerability fixed in Roundcube webmail

A vulnerability has been fixed in Roundcube webmail. A malicious party can exploit the vulnerability for a cross-site scripting attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. victim...

CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...

CVE-2023-43770

Roundcube Webmail vulnerability CVE-2023-43770 is a cross-site scripting (XSS) issue in Roundcube prior to 1.4.14, 1.5.x prior to 1.5.4, and 1.6.x prior to 1.6.3. The root cause is behavior in program/lib/Roundcube/rcube_string_replacer.php that allows XSS via crafted links in text/plain emails, ...

CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...

Debian dla-3577 : roundcube - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3577 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3577-1 [email protected] https://www.debian.org/lts/security/...

FreeBSD : Roundcube -- XSS vulnerability (b5508c08-547a-11ee-85eb-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b5508c08-547a-11ee-85eb-84a93843eb75 advisory. - The Roundcube webmail project reports: cross-site scripting XSS vulnerability in handling of linkrefs...

Roundcube -- XSS vulnerability

The Roundcube webmail project reports: cross-site scripting XSS vulnerability in handling of linkrefs in plain text messages...

Metasploit Weekly Wrap-Up

New module content 4 Roundcube TimeZone Authenticated File Disclosure Authors: joel, stonepresto, and thomascube Type: Auxiliary Pull request: 18286 contributed by cudalac Path: auxiliary/gather/roundcubeauthfileread AttackerKB reference: CVE-2017-16651 Description: This PR adds a module to...

Roundcube TimeZone Authenticated File Disclosure

Roundcube Webmail allows unauthorized access to arbitrary files on the host's filesystem, including configuration files. This affects all versions from 1.1.0 through version 1.3.2. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires...

CVE-2023-3222

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values...

CVE-2023-3222

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values...

CVE-2023-3221

User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database...

CVE-2023-3221

User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database...

Default credentials

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values...

CVE-2023-3222

The CVE-2023-3222 entry concerns the Password Recovery plugin for Roundcube (version 1.2). The vulnerability arises in the password recovery mechanism, allowing a remote attacker to change an existing user’s password by guessing a 6-digit numeric token, with no request-rate limiting. Affected com...

CVE-2023-3222 Vulnerability in the password recovery mechanism of Roundcube Password Recovery Plugin

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values...

CVE-2023-3221 User enumeration vulnerability in Roundcube Password Recovery Plugin

User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database...

CVE-2023-3221

CVE-2023-3221 affects Roundcube’s Password Recovery plugin (version 1.2). The vulnerability is a user enumeration flaw in the password recovery function, enabling a remote attacker to enumerate all users in the database. Impact is limited to information disclosure; exploitation status is not prov...

CVE-2023-3221 User enumeration vulnerability in Roundcube Password Recovery Plugin

User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database...