Roundcube Password Recovery plugin security vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in the Roundcube Password Recovery plugin version 1.2, which stems from a user enumeration vulnerability that could allo...

Roundcube Password Recovery plugin Authorization Issues Vulnerability

Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in the Roundcube Password Recovery plugin version 1.2, which stems from a flaw in the password recovery mechanism that...

PT-2023-23666 · Roundcube · Roundcube Password Recovery Plugin

Name of the Vulnerable Software and Affected Versions: Password Recovery plugin for Roundcube version 1.2 Description: The issue concerns the password recovery mechanism, which could allow a remote attacker to change an existing user's password by adding a 6-digit numeric token. Since the platfor...

PT-2023-23662 · Roundcube · Roundcube Password Recovery Plugin

Name of the Vulnerable Software and Affected Versions: Roundcube Password Recovery plugin version 1.2 Description: The issue allows a remote attacker to create a test script against the password recovery function to enumerate all users in the database. This is a user enumeration vulnerability in...

APT28 Leveraged Three Roundcube Exploits in Espionage Campaign

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT28 conducted a sophisticated campaign targeting prominent organizations in Ukraine. The campaign involved spear-phishing emails, and these attachments exploited vulnerabilities in the Roundcube webmai...

CISA Adds Six Known Exploited Vulnerabilities to Catalog

CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20887 VMware Aria Operations for Networks Command Injection Vulnerability CVE-2020-35730 Roundcube Webmail Cross-Site Scripting XSS Vulnerability CVE-2020-1264...

Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a cross-site scripting XSS vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkrefaddinindex in rcubestringreplacer.php...

Roundcube Webmail Remote Code Execution Vulnerability

Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

Roundcube Webmail SQL Injection Vulnerability

Roundcube Webmail is vulnerable to SQL injection via search or searchparams...

VulnCheck KEV: CVE-2021-44026

Roundcube Webmail is vulnerable to SQL injection via search or searchparams...

VulnCheck KEV: CVE-2020-12641

Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...

VulnCheck KEV: CVE-2020-35730

Roundcube Webmail contains a cross-site scripting XSS vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkrefaddinindex in rcubestringreplacer.php...

Debian: Security Advisory (DLA-737-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-1193-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-537-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-392-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-613)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2012-3507

Cross-site scripting XSS vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject...

SUSE CVE-2012-3508

Cross-site scripting XSS vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email...

SUSE CVE-2012-4668

Cross-site scripting XSS vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email...