Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2017/07/17 12:0 a.m.27 views

Fedora 26 : roundcubemail (2017-7263e7d321)

Roundcube Webmail 1.2.5 This is a security update to the stable version 1.2. It primarily fixes a recently discovered vulnerability in the virtualmin and sasl drivers of the password plugin plus adds a few cherry-picked bug fixes from upstream versions. A detailed list of changes is shown below...

8.8CVSS7.7AI score0.03471EPSS
Exploits1References2
Mageia
Mageia
added 2017/06/26 9:28 a.m.27 views

Updated roundcubemail packages fix security vulnerability

It was discovered that roundcubemail prior to 1.0.11 contained a vulnerability in the virtualmin and sasl drivers of the password plugin CVE-2017-8114...

8.8CVSS3AI score0.03471EPSS
Exploits1References2
OSV
OSV
added 2017/06/26 9:28 a.m.7 views

MGASA-2017-0181 Updated roundcubemail packages fix security vulnerability

It was discovered that roundcubemail prior to 1.0.11 contained a vulnerability in the virtualmin and sasl drivers of the password plugin CVE-2017-8114...

8.8CVSS8.7AI score0.03471EPSS
Exploits1References3
Hacker One
Hacker One
added 2017/06/21 3:42 p.m.128 views

Internet Bug Bounty: Roundcube virtualmin privilege escalation (CVE-2017-8114)

Description Password plugin in its virtualmin driver allows to an attacker, that has a valid username/password to login in his web panel, to execute malicious inputs. This could allow to an attacker to reset victim's password and in some scenarios getting a system shell. CVE CVE-2017-8114 Details...

6.5CVSS8.6AI score0.03471EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2017/05/16 12:0 a.m.24 views

openSUSE Security Update : roundcubemail (openSUSE-2017-580)

This update for roundcubemail fixes one security issues and two bugs. The following vulnerability was fixed : - CVE-2017-8114: Authenticated users may have reset arbitrary passwords boo1036955 The following upstream bugs were fixed : - Fix regression in LDAP fuzzy search where it always used pref...

8.8CVSS7.9AI score0.03471EPSS
Exploits1References2
CVE
CVE
added 2017/04/29 7:0 p.m.117 views

CVE-2017-8114

CVE-2017-8114: Roundcube Webmail vulnerability where authenticated users can arbitrarily reset passwords due to an improperly restricted exec call in the password plugin’s virtualmin and sasl drivers. Affected: <1.0.11, 1.1.x <1.1.9, 1.2.x

8.8CVSS8.5AI score0.03471EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder