Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-9846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled uid paramet...

8.8CVSS7.7AI score0.02289EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.26 views

Fedora 28 : roundcubemail (2018-c279b3696f)

Upstream announcement : Version 1.3.6 This is a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under...

8.8CVSS7.9AI score0.02289EPSS
Exploits0References2
OSV
OSV
added 2018/06/19 11:42 p.m.5 views

MGASA-2018-0288 Updated roundcubemail packages fix security vulnerability

Updated roundcubemail package fixes security vulnerability: This update fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. CVE-2018-9846...

8.8CVSS9AI score0.02289EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/04/30 12:0 a.m.26 views

Debian DSA-4181-1 : roundcube - security update

Andrea Basile discovered that the 'archive' plugin in roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize a user-controlled parameter, allowing a remote attacker to inject arbitrary IMAP commands and perform malicious actions. C Tenable Network Security...

8.8CVSS8AI score0.02289EPSS
Exploits0References5
Debian
Debian
added 2018/04/28 6:16 a.m.20 views

[SECURITY] [DSA 4181-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4181-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2018 https://www.debian.org/security/faq -...

6.8CVSS2AI score0.02289EPSS
Exploits0
Debian
Debian
added 2018/04/28 6:16 a.m.41 views

[SECURITY] [DSA 4181-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4181-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2018 https://www.debian.org/security/faq -...

8.8CVSS8.8AI score0.02289EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/04/23 12:0 a.m.35 views

Fedora 27 : roundcubemail (2018-57fbdb1cb5)

Upstream announcement : Version 1.3.6 This is a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under...

8.8CVSS7.9AI score0.02289EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/04/21 12:0 a.m.20 views

Fedora Update for roundcubemail FEDORA-2018-57fbdb1cb5

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.7AI score0.02289EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/04/16 12:0 a.m.38 views

FreeBSD : roundcube -- IMAP command injection vulnerability (48894ca9-3e6f-11e8-92f0-f0def167eeea)

Upstream reports : This update primarily fixes a recently discovered IMAP-cmd-injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846. C Tenable Network Security, Inc. The descriptive text and...

8.8CVSS7.8AI score0.02289EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2018/04/11 12:0 a.m.34 views

roundcube -- IMAP command injection vulnerability

Upstream reports: This update primarily fixes a recently discovered IMAP-cmd-injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846...

8.8CVSS2.2AI score0.02289EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/04/07 9:29 p.m.16 views

CVE-2018-9846

In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "uid" parameter in an archive.php task=mail&mbox=INBOX&action=plugin.move2archive request to perform an MX IMAP injection attack by placing an IMAP...

8.8CVSS7.2AI score0.02289EPSS
Exploits0References6
CVE
CVE
added 2018/04/07 9:0 p.m.97 views

CVE-2018-9846

CVE-2018-9846 affects Roundcube versions 1.2.0–1.3.5 with the archive plugin enabled. The root cause is improper sanitization of the user-controlled _uid parameter in archive.php (request _task=mail&_mbox=INBOX&_action=plugin.move2archive), allowing an MX/IMAP command injection by appending comma...

8.8CVSS8.7AI score0.02289EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder