12 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-9846
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled uid paramet...
Fedora 28 : roundcubemail (2018-c279b3696f)
Upstream announcement : Version 1.3.6 This is a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under...
MGASA-2018-0288 Updated roundcubemail packages fix security vulnerability
Updated roundcubemail package fixes security vulnerability: This update fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. CVE-2018-9846...
Debian DSA-4181-1 : roundcube - security update
Andrea Basile discovered that the 'archive' plugin in roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize a user-controlled parameter, allowing a remote attacker to inject arbitrary IMAP commands and perform malicious actions. C Tenable Network Security...
[SECURITY] [DSA 4181-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4181-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2018 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4181-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4181-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 28, 2018 https://www.debian.org/security/faq -...
Fedora 27 : roundcubemail (2018-57fbdb1cb5)
Upstream announcement : Version 1.3.6 This is a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under...
Fedora Update for roundcubemail FEDORA-2018-57fbdb1cb5
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : roundcube -- IMAP command injection vulnerability (48894ca9-3e6f-11e8-92f0-f0def167eeea)
Upstream reports : This update primarily fixes a recently discovered IMAP-cmd-injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846. C Tenable Network Security, Inc. The descriptive text and...
roundcube -- IMAP command injection vulnerability
Upstream reports: This update primarily fixes a recently discovered IMAP-cmd-injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under CVE-2018-9846...
CVE-2018-9846
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "uid" parameter in an archive.php task=mail&mbox=INBOX&action=plugin.move2archive request to perform an MX IMAP injection attack by placing an IMAP...
CVE-2018-9846
CVE-2018-9846 affects Roundcube versions 1.2.0–1.3.5 with the archive plugin enabled. The root cause is improper sanitization of the user-controlled _uid parameter in archive.php (request _task=mail&_mbox=INBOX&_action=plugin.move2archive), allowing an MX/IMAP command injection by appending comma...