67 matches found
CVE-2015-2181
CVE-2015-2181 affects Roundcube including the Password plugin DBMail driver. The vulnerability is a buffer overflow in the DBMail driver that exists in Roundcube before version 1.1.0 and could allow remote attackers to cause unspecified impact via the password or username fields. The connected do...
CVE-2015-2181
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the 1 password or 2 username...
CVE-2015-2181
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the 1 password or 2 username...
CVE-2015-2180
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password...
CVE-2015-2180
The CVE-2015-2180 issue affects Roundcube’s Password plugin: the DBMail driver accepts a password containing shell metacharacters, enabling remote command execution. This is tied to Roundcube versions before 1.1.0. Reported CVSS scores indicate a HIGH impact (up to 8.8–9.0) with network access, l...
CVE-2015-2180
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password...
openSUSE Security Update : roundcubemail (openSUSE-2016-1419)
roundcubemail was updated to version 1.1.7 and fixes the following issues : - Update to 1.1.7 - A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command boo1012493 - A maliciously crafted email could cause untrusted code to be executed cross site scriptin...
Security update for roundcubemail (important)
roundcubemail was updated to version 1.1.7 and fixes the following issues: - Update to 1.1.7 A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command boo1012493 A maliciously crafted email could cause untrusted code to be executed cross site scripting usi...
openSUSE Security Update : roundcubemail (openSUSE-2016-1011)
This update for roundcubemail updates roundcubemail to 1.0.9 and fixes the following issues : - CVE-2015-8864 XSS issue in SVG image handling boo976988 - CVE-2015-2181 Security issue in DBMail driver of password plugin %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
openSUSE Security Update : roundcubemail (openSUSE-2016-996)
This update for roundcubemail fixes the following vulnerabilities : - CVE-2015-8864: XSS issue in SVG images handling boo976988 - CVE-2015-2181: issue in DBMail driver of password plugin Roundcubemail was also updated to 1.0.9, fixing the following bugs : - Fix a regression where some contact dat...
SQL Injection Vulnerability in Remote DBMail Mail Server
DBMail is a database-enabled enterprise mail system developed by TeleSoft. A SQL injection vulnerability exists in Telezine DBMail Mail Server V5.0 updated 2016.07.08. The vulnerability is allowed to be exploited by an attacker to gain access to sensitive database information...
Updated roundcubemail packages fix security vulnerabilities
Updated roundcubemail packages fix security vulnerabilities: More security issues in the DBMail driver for the password plugin, related to CVE-2015-2181. XSS issue in SVG images handling CVE-2015-8864. Lack of protection for attachment download URLs against CSRF CVE-2016-4069. The roundcubemail...
MGASA-2016-0155 Updated roundcubemail packages fix security vulnerabilities
Updated roundcubemail packages fix security vulnerabilities: More security issues in the DBMail driver for the password plugin, related to CVE-2015-2181. XSS issue in SVG images handling CVE-2015-8864. Lack of protection for attachment download URLs against CSRF CVE-2016-4069. The roundcubemail...
MGASA-2015-0400 Updated roundcubemail package fixes security vulnerabilities
Multiple security issues in the DBMail driver for the password plugin, including buffer overflows CVE-2015-2181 and the ability for a remote attacker to execute arbitrary shell commands as root CVE-2015-2180. An authenticated user can download arbitrary files from the web server that the web serv...
Updated roundcubemail package fixes security vulnerabilities
Multiple security issues in the DBMail driver for the password plugin, including buffer overflows CVE-2015-2181 and the ability for a remote attacker to execute arbitrary shell commands as root CVE-2015-2180. An authenticated user can download arbitrary files from the web server that the web serv...
openSUSE Security Update : roundcubemail (openSUSE-2015-454)
roundcubemail was updated to version 1.0.6 to fix many minor bugs and two security issues. The security-related fixes in particular are : - security improvement in DBMail driver of password plugin - security improvement in contact photo handling %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
DBMail 'dm_db.c' CRAM-MD5 Authentication Bypass Vulnerability
Dbmail is a collection of programs that allow retrieving and storing mail from databases and can use MySQL, PostgreSQL and SQLite as database backends. An authentication bypass vulnerability exists in DBMail, which can be exploited by an attacker to bypass the authentication mechanism and perform...
Fedora Update for dbmail FEDORA-2008-3371
Check for the Version of dbmail OpenVAS Vulnerability Test Fedora Update for dbmail FEDORA-2008-3371 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Fedora Update for dbmail FEDORA-2008-3333
Check for the Version of dbmail OpenVAS Vulnerability Test Fedora Update for dbmail FEDORA-2008-3333 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Fedora Update for dbmail FEDORA-2008-4245
Check for the Version of dbmail OpenVAS Vulnerability Test Fedora Update for dbmail FEDORA-2008-4245 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...