Lucene search
K

67 matches found

CVE
CVE
added 2017/01/30 10:0 p.m.70 views

CVE-2015-2181

CVE-2015-2181 affects Roundcube including the Password plugin DBMail driver. The vulnerability is a buffer overflow in the DBMail driver that exists in Roundcube before version 1.1.0 and could allow remote attackers to cause unspecified impact via the password or username fields. The connected do...

8.8CVSS8.9AI score0.02867EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2017/01/30 10:0 p.m.46 views

CVE-2015-2181

Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the 1 password or 2 username...

8.8CVSS9.2AI score0.02867EPSS
Exploits1
Cvelist
Cvelist
added 2017/01/30 10:0 p.m.32 views

CVE-2015-2181

Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the 1 password or 2 username...

9.1AI score0.02867EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/01/30 10:0 p.m.26 views

CVE-2015-2180

The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password...

9AI score0.04714EPSS
Exploits1References2
CVE
CVE
added 2017/01/30 10:0 p.m.82 views

CVE-2015-2180

The CVE-2015-2180 issue affects Roundcube’s Password plugin: the DBMail driver accepts a password containing shell metacharacters, enabling remote command execution. This is tied to Roundcube versions before 1.1.0. Reported CVSS scores indicate a HIGH impact (up to 8.8–9.0) with network access, l...

9CVSS8.9AI score0.04714EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2017/01/30 10:0 p.m.56 views

CVE-2015-2180

The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password...

9CVSS9.1AI score0.04714EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2016/12/12 12:0 a.m.31 views

openSUSE Security Update : roundcubemail (openSUSE-2016-1419)

roundcubemail was updated to version 1.1.7 and fixes the following issues : - Update to 1.1.7 - A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command boo1012493 - A maliciously crafted email could cause untrusted code to be executed cross site scriptin...

8.8CVSS6.8AI score0.02867EPSS
Exploits1References6
OPENSUSE Linux
OPENSUSE Linux
added 2016/12/07 3:11 p.m.33 views

Security update for roundcubemail (important)

roundcubemail was updated to version 1.1.7 and fixes the following issues: - Update to 1.1.7 A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command boo1012493 A maliciously crafted email could cause untrusted code to be executed cross site scripting usi...

0.3AI score0.02867EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2016/08/23 12:0 a.m.30 views

openSUSE Security Update : roundcubemail (openSUSE-2016-1011)

This update for roundcubemail updates roundcubemail to 1.0.9 and fixes the following issues : - CVE-2015-8864 XSS issue in SVG image handling boo976988 - CVE-2015-2181 Security issue in DBMail driver of password plugin %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

8.8CVSS7AI score0.02867EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2016/08/22 12:0 a.m.26 views

openSUSE Security Update : roundcubemail (openSUSE-2016-996)

This update for roundcubemail fixes the following vulnerabilities : - CVE-2015-8864: XSS issue in SVG images handling boo976988 - CVE-2015-2181: issue in DBMail driver of password plugin Roundcubemail was also updated to 1.0.9, fixing the following bugs : - Fix a regression where some contact dat...

8.8CVSS6.9AI score0.02867EPSS
Exploits1References3
CNVD
CNVD
added 2016/07/18 12:0 a.m.3 views

SQL Injection Vulnerability in Remote DBMail Mail Server

DBMail is a database-enabled enterprise mail system developed by TeleSoft. A SQL injection vulnerability exists in Telezine DBMail Mail Server V5.0 updated 2016.07.08. The vulnerability is allowed to be exploited by an attacker to gain access to sensitive database information...

8.1AI score
Exploits0References1
Mageia
Mageia
added 2016/04/29 5:21 p.m.47 views

Updated roundcubemail packages fix security vulnerabilities

Updated roundcubemail packages fix security vulnerabilities: More security issues in the DBMail driver for the password plugin, related to CVE-2015-2181. XSS issue in SVG images handling CVE-2015-8864. Lack of protection for attachment download URLs against CSRF CVE-2016-4069. The roundcubemail...

8.8CVSS7.6AI score0.02713EPSS
Exploits0References4
OSV
OSV
added 2016/04/29 5:21 p.m.14 views

MGASA-2016-0155 Updated roundcubemail packages fix security vulnerabilities

Updated roundcubemail packages fix security vulnerabilities: More security issues in the DBMail driver for the password plugin, related to CVE-2015-2181. XSS issue in SVG images handling CVE-2015-8864. Lack of protection for attachment download URLs against CSRF CVE-2016-4069. The roundcubemail...

8.8CVSS7.7AI score0.02713EPSS
Exploits0References5
OSV
OSV
added 2015/10/14 8:28 p.m.10 views

MGASA-2015-0400 Updated roundcubemail package fixes security vulnerabilities

Multiple security issues in the DBMail driver for the password plugin, including buffer overflows CVE-2015-2181 and the ability for a remote attacker to execute arbitrary shell commands as root CVE-2015-2180. An authenticated user can download arbitrary files from the web server that the web serv...

9CVSS8.1AI score0.04714EPSS
Exploits2References7
Mageia
Mageia
added 2015/10/14 8:28 p.m.55 views

Updated roundcubemail package fixes security vulnerabilities

Multiple security issues in the DBMail driver for the password plugin, including buffer overflows CVE-2015-2181 and the ability for a remote attacker to execute arbitrary shell commands as root CVE-2015-2180. An authenticated user can download arbitrary files from the web server that the web serv...

9CVSS8.5AI score0.04714EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2015/06/29 12:0 a.m.18 views

openSUSE Security Update : roundcubemail (openSUSE-2015-454)

roundcubemail was updated to version 1.0.6 to fix many minor bugs and two security issues. The security-related fixes in particular are : - security improvement in DBMail driver of password plugin - security improvement in contact photo handling %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

5.4AI score
Exploits0
CNVD
CNVD
added 2015/01/04 12:0 a.m.4 views

DBMail 'dm_db.c' CRAM-MD5 Authentication Bypass Vulnerability

Dbmail is a collection of programs that allow retrieving and storing mail from databases and can use MySQL, PostgreSQL and SQLite as database backends. An authentication bypass vulnerability exists in DBMail, which can be exploited by an attacker to bypass the authentication mechanism and perform...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2009/02/17 12:0 a.m.12 views

Fedora Update for dbmail FEDORA-2008-3371

Check for the Version of dbmail OpenVAS Vulnerability Test Fedora Update for dbmail FEDORA-2008-3371 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

6.8CVSS6.4AI score0.02389EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/02/17 12:0 a.m.17 views

Fedora Update for dbmail FEDORA-2008-3333

Check for the Version of dbmail OpenVAS Vulnerability Test Fedora Update for dbmail FEDORA-2008-3333 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

6.8CVSS6.4AI score0.02389EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/02/17 12:0 a.m.13 views

Fedora Update for dbmail FEDORA-2008-4245

Check for the Version of dbmail OpenVAS Vulnerability Test Fedora Update for dbmail FEDORA-2008-4245 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

6.8CVSS6.4AI score0.02389EPSS
Exploits1References2
Rows per page
Query Builder