2 matches found
DEBIAN-CVE-2016-9920
steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute...
PT-2016-7880
Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.1.7 Roundcube versions 1.2.x prior to 1.2.3 Description The issue allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message. This is due to the...