47 matches found
CVE-2026-11789 389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash
A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...
CVE-2026-11789
Affected software : 389 Directory Server (389-ds-base). Vulnerable component : SMD5 password storage plugin. Root cause : unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read and LDAP server crash during authenticatio...
CVE-2026-35541
A flaw was found in Roundcube Webmail. Incorrect password comparison within the password plugin can lead to a type confusion vulnerability. This allows an attacker to change a user's password without needing to know the old password, potentially leading to unauthorized access to the user's webmai...
EUVD-2026-18585
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
Roundcube Webmail: Incorrect password comparison in the password plugin
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
GHSA-46PV-MJ2G-93GH Roundcube Webmail: Incorrect password comparison in the password plugin
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
UBUNTU-CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
CVE-2026-35541
Roundcube Webmail is affected in versions prior to 1.5.14 and 1.6.14 due to an incorrect password comparison in the password plugin, which can cause a type confusion and allow changing a password without the old one. Mitigation: upgrade to the patched releases (1.5.14 or 1.6.14); refer to the ass...
CVE-2026-35541
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
PT-2026-29980
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password...
Roundcube Webmail 安全漏洞
Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, etc. Versions prior to 1.5.14 and 1.6.14 of Roundcube Webmail had security vulnerabilities. These vulnerabilities were caused by improp...
EUVD-2015-2287
Malware in sbrugna...
EUVD-2017-17076
Malware in sbrugna...
WordPress Access Category Password Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)
Software Access Category Password Type Plugin Vulnerable versions = 1.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32535 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c844ee6de29c Credits Dimas Maulana Required...
CVE-2023-47665
Unauth. Reflected Cross-Site Scripting XSS vulnerability in edwardplainview Plainview Protect Passwords plugin = 1.4 versions...
SUSE CVE-2015-2180
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password...
SUSE CVE-2015-2181
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the 1 password or 2 username...