53 matches found
EUVD-2015-2287
Malware in sbrugna...
EUVD-2017-17076
Malware in sbrugna...
WordPress Access Category Password Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)
Software Access Category Password Type Plugin Vulnerable versions = 1.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32535 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c844ee6de29c Credits Dimas Maulana Required...
CVE-2023-47665
Unauth. Reflected Cross-Site Scripting XSS vulnerability in edwardplainview Plainview Protect Passwords plugin = 1.4 versions...
SUSE CVE-2015-2180
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password...
SUSE CVE-2015-2181
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the 1 password or 2 username...
SUSE CVE-2017-8114
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...
PT-2022-19383 · Jenkins · Jenkins +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mask Passwords Plugin versions 3.0 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability, which is exploitable by attackers with Item/Configure permission. This occurs because the plugin does no...
Updated roundcubemail packages fix security vulnerability
It was discovered that roundcubemail prior to 1.0.11 contained a vulnerability in the virtualmin and sasl drivers of the password plugin CVE-2017-8114...
MGASA-2017-0181 Updated roundcubemail packages fix security vulnerability
It was discovered that roundcubemail prior to 1.0.11 contained a vulnerability in the virtualmin and sasl drivers of the password plugin CVE-2017-8114...
Internet Bug Bounty: Roundcube virtualmin privilege escalation (CVE-2017-8114)
Description Password plugin in its virtualmin driver allows to an attacker, that has a valid username/password to login in his web panel, to execute malicious inputs. This could allow to an attacker to reset victim's password and in some scenarios getting a system shell. CVE CVE-2017-8114 Details...
CVE-2017-8114
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...
DEBIAN-CVE-2017-8114
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...
ALPINE-CVE-2017-8114
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...
UBUNTU-CVE-2017-8114
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...
PT-2017-18124
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.0.11 Roundcube Webmail versions 1.1.x before 1.1.9 Roundcube Webmail versions 1.2.x before 1.2.5 Description The issue allows arbitrary password resets by authenticated users due to an improperly restricte...
Roundcube Password Plugin Code Execution Vulnerability
Roundcube is a browser-based IMAP client that supports address book management, message searching, spell checking and more. A security vulnerability exists in the DBMail driver for Roundcube's Password plugin. A remote attacker can exploit the vulnerability to submit special shell metacharacters ...
Roundcube Password Plugin Buffer Overflow Vulnerability
Roundcube is a browser-based IMAP client that supports address book management, message searching, spell checking and more. A buffer overflow vulnerability exists in the DBMail driver for Roundcube's Password plugin. A remote attacker could exploit the vulnerability to submit a special request th...
Default credentials
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password...
DEBIAN-CVE-2015-2180
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password...