roundcube -- webmail script insertion and php code injection

Secunia reports: Some vulnerabilities have been reported in RoundCube Webmail, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks and compromise a vulnerable system. The HTML "background" attribute within e.g. HT...

[Backports-security-announce] Security update for roundcube

Hi, Ive just uploaded new roundcube packages to etch-backports fixing the security issues listed below. Please note that these are remote exploitable issues and an upgrade is highly recommended. Fix a vulnerability in quota image generation. This fixes CVE-2008-5620. Thanks to Nico Golde for...

FreeBSD : roundcube -- remote execution of arbitrary code (8f483746-d45d-11dd-84ec-001fc66e7203)

Entry for CVE-2008-5619 says : html2text.php in RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with the eval switch. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...

Roundcube Webmail 0.2-3 Beta - Code Execution

Roundcube Webmail 0.2-3 Beta - Code Execution Public Release Date of POC: 2008-12-22 Author: Jacobo Avariento Gimeno Sofistic CVE id: CVE-2008-5619 Bugtraq id: 32799 Severity: Critical Vulnerability reported by: RealMurphy Intro ---- Roundcube Webmail is a browser-based IMAP client that uses...

DEBIAN-CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

Hardcoded credentials

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

roundcube -- remote execution of arbitrary code

Entry for CVE-2008-5619 says: html2text.php in RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with the eval switch...

CVE-2008-5090

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the pregreplace function with the eval switch...

Analysis of a php exploit code-exploit warning-the black bar safety net

A few days ago to see a period of interesting code, records. First introduced to the php in a famous function pregreplace, which prototype is: mixed pregreplace mixed pattern, mixed replacement, mixed subject , int limit This function is an interesting place to be: as long as the first parameter...

WebSVN <= 2.0 (XSS/FH/CE) Multiple Remote Vulnerabilities

No description provided by source. WebSVN = 2.0 Multiple Vulnerabilities October 20, 2008 Vendor : Tim Armes URL : http://websvn.tigris.org Version : WebSVN = 2.0 Risk : Multiple Vulnerabilities Description: WebSVN is an online SVN repository viewer. The description taken from the project website...

Advanced Electron Forum <= 1.0.6 Remote Code Execution Vulnerability

No description provided by source. GulfTech Security Research September 20, 2008 Vendor : Electron Inc. URL : http://www.anelectron.com/ Version : AEF Forum = 1.0.6 Risk : Remote Code Execution Description: Advanced Electron Forum also known as AEF Forum is a full featured online forum system...

Advanced Electron Forum 1.0.6 - Remote Code Execution

GulfTech Security Research September 20, 2008 Vendor : Electron Inc. URL : http://www.anelectron.com/ Version : AEF Forum = 1.0.6 Risk : Remote Code Execution Description: Advanced Electron Forum also known as AEF Forum is a full featured online forum system written in php that allows webmasters...

Advanced Electron Forum <= 1.0.6 Remote Code Execution Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Advanced Electron Forum = 1.0.6 Remote Code Execution Vulnerability ==================================================================== GulfTech Security Research...

Zeroboard preg_replace() vulnerability Remote nobody exploit

No description provided by source. / ---------------------------------------------------------------------------------- + Zeroboard pregreplace vulnerability Remote nobody shell exploit ---------------------------------------------------------------------------------- by n0gada [email protected]...

phpBB viewtopic.php Arbitrary Code Execution

This module exploits two arbitrary PHP code execution flaws in the phpBB forum system. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject arbitrary code via pregreplace. This vulnerability was introduced in...

CuteNews 1.1.1 (html.php) Remote Code Execution Vulnerability

No description provided by source. ---- CuteNews Remote Code Execution ... ITDefence.ru Antichat.ru Strawberry CuteNews Remote Code Execution Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ &nbs...