22 matches found
EUVD-2020-7549
Malware in sbrugna...
EUVD-2011-4029
Malware in sbrugna...
EUVD-2011-1495
Malware in sbrugna...
EUVD-2012-5988
Malware in sbrugna...
EUVD-2015-5338
Malware in sbrugna...
ROS-20250703-09
Vulnerability of RoundCube Webmail mail client is related to flaws in deserialization mechanism of from parameter processing. processing the from parameter. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code by sending a specially crafted request...
USN-7584-1: Roundcube vulnerability
It was discovered that Roundcube Webmail did not properly sanitize the from parameter in a URL, leading to PHP Object Deserialization. A remote attacker could possibly use this issue to execute arbitrary code...
PT-2025-24632 · Undefined · Undefined
CISA has just added three new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog: Erlang OTP CVE-2024-39992 OpenSSH CVE-2024-39993 Roundcube Webmail CVE-2024-39994 These vulnerabilities are actively being exploited in the wild and must be patched by June 25, 2025, as per Binding...
Roundcube Webmail Deserialization Vulnerability
RoundCube Webmail is a browser-based open source multi-language IMAP client , using PHP + Ajax development , to provide a desktop application-like interface and complete mail management features . Roundcube Webmail has a deserialization vulnerability , the vulnerability stems from the...
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
Roundcube Webmail RCE Vulnerability (Jun 2025) - Windows
Roundcube Webmail is prone to an authenticated remote code execution RCE vulnerability via php object deserialization. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Roundcube Webmail 1.6.x < 1.6.3 Cross-Site-Scripting
According to its self-reported version number, Roundcube Webmail is prior to 1.4.14 or 1.5.x prior to 1.5.4 or 1.6.x prior to 1.6.3. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via text/plain e-mail messages with crafted links. Note that the scanner has not tested fo...
Roundcube Webmail < 1.4.14 Cross-Site-Scripting
According to its self-reported version number, Roundcube Webmail is prior to 1.4.14 or 1.5.x prior to 1.5.4 or 1.6.x prior to 1.6.3. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via text/plain e-mail messages with crafted links. Note that the scanner has not tested fo...
Roundcube Webmail Cross-Site Scripting Vulnerability
Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Mail, which originates from the smtp configuration in /installer/test.php. No details of the...
Roundcube Webmail Cross-Site Scripting Vulnerability (CNVD-2021-44696)
RoundCube Webmail is a browser-based, multi-language IMAP client with a desktop-like interface. A cross-site scripting vulnerability exists in linkrefaddindex in rcubestringreplacer.php in Roundcube Webmail, which can be exploited by an attacker via a specially crafted email...
PT-2020-5797
Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions 1.2.0 through 1.2.12 Roundcube Webmail versions 1.3.x through 1.3.15 Roundcube Webmail versions 1.4.x through 1.4.9 Description: An issue was discovered in Roundcube Webmail, where the linkref addindex function in...
CVE-2020-12641
rcubeimage.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for imconvertpath or imidentifypath...
PT-2025-23462
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.5.10 Roundcube Webmail versions 1.6.x prior to 1.6.11 Description Authenticated users can achieve remote code execution due to PHP Object Deserialization, a process where untrusted data is converted back...
PT-2020-6925
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.4.4 Description The issue exists due to the lack of protection of the web page structure in the im convert path and im identify path functions of the rcube image.php file in Roundcube Webmail. This allows ...
CVE-2015-8105
Cross-site scripting XSS vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload...