CVE-2008-5620

RoundCube Webmail roundcubemail before 0.2-beta allows remote attackers to cause a denial of service memory consumption via crafted size parameters that are used to create a large quota image...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2008-5620

RoundCube Webmail roundcubemail before 0.2-beta allows remote attackers to cause a denial of service memory consumption via crafted size parameters that are used to create a large quota image...

DEBIAN-CVE-2008-5620

RoundCube Webmail roundcubemail before 0.2-beta allows remote attackers to cause a denial of service memory consumption via crafted size parameters that are used to create a large quota image...

Hardcoded credentials

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2008-5620

CVE-2008-5620 affects RoundCube Webmail (roundcubemail) prior to 0.2-beta. The vulnerability allows remote attackers to cause a denial of service via crafted size parameters used to generate a quota image, leading to memory consumption. Public references in the initial entry point to a DoS scenar...

CVE-2008-5620

RoundCube Webmail roundcubemail before 0.2-beta allows remote attackers to cause a denial of service memory consumption via crafted size parameters that are used to create a large quota image...

CVE-2008-5620

RoundCube Webmail roundcubemail before 0.2-beta allows remote attackers to cause a denial of service memory consumption via crafted size parameters that are used to create a large quota image...

CVE-2008-5619

CVE-2008-5619 affects RoundCube Webmail (versions 0.2-1 alpha and 0.2-3 beta) via the html2text.php integration that uses the chuggnutt HTML-to-text library. The underlying issue is the use of preg_replace with the eval modifier, allowing remote code execution when crafted input is processed. Exp...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

[SECURITY] Fedora 10 Update: roundcubemail-0.2-4.beta.fc10

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 8 Update: roundcubemail-0.2-4.beta.fc8

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

roundcube -- remote execution of arbitrary code

Entry for CVE-2008-5619 says: html2text.php in RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with the eval switch...

[SECURITY] Fedora 8 Update: roundcubemail-0.2-0.alpha.fc8

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 9 Update: roundcubemail-0.2-0.alpha.fc9

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 7 Update: roundcubemail-0.2-0.alpha.fc7.1

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

RoundCube Webmail cross-site request forgery vulnerability

Overview RoundCube Webmail from the RoundCube Project contains a cross-site request forgery vulnerability. RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information...

Unsanitized scripting in RoundCube webmail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Site address: http://roundcube.net/ Roundcube webmail does not sanitize Microsoft Internet Explorer scripting issues reported by Yosuke Hasegawa. Author was contacted on 2007-05-11. I haven't received any response and current 2007-12-09 code is still...