Roundcube: Multiple Vulnerabilities

Background Free and open source webmail software for the masses, written in PHP. Description Multiple vulnerabilities have been discovered in Roundcube. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...

PT-2020-3640 · Roundcube +3 · Roundcube Webmail +3

Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions prior to 1.3.12 Roundcube Webmail versions 1.4.x prior to 1.4.5 Description: The issue is related to insufficient protection measures for web page structures in Roundcube Webmail, allowing a remote attacker to impac...

Roundcube 1.2.2 Command Execution

Roundcube 1.2.2: Command Execution via Email ============================================ You can find the online version of the advisory here: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ Found by Robin Peraglie with RIPS Introduction ------------ Roundcube is a widely...

JVN#04288738: Active! mail vulnerable to information disclosure

Active! mail provided by TransWARE is a webmail software. Active! mail contains an information disclosure vulnerability. Impact If the "external public interface" is enabled, an attacker who can log into the server may obtain users credentials. Solution Restrict log-in to the server Allow...

ExtMail1.2 邮件系统跨站脚本漏洞（3P）

北洋贱队2009.12.31首发 Extmail 是一个以perl语言编写，面向大容量/ISP级应用，免费的高性能Webmail软件。 最新版本为1.2，检测出三出处跨站漏洞。 1.免费新用户注册的"signup.cgi"对‘domain’参数未进行参数过滤，构建恶意脚本代码作为参数数据，并诱使用户访问恶意链接，可触发恶意脚本代码在目标用户浏览器上执行，导致敏感信息泄漏。 demo:http://demo.extmail.org/extman/cgi/signup.cgi?domain=%22%3E%3Ciframe%20src=http://www.gohack.org%3E...