Roundcube Webmail 1.6.x < 1.6.5 Cross-Site-Scripting

According to its self-reported version number, Roundcube Webmail is prior to 1.5.6 or 1.6.x prior to 1.6.5. Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability via a Content-Type or Content-Disposition header. Note that the scanner has not tested for these issues but has...

CVE-2001-1408

Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. dot dot in the mailbox parameter...