Lucene search
K
RoundcubeRoundcube Webmail

7 matches found

CVE
CVE
added 2017/05/23 3:56 a.m.568 views

CVE-2015-5383

Summary: CVE-2015-5383 affects Roundcube Webmail 1.1.x before 1.1.2, where a remote attacker can read files from the config, temp, or logs directories to obtain sensitive information. The root cause is an information-disclosure path that allows unintended access to local files. The vulnerability ...

7.5CVSS7.1AI score0.03767EPSS
CVE
CVE
added 2016/01/29 7:0 p.m.84 views

CVE-2015-8770

CVE-2015-8770 is a path traversal vulnerability in Roundcube’s skin handling. Specifically, the set_skin function in Roundcube’s rcmail_output_html.php (affected in versions prior to 1.0.8 and 1.1.x prior to 1.1.4) allows remote authenticated users with required permissions to read arbitrary file...

7.5CVSS7.5AI score0.22212EPSS
Web
CVE
CVE
added 2017/04/13 2:0 p.m.80 views

CVE-2016-4068

CVE-2016-4068 is an XSS vulnerability in Roundcube Webmail, affecting versions before 1.0.9 and 1.1.x before 1.1.5. An attacker can inject arbitrary script/HTML via a crafted SVG, enabling remote code execution in the context of the user’s browser. The issue stems from insufficient input validati...

6.1CVSS5.9AI score0.02481EPSS
CVE
CVE
added 2017/04/13 2:0 p.m.68 views

CVE-2015-8864

CVE-2015-8864 is an XSS vulnerability in Roundcube Webmail, exploitable through a crafted SVG. Affected products are Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5. The issue allows remote attackers to inject arbitrary web script or HTML. The description explicitly notes this is a separate...

6.1CVSS5.9AI score0.02648EPSS
CVE
CVE
added 2017/05/23 3:56 a.m.61 views

CVE-2015-5381

Summary: The CVE-2015-5381 entry affects Roundcube Webmail 1.1.x before 1.1.2, where a cross-site scripting (XSS) vulnerability exists in the file program/include/rcmail.php . A remote attacker can exploit this by supplying a crafted payload to the _mbox parameter at the default URI, enabling inj...

6.1CVSS6.1AI score0.02499EPSS
Web
CVE
CVE
added 2016/01/29 7:0 p.m.57 views

CVE-2015-8794

Roundcube Webmail contains an absolute path traversal vulnerability in program/steps/addressbook/photo.inc, affecting Roundcube before 1.0.6 and 1.1.x before 1.1.2. A remote authenticated user can read arbitrary files by supplying a full pathname in the _alt parameter during contact photo handlin...

6.5CVSS6.1AI score0.02119EPSS
Web
CVE
CVE
added 2017/05/23 3:56 a.m.54 views

CVE-2015-5382

The CVE-2015-5382 vulnerability affects Roundcube Webmail prior to 1.0.6 and 1.1.x prior to 1.1.2. Affected component: program/steps/addressbook/photo.inc. Root cause: information disclosure via the _alt parameter when uploading a vCard, allowing remote authenticated users to read arbitrary files...

6.5CVSS6.5AI score0.03268EPSS
Web