Roundcube Webmail@* Security Vulnerabilities and Issues — Roundcube Webmail@* CVE List

Lucene search

RoundcubeRoundcube Webmail*

5 matches found

CVE•added 2024/06/07 4:15 a.m.•121 views

CVE-2024-37385

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.

9.8CVSS9.8AI score0.93068EPSS

CVE•added 2016/01/29 7:59 p.m.•61 views

CVE-2015-8770

Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin...

7.5CVSS7.5AI score0.23361EPSS

CVE•added 2024/06/07 4:15 a.m.•61 views

CVE-2024-37384

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.

6.1CVSS6.1AI score0.00183EPSS

CVE•added 2016/01/29 7:59 p.m.•44 views

CVE-2015-8794

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.

6.5CVSS6.1AI score0.00288EPSS

CVE•added 2017/05/23 4:29 a.m.•36 views

CVE-2015-5382

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.

6.5CVSS6.5AI score0.01037EPSS