Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
RoundcubeWebmail0.2

16 matches found

CVE
CVEadded 2013/11/05 6:55 p.m.83 views

CVE-2013-6172

steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.

7.5CVSS7.8AI score0.01114EPSS
CVE
CVEadded 2014/02/08 12:55 a.m.60 views

CVE-2013-1904

Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploit...

5CVSS6.5AI score0.00402EPSS
CVE
CVEadded 2011/11/03 3:55 p.m.50 views

CVE-2011-4078

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CV...

5CVSS6.8AI score0.01085EPSS
CVE
CVEadded 2012/08/25 10:29 a.m.50 views

CVE-2012-3507

Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.

2.6CVSS5.5AI score0.00407EPSS
CVE
CVEadded 2009/02/03 11:30 p.m.47 views

CVE-2009-0413

Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.

4.3CVSS5.5AI score0.00407EPSS
CVE
CVEadded 2011/04/08 3:17 p.m.44 views

CVE-2011-1491

The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-m...

3.5CVSS5.6AI score0.0039EPSS
CVE
CVEadded 2013/02/24 9:55 p.m.44 views

CVE-2012-6121

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.

4.3CVSS5.4AI score0.00407EPSS
CVE
CVEadded 2008/12/17 2:30 a.m.43 views

CVE-2008-5620

RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.

7.8CVSS6.2AI score0.00568EPSS
CVE
CVEadded 2010/01/29 6:30 p.m.43 views

CVE-2010-0464

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.

5CVSS6.3AI score0.0026EPSS
CVE
CVEadded 2011/09/21 4:55 p.m.43 views

CVE-2011-2937

Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

4.3CVSS5.9AI score0.00665EPSS
CVE
CVEadded 2009/11/25 10:0 p.m.42 views

CVE-2009-4076

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.

6.8CVSS6.5AI score0.00212EPSS
CVE
CVEadded 2011/04/08 3:17 p.m.40 views

CVE-2011-1492

steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain...

5.5CVSS6.2AI score0.0039EPSS
CVE
CVEadded 2012/08/25 10:29 a.m.39 views

CVE-2012-4668

Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.

4.3CVSS5.8AI score0.05064EPSS
CVE
CVEadded 2009/11/25 10:0 p.m.37 views

CVE-2009-4077

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.

6.8CVSS6.9AI score0.00212EPSS
CVE
CVEadded 2013/08/29 12:7 p.m.37 views

CVE-2013-5645

Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to...

4.3CVSS5.2AI score0.00305EPSS
CVE
CVEadded 2012/06/04 3:55 p.m.34 views

CVE-2012-1253

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment.

2.6CVSS5.5AI score0.00254EPSS