Roundcube

Webmail

71 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2017-6820

  • EPSS 0.56%
  • Veröffentlicht 12.03.2017 05:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.

8.8

CVE-2015-2181

Exploit
  • EPSS 0.76%
  • Veröffentlicht 30.01.2017 22:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.

9

CVE-2015-2180

Exploit
  • EPSS 2.74%
  • Veröffentlicht 30.01.2017 22:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.

6.1

CVE-2016-4552

Exploit
  • EPSS 0.28%
  • Veröffentlicht 20.12.2016 22:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.

7.5

CVE-2016-9920

Exploit
  • EPSS 44.83%
  • Veröffentlicht 08.12.2016 18:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which ...

8.8

CVE-2016-4069

  • EPSS 1.13%
  • Veröffentlicht 25.08.2016 18:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified ve...

6.1

CVE-2015-8793

Exploit
  • EPSS 0.28%
  • Veröffentlicht 29.01.2016 19:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a differ...

3.5

CVE-2015-8105

  • EPSS 0.18%
  • Veröffentlicht 10.11.2015 17:59:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.

4.3

CVE-2015-1433

Exploit
  • EPSS 0.59%
  • Veröffentlicht 03.02.2015 16:59:24
  • Zuletzt bearbeitet 12.04.2025 10:46:40

program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.

6.8

CVE-2014-9587

  • EPSS 3.76%
  • Veröffentlicht 15.01.2015 15:59:21
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) ...