Roundcube

Webmail

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.6

CVE-2012-1253

  • EPSS 0.25%
  • Veröffentlicht 04.06.2012 15:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment.

5

CVE-2011-4078

  • EPSS 0.86%
  • Veröffentlicht 03.11.2011 15:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject he...

4.3

CVE-2011-2937

Exploit
  • EPSS 0.55%
  • Veröffentlicht 21.09.2011 16:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

5.5

CVE-2011-1492

  • EPSS 0.39%
  • Veröffentlicht 08.04.2011 15:17:28
  • Zuletzt bearbeitet 11.04.2025 00:51:21

steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP...

3.5

CVE-2011-1491

  • EPSS 0.39%
  • Veröffentlicht 08.04.2011 15:17:28
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login ...

5

CVE-2010-0464

  • EPSS 0.26%
  • Veröffentlicht 29.01.2010 18:30:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requ...

6.8

CVE-2009-4077

  • EPSS 0.21%
  • Veröffentlicht 25.11.2009 22:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerabilit...

6.8

CVE-2009-4076

  • EPSS 0.21%
  • Veröffentlicht 25.11.2009 22:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerabil...

4.3

CVE-2009-0413

  • EPSS 0.41%
  • Veröffentlicht 03.02.2009 23:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.

7.8

CVE-2008-5620

  • EPSS 0.57%
  • Veröffentlicht 17.12.2008 02:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.