Filtered by vendor Roundcube
Subscriptions
Filtered by product Webmail
Subscriptions
Total
65 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5383 | 1 Roundcube | 2 Roundcube Webmail, Webmail | 2024-11-21 | N/A |
| Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory. | ||||
| CVE-2015-5382 | 1 Roundcube | 2 Roundcube Webmail, Webmail | 2024-11-21 | N/A |
| program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard. | ||||
| CVE-2015-5381 | 1 Roundcube | 2 Roundcube Webmail, Webmail | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. | ||||
| CVE-2015-2181 | 1 Roundcube | 1 Webmail | 2024-11-21 | N/A |
| Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username. | ||||
| CVE-2015-2180 | 1 Roundcube | 1 Webmail | 2024-11-21 | N/A |
| The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password. | ||||