Roundcube Webmail vulnerabilities

CVE-2018-19206 [MEDIUM] CWE-79 CVE-2018-19206: steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrat steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of , as demonstrated by an onload attribute in a BODY element, within an HTML attachment.

CVE-2018-9846 [HIGH] CWE-20 CVE-2018-9846: In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's poss In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less

CVE-2018-1000071 [HIGH] CWE-732 CVE-2018-1000071: roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.

CVE-2017-16651 [HIGH] CWE-552 CVE-2017-16651: Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized acce Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active sess

CVE-2015-5383 [HIGH] CWE-200 CVE-2015-5383: Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by read Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.

CVE-2015-5381 [MEDIUM] CWE-79 CVE-2015-5381: Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x be Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

CVE-2015-5382 [MEDIUM] CWE-200 CVE-2015-5382: program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.

CVE-2017-8114 [HIGH] CWE-269 CVE-2017-8114: Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions bef Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.

CVE-2015-8864 [MEDIUM] CWE-79 CVE-2015-8864: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 al Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.

CVE-2016-4068 [MEDIUM] CVE-2016-4068: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 al Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.

CVE-2017-6820 [MEDIUM] CWE-79 CVE-2017-6820: rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scri rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.

CVE-2015-2180 [HIGH] CWE-74 CVE-2015-2180: The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execut The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.

CVE-2015-2181 [HIGH] CWE-119 CVE-2015-2181: Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allo Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.

CVE-2016-4552 [MEDIUM] CWE-79 CVE-2016-4552: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers t Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.

CVE-2016-9920 [HIGH] CWE-284 CVE-2016-9920: steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is con steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a craf

CVE-2016-4069 [HIGH] CWE-352 CVE-2016-4069: Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote atta Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.

CVE-2015-8793 [MEDIUM] CVE-2015-8793: Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937.

CVE-2015-8105 [LOW] CWE-79 CVE-2015-8105: Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.

CVE-2015-1433 [MEDIUM] CWE-79 CVE-2015-1433: program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, w program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.

CVE-2014-9587 [MEDIUM] CWE-352 CVE-2014-9587: Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow r Multiple cross-site request forgery (CSRF) vulnerabilities in Roundcube Webmail before 1.0.4 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to (1) address book operations or the (2) ACL or (3) Managesieve plugins.