RSS   Vulnerabilities for 'Webmail'   RSS

2020-05-04
 
CVE-2020-12641

CWE-88
 

 
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

 
 
CVE-2020-12640

CWE-22
 

 
Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.

 
 
CVE-2020-12626

CWE-352
 

 
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.

 
 
CVE-2020-12625

CWE-79
 

 
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.

 
2019-08-19
 
CVE-2019-15237

CWE-20
 

 
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.

 
2019-04-07
 
CVE-2019-10740

CWE-noinfo
 

 
In Roundcube Webmail 1.3.4, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.

 
2018-05-16
 
CVE-2017-17688

CWE-noinfo
 

 
** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification.

 
2018-04-07
 
CVE-2018-9846

CWE-20
 

 
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism.

 
2018-03-13
 
CVE-2018-1000072

CWE-732
 

 
iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in Beta: 0.9.8-BETA1, Stable: 0.9.7.

 
 
CVE-2018-1000071

CWE-732
 

 
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.

 


Copyright 2020, cxsecurity.com

 

Back to Top