Vulnerabilities > Roundcube
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-01-29 | CVE-2010-0464 | Information Exposure vulnerability in Roundcube Webmail Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. | 5.0 |
| 2009-11-25 | CVE-2009-4077 | Cross-Site Request Forgery (CSRF) vulnerability in Roundcube Webmail Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076. | 6.8 |
| 2009-11-25 | CVE-2009-4076 | Cross-Site Request Forgery (CSRF) vulnerability in Roundcube Webmail Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077. | 6.8 |
| 2009-02-03 | CVE-2009-0413 | Cross-Site Scripting vulnerability in Roundcube Webmail 0.2 Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message. | 4.3 |
| 2008-12-17 | CVE-2008-5620 | Resource Management Errors vulnerability in Roundcube Webmail 0.1/0.1.1/0.2 RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image. | 7.8 |
| 2008-12-17 | CVE-2008-5619 | Code Injection vulnerability in Roundcube Webmail 0.2.1/0.2.3 html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. | 10.0 |
| 2007-12-12 | CVE-2007-6321 | Cross-Site Scripting vulnerability in Roundcube Webmail 0.1 Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands. | 4.3 |
| 2005-12-20 | CVE-2005-4368 | Information Exposure vulnerability in Roundcube Webmail roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. | 5.0 |