Vulnerabilities > Roundcube > Webmail > 0.1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-04-08 | CVE-2011-1491 | Improper Input Validation vulnerability in Roundcube Webmail The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue. | 3.5 |
2010-01-29 | CVE-2010-0464 | Information Exposure vulnerability in Roundcube Webmail Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. | 5.0 |
2009-11-25 | CVE-2009-4077 | Cross-Site Request Forgery (CSRF) vulnerability in Roundcube Webmail Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076. | 6.8 |
2009-11-25 | CVE-2009-4076 | Cross-Site Request Forgery (CSRF) vulnerability in Roundcube Webmail Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077. | 6.8 |
2008-12-17 | CVE-2008-5620 | Resource Management Errors vulnerability in Roundcube Webmail 0.1/0.1.1/0.2 RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image. | 7.8 |