Debian: 2787-1: roundcube: design error

Posted by Ridcully on Oct 29, 2013 12:48 AM EDT
LinuxSecurity.com; By Benjamin D. Thomas 		Mail this story
Print this story

It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution.

Full Story

  Nav
» Read more about: Story Type: Security; Groups: Debian

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.