CVE-2013-6172

Related Files

Gentoo Linux Security Advisory 201402-15

Posted Feb 11, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-15 - A vulnerability in Roundcube could result in arbitrary code execution, SQL injection, or reading of arbitrary files. Versions less than 0.9.5 are affected.

tags | advisory, arbitrary, code execution, sql injection

systems | linux, gentoo

advisories | CVE-2013-6172

SHA-256 | 5be19c7fe318cdac4f395b199c65d5c4a701c798827254d2a3ea10f68f9f1b22

Download | Favorite | View

Mandriva Linux Security Advisory 2013-263

Posted Oct 30, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-263 - It was discovered that roundcube does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution. The updated packages have been patched to correct this issue.

tags | advisory, code execution

systems | linux, mandriva

advisories | CVE-2013-6172

SHA-256 | 8d50b6112b0546125f273c950799e408ec087e55a01ae26499b797a02f8ab996

Download | Favorite | View

Debian Security Advisory 2787-1

Posted Oct 28, 2013

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2787-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution.

tags | advisory, imap, code execution

systems | linux, debian

advisories | CVE-2013-6172

SHA-256 | 16835cafc45de428b561f8da656aead6d60655755a053be0641fc356c2a3e1f6

Download | Favorite | View