Mandriva Linux Security Advisory MDVSA-2012:072
http://www.mandriva.com/security/
_______________________________________________________________________
Package : roundcubemail
Date : May 10, 2012
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Vulnerability reported by: RealMurphy
Intro
----
Roundcube Webmail is a browser-based IMAP client that uses
"chuggnutt.com HTML to Plain Text Conversion" library to convert
HTML text to plain text, this library uses the preg_replace PHP
function in an insecure manner.
Vulnerable versions:
Mandriva Linux Security Advisory MDVSA-2010:015
http://www.mandriva.com/security/
_______________________________________________________________________
Package : roundcubemail
Date : January 19, 2010
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Site address: http://roundcube.net/
Roundcube webmail does not sanitize Microsoft Internet Explorer
scripting issues reported by Yosuke Hasegawa. Author was contacted on
2007-05-11. I haven't received any response and current (2007-12-09)
code is still vulnerable.
Mandriva Linux Security Advisory MDVSA-2010:048
http://www.mandriva.com/security/
_______________________________________________________________________
Package : roundcubemail
Date : February 25, 2010
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
