Debian: 2787-1: roundcube: design error
Oct29
on October 29, 2013
at 5:20 am
Posted In: Uncategorized
(Oct 27) It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and [More…]
Comment