Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-6172HistoryNov 05, 2013 - 6:55 p.m.
CVE-2013-6172
2013-11-0518:55:06
Debian Security Bug Tracker
security-tracker.debian.org
7
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.016
Percentile
87.6%
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | roundcube | < 0.9.4-1.1 | roundcube_0.9.4-1.1_all.deb |
| Debian | 11 | all | roundcube | < 0.9.4-1.1 | roundcube_0.9.4-1.1_all.deb |
| Debian | 999 | all | roundcube | < 0.9.4-1.1 | roundcube_0.9.4-1.1_all.deb |
| Debian | 13 | all | roundcube | < 0.9.4-1.1 | roundcube_0.9.4-1.1_all.deb |
Related
fedora
fedora
[SECURITY] Fedora 19 Update: roundcubemail-0.9.5-1.fc19
2013-10-26 00:56:27
[SECURITY] Fedora 20 Update: roundcubemail-0.9.5-1.fc20
2013-11-10 07:15:11
[SECURITY] Fedora 18 Update: roundcubemail-0.9.5-1.fc18
2013-10-31 02:59:02
mageia
mageia
Updated roundcubemail package fixes security vulnerability
2013-11-18 18:35:57
openvas
openvas
Mageia: Security Advisory (MGASA-2013-0325)
2022-01-28 00:00:00
Fedora Update for roundcubemail FEDORA-2013-19729
2013-10-28 00:00:00
Fedora Update for roundcubemail FEDORA-2013-19729
2013-10-28 00:00:00
nessus
nessus
Fedora 19 : roundcubemail-0.9.5-1.fc19 (2013-19729)
2013-10-27 00:00:00
Fedora 18 : roundcubemail-0.9.5-1.fc18 (2013-19745)
2013-10-31 00:00:00
GLSA-201402-15 : Roundcube: Arbitrary code execution
2014-02-12 00:00:00
cvelist
cvelist
CVE-2013-6172
2013-11-05 18:00:00
osv
osv
roundcube - design error
2013-10-27 00:00:00
roundcubemail-1.2.3-1.1 on GA media
2024-06-15 00:00:00
cve
cve
CVE-2013-6172
2013-11-05 18:55:06
gentoo
gentoo
Roundcube: Arbitrary code execution
2014-02-11 00:00:00
prion
prion
Sql injection
2013-11-05 18:55:00
securityvulns
securityvulns
[ MDVSA-2013:263 ] roundcubemail
2013-12-09 00:00:00
debian
debian
[SECURITY] [DSA 2787-1] roundcube security update
2013-10-27 08:53:13
[SECURITY] [DSA 2787-1] roundcube security update
2013-10-27 08:53:13
[BSA-085] Security Update for roundcube
2013-11-12 21:33:26
nvd
nvd
CVE-2013-6172
2013-11-05 18:55:06
ubuntucve
ubuntucve
CVE-2013-6172
2013-11-05 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.016
Percentile
87.6%
Related for DEBIANCVE:CVE-2013-6172