Description

Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.

Remediation

References

CVE-2015-2181

Related Vulnerabilities

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12438)

WordPress Plugin AccessPress Social Icons Multiple Cross-Site Scripting Vulnerabilities (1.5.5)

PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2007-4825)

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10101)

WordPress Plugin demon image annotation Cross-Site Request Forgery (4.7)

Severity

High

Classification

CVE-2015-2181 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities