Thomas Bruederli

3 exploits Active since Aug 2016
CVE-2016-4069 WRITEUP HIGH WRITEUP
Roundcube Webmail <1.1.5 - CSRF
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified vectors.
CVSS 8.8
CVE-2015-5383 WRITEUP HIGH WRITEUP
Roundcube Webmail <1.1.2 - Info Disclosure
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
CVSS 7.5
CVE-2017-6820 WRITEUP MEDIUM WRITEUP
Roundcube Webmail < 1.1.8 and 1.2.x < 1.2.4 - Cross-Site Scripting via SVG CSS Token Sequence
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
CVSS 6.1