Launchpad CVE tracker

CVE 2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.

Related bugs and status

CVE-2008-5619 (Candidate) is related to these bugs:

Bug #316550: [CVE-2008-5619] [CVE-2008-5620] - Roundcube vulnerable and actively exploited

		In	Importance	Status
316550	[CVE-2008-5619] [CVE-2008-5620] - Roundcube vulnerable and actively exploited	roundcube (Ubuntu)	High	Fix Released
316550	[CVE-2008-5619] [CVE-2008-5620] - Roundcube vulnerable and actively exploited	roundcube (Debian)	Unknown	Fix Released
316550	[CVE-2008-5619] [CVE-2008-5620] - Roundcube vulnerable and actively exploited	roundcube (Ubuntu Hardy)	High	Fix Released
316550	[CVE-2008-5619] [CVE-2008-5620] - Roundcube vulnerable and actively exploited	roundcube (Ubuntu Intrepid)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://trac.roundcube....
CONFIRM: http://sourceforge.net...
CONFIRM: http://trac.roundcube....
FEDORA: FEDORA-2008-11220
FEDORA: FEDORA-2008-11234
MLIST: [oss-security] 2008121...
SECUNIA: 33170
CONFIRM: http://mahara.org/inte...
SECUNIA: 33145
SECUNIA: 34789
OSVDB: 53893
VUPEN: ADV-2008-3419
VUPEN: ADV-2008-3418
CONFIRM: https://github.com/PHP...
EXPLOIT-DB: 7549
EXPLOIT-DB: 7553
BUGTRAQ: 20081222 POC for CVE-2...

Launchpad.net

CVE 2008-5619

Related bugs and status

Related bugs

References