Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-8770

Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php.

See the

CVE page on Mitre.org for more details.

References

MISC: http://packetstormsecu...
MISC: https://www.htbridge.c...
CONFIRM: http://trac.roundcube....
CONFIRM: http://trac.roundcube....
CONFIRM: https://roundcube.net/...
DEBIAN: DSA-3541
GENTOO: GLSA-201603-03
SUSE: openSUSE-SU-2016:0210
SUSE: openSUSE-SU-2016:0213
SUSE: openSUSE-SU-2016:0214
EXPLOIT-DB: 39245
BUGTRAQ: 20160113 Remote Code E...

Launchpad.net

CVE 2015-8770

Related bugs

References