Author Topic: html2text conversion script vulnerability  (Read 3243 times)

Offline bigworm

  • Newbie
  • *
  • Posts: 4
html2text conversion script vulnerability
« on: March 20, 2009, 09:31:16 AM »
I have several old versions of roundcube deployed for clients.  Recently two of them were compromised using this vulnerability.  My fault for not staying up to date, I think I even emailed myself the security update bulletin just never did it.

At any rate, the vulnerability was used to create an adware serving system.

My real question is this, contained in the adware directory are some large text files that I deduce the adware author used to rotate links etc., these files contain links to other compromised roundcube sites.

What would be the best way to go about the process of notifying these admins??

Offline bigworm

  • Newbie
  • *
  • Posts: 4
html2text conversion script vulnerability
« Reply #1 on: November 10, 2009, 07:17:18 PM »
wow no suggestions..

Offline rosali

  • Hero Member
  • *****
  • Posts: 2,533
html2text conversion script vulnerability
« Reply #2 on: November 11, 2009, 07:49:43 AM »
Please contact devs @ Roundcube - Mailing Lists
Regards,
Rosali
__________________
MyRoundcube Project (commercial)