Author Topic: Roundcube Vulnerability scanned by RIPS and CVE  (Read 4506 times)

Offline winstonhong

  • Newbie
  • *
  • Posts: 2
Roundcube Vulnerability scanned by RIPS and CVE
« on: June 30, 2015, 04:20:24 PM »
Hello Roundcube team.

Thank you very much for your wonderful product.

When I investigate the vulnerability of web applications, I found the potential PHP vulnerability of Roundcube.

Would you please try the following 3 approaches to test the vulnerability of Roundcube? Thanks.

(1) Security Vulnerability of Roundcube reported by CVE

http://www.cvedetails.com/vulnerability-list/vendor_id-8905/Roundcube.html

(2) Scan Roundcube source code using RIPS

http://rips-scanner.sourceforge.net/

(3) Scan Roundcube source code using PHP-Vulnerability-test-suite

https://github.com/stivalet/PHP-Vulnerability-test-suite


In the mean time, we will try to scan Roundcube webmail server using the following general approaches. We will report our result to you.

http://resources.infosecinstitute.com/14-popular-web-application-vulnerability-scanners/

Thank you for your attention.

Best regards,

Winston Hong
« Last Edit: July 01, 2015, 03:16:18 PM by winstonhong »

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: Roundcube Vulnerability scanned by RIPS and CVE
« Reply #1 on: June 30, 2015, 06:24:04 PM »
All known vulnerability in Roundcube have been patched, make sure your testing the latest Roundcube version. If you do find any new vulnerability in the current version of Roundcube please report them.