Roundcube Community Forum

News and Announcements => General Discussion => Topic started by: bigworm on March 20, 2009, 09:31:16 AM

Title: html2text conversion script vulnerability
Post by: bigworm on March 20, 2009, 09:31:16 AM

I have several old versions of roundcube deployed for clients.  Recently two of them were compromised using this vulnerability.  My fault for not staying up to date, I think I even emailed myself the security update bulletin just never did it.

At any rate, the vulnerability was used to create an adware serving system.

My real question is this, contained in the adware directory are some large text files that I deduce the adware author used to rotate links etc., these files contain links to other compromised roundcube sites.

What would be the best way to go about the process of notifying these admins??

Title: html2text conversion script vulnerability
Post by: bigworm on November 10, 2009, 07:17:18 PM

wow no suggestions..

Title: html2text conversion script vulnerability
Post by: rosali on November 11, 2009, 07:49:43 AM

Please contact devs @ Roundcube - Mailing Lists (http://lists.roundcube.net/dev/)