Hello Roundcube team.
Thank you very much for your wonderful product.
When I investigate the vulnerability of web applications, I found the potential PHP vulnerability of Roundcube.
Would you please try the following 3 approaches to test the vulnerability of Roundcube? Thanks.
(1) Security Vulnerability of Roundcube reported by CVE
http://www.cvedetails.com/vulnerability-list/vendor_id-8905/Roundcube.html
(2) Scan Roundcube source code using RIPS
http://rips-scanner.sourceforge.net/
(3) Scan Roundcube source code using PHP-Vulnerability-test-suite
https://github.com/stivalet/PHP-Vulnerability-test-suite
In the mean time, we will try to scan Roundcube webmail server using the following general approaches. We will report our result to you.
http://resources.infosecinstitute.com/14-popular-web-application-vulnerability-scanners/
Thank you for your attention.
Best regards,
Winston Hong
All known vulnerability in Roundcube have been patched, make sure your testing the latest Roundcube version. If you do find any new vulnerability in the current version of Roundcube please report them.