Roundcube Community Forum

 

html2text conversion script vulnerability

Started by bigworm, March 20, 2009, 09:31:16 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

bigworm

March 20, 2009, 09:31:16 AM
I have several old versions of roundcube deployed for clients.  Recently two of them were compromised using this vulnerability.  My fault for not staying up to date, I think I even emailed myself the security update bulletin just never did it.

At any rate, the vulnerability was used to create an adware serving system.

My real question is this, contained in the adware directory are some large text files that I deduce the adware author used to rotate links etc., these files contain links to other compromised roundcube sites.

What would be the best way to go about the process of notifying these admins??

rosali

#2
November 11, 2009, 07:49:43 AM
Please contact devs @ Roundcube - Mailing Lists
Regards,
Rosali
Print
Go Up Pages1
User actions