SecuritySpace - CVE-2015-5382

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2015-5382

Description: program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2015-5382
http://www.openwall.com/lists/oss-security/2015/07/07/2
http://www.openwall.com/lists/oss-security/2015/07/07/3

CVE ID:	CVE-2015-5382
Description:	program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5382 http://www.openwall.com/lists/oss-security/2015/07/07/2 http://www.openwall.com/lists/oss-security/2015/07/07/3