View cve-2017-16651.md

Roundcube Webmail File Disclosure Vulnerability

  • Software: https://roundcube.net/
  • Versions: 1.1.0 - 1.1.9, 1.2.0 - 1.2.6, 1.3.0 - 1.3.2
  • CVE: CVE-2017-16651
  • Author: Thomas Bruederli
  • Release date: 2017-11-09

Summary

Roundcube Webmail allows unauthorized access to arbitrary files on the

View vtimezone.php
<?php
use \Sabre\VObject;
// use composer autoloader
require_once 'vendor/autoload.php';
/**
* Returns a VTIMEZONE component for a Olson timezone identifier
* with daylight transitions covering the given date range.
View 0_reuse_code.js
// Use Gists to store code you would like to remember later on
console.log(window); // log the "window" object to the console
View kolab_webhelp_conf.local.py
# replace the values for these placeholders to match your environment
variables = {
'skin': 'kolab',
}
# General information about the project.
project = u'Kolab Groupware Help'
copyright = u'2014, kolab.org'
version = '3.1'
View kolab_webhelp.diff
diff --git a/_static/default.css b/_static/default.css
index b6f8f62..378107f 100755
--- a/_static/default.css
+++ b/_static/default.css
@@ -26,7 +26,7 @@ body {
div.banner {
margin: 0 0 3px 0;
padding: 10px 0;
- height: 40px;
+ height: 16px;
View RegisterCommand.php
<?php
/*
* This file is part of Composer.
*
* (c) Thomas Bruederli <bruederli@kolabsys.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
View composer-add-package.php
<?php
/**
* Distributed Composer package registration script
*
* This script registers the given composer module to the local installation registry
* in order to let composer.phar build autoloader files for installed modules.
*
* Usage: php add-package.php <PATH-TO-MODULE-COMPOSER.JSON> <VERSION>
*
View README.md

dcomposer

This is simple approach to work-around the missing --global option in Composer. See https://github.com/composer/composer/issues/55

It reads the dependencies from a local composer.json file and installs them into a global location (e.g. /usr/local/lib/composer) and creates a light-weight local Composer installation providing the necessary autoload magic.

View Makefile
GITREMOTE=git://github.com/roundcube/roundcubemail.git
GITBRANCH=release-1.3
GPGKEY=devs@roundcube.net
VERSION=1.3.2
all: clean complete dependent framework
complete: roundcubemail-git toolchain
cp -RH roundcubemail-git roundcubemail-$(VERSION)
(cd roundcubemail-$(VERSION); cp composer.json-dist composer.json)
View git-svn-create-rev-map.php
<?php
/**
* This script builds a revision mapping table from two SVN and GIT log files.
* It uses a commit's date and comment to connect SVN revisions with a GIT commits.
*
* Execute it with php git-svn-create-rev-map.php svn.log git.log
*
* @author Thomas Bruederli <thomas(at)roundcube(dot)net>
**/