Noamr

**Name of the Vulnerable Software and Affected Versions** Roundcube versions prior to 1.1.0 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the password, specifically in the DBMail driver of the Password plugin. **Recommendations** For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Roundcube versions prior to 1.1.0 **Description** The issue is related to multiple buffer overflows in the DBMail driver in the Password plugin. This could allow remote attackers to have an unspecified impact via the `password` or `username` variables. **Recommendations** For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.3.14 PHP versions 5.4.x prior to 5.4.4 **Description** The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash, by providing a crafted parameter value in prepared statements. **Recommendations** For PHP versions prior to 5.3.14, update to version 5.3.14 or later. For PHP versions 5.4.x prior to 5.4.4, update to version 5.4.4 or later.