Export limit exceeded: 344757 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344757 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (194 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-1648 | 1 Open-xchange | 1 Open-xchange Server | 2025-04-11 | N/A |
| The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated by (1) an ftp: URL, (2) a gopher: URL, or (3) an http://127.0.0.1/ URL, related to a "Server-side request forging (SSRF)" issue. | ||||
| CVE-2013-1647 | 1 Open-xchange | 1 Open-xchange Server | 2025-04-11 | N/A |
| Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by (1) the location parameter to ajax/redirect or (2) multiple infostore URIs. | ||||
| CVE-2013-5698 | 1 Open-xchange | 2 Open-xchange Appsuite, Open-xchange Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106. | ||||
| CVE-2013-5690 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment. | ||||
| CVE-2013-5200 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | N/A |
| The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call. | ||||
| CVE-2013-5035 | 2 Htmlcleaner Project, Open-xchange | 2 Htmlcleaner, Open-xchange Appsuite | 2025-04-11 | N/A |
| Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations. | ||||
| CVE-2013-1646 | 1 Open-xchange | 1 Open-xchange Server | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST request, (2) an arbitrary parameter to servlet/TestServlet, (3) a javascript: URL in a standalone-mode action to a UWA module, (4) an infostore attachment, (5) JavaScript code in a contact image, (6) an RSS feed, or (7) a signature. | ||||
| CVE-2013-4790 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | N/A |
| Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server. | ||||
| CVE-2013-1645 | 1 Open-xchange | 1 Open-xchange Server | 2025-04-11 | N/A |
| Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the publication template path. | ||||
| CVE-2013-3106 | 1 Open-xchange | 2 Open-xchange Appsuite, Open-xchange Server | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via (1) embedded VBScript, (2) object/data Base64 content, (3) a Content-Type header, or (4) UTF-16 encoding, aka Bug IDs 25957, 26237, 26243, and 26244. | ||||
| CVE-2013-7143 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule. | ||||
| CVE-2013-2583 | 1 Open-xchange | 2 Open-xchange Appsuite, Open-xchange Server | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file. | ||||
| CVE-2013-7142 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions. | ||||
| CVE-2013-2582 | 1 Open-xchange | 2 Open-xchange Appsuite, Open-xchange Server | 2025-04-11 | N/A |
| CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters. | ||||
| CVE-2013-7141 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags. | ||||
| CVE-2013-7140 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-11 | N/A |
| XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors related to the SAX builder and the WebDAV interface. NOTE: this issue has been labeled as both absolute path traversal and XXE, but the root cause may be XXE, since XXE can be exploited to conduct absolute path traversal and other attacks. | ||||
| CVE-2006-2738 | 1 Open-xchange | 1 Open-xchange | 2025-04-03 | N/A |
| The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed. | ||||
| CVE-2006-0091 | 1 Open-xchange | 1 Open-xchange | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline. | ||||
| CVE-2023-26432 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-12-03 | 4.3 Medium |
| When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known. | ||||
| CVE-2023-26442 | 1 Open-xchange | 1 Open-xchange Appsuite Office | 2024-12-03 | 3.2 Low |
| In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd service) could perform a server-side request-forgery attack and make Cacheservice connect to unexpected resources. We have disabled the ability to follow HTTP redirects when connecting to sproxyd resources. No publicly available exploits are known. | ||||