Ox Server

CVEs (10)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2013-1650	Open-Xchange Open Xchange Server	0.03	—	0.01	Sep 5, 2013	Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.
CVE-2013-1648	Open-Xchange Open Xchange Server	0.03	—	0.01	Sep 5, 2013	The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field,…
CVE-2013-1647	Open-Xchange Open Xchange Server	0.03	—	0.01	Sep 5, 2013	Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by (1)…
CVE-2013-1646	Open-Xchange Open Xchange Server	0.03	—	0.01	Sep 5, 2013	Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST request, (2) an arbitrary…
CVE-2013-1645	Open-Xchange Open Xchange Server	0.03	—	0.02	Sep 5, 2013	Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the publication template path.
CVE-2014-9466	Open-Xchange Appsuite	0.00	—	0.00	Feb 17, 2015	Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."
CVE-2013-5698	Open-Xchange Open Xchange Server	0.00	—	0.00	Sep 5, 2013	Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view…
CVE-2013-3106	Open-Xchange Open Xchange Server	0.00	—	0.00	Sep 5, 2013	Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via…
CVE-2013-2583	Open-Xchange Open Xchange Server	0.00	—	0.00	Sep 5, 2013	Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript:…
CVE-2013-2582	Open-Xchange Open Xchange Server	0.00	—	0.00	Sep 5, 2013	CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging…

CVE-2013-1650Sep 5, 2013
Open-Xchange
Open Xchange Server
risk 0.03cvss —epss 0.01
Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.
CVE-2013-1648Sep 5, 2013
Open-Xchange
Open Xchange Server
risk 0.03cvss —epss 0.01
The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field,…
CVE-2013-1647Sep 5, 2013
Open-Xchange
Open Xchange Server
risk 0.03cvss —epss 0.01
Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by (1)…
CVE-2013-1646Sep 5, 2013
Open-Xchange
Open Xchange Server
risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST request, (2) an arbitrary…
CVE-2013-1645Sep 5, 2013
Open-Xchange
Open Xchange Server
risk 0.03cvss —epss 0.02
Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the publication template path.
CVE-2014-9466Feb 17, 2015
Open-Xchange
Appsuite
risk 0.00cvss —epss 0.00
Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."
CVE-2013-5698Sep 5, 2013
Open-Xchange
Open Xchange Server
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view…
CVE-2013-3106Sep 5, 2013
Open-Xchange
Open Xchange Server
risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary web script or HTML via…
CVE-2013-2583Sep 5, 2013
Open-Xchange
Open Xchange Server
risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript:…
CVE-2013-2582Sep 5, 2013
Open-Xchange
Open Xchange Server
risk 0.00cvss —epss 0.00
CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging…