Lucene search
+L

CVE-2013-1650

🗓️ 05 Sep 2013 10:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 69 Views🌐 WEB

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions under opt/open-xchange/etc/, allowing local users to obtain sensitive information

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today
Open-Xchange Server 6 - Multiple Vulnerabilities
15 Mar 201300:00
zdt
Cvelist
CVE-2013-1650
5 Sep 201310:00
cvelist
EUVD
EUVD-2013-1681
7 Oct 202500:30
euvd
exploitpack
Open-Xchange Server 6 - Multiple Vulnerabilities
15 Mar 201300:00
exploitpack
NVD
CVE-2013-1650
5 Sep 201311:44
nvd
OpenVAS
Open-Xchange Server Multiple Vulnerabilities (Mar 2013) - Active Check
18 Mar 201300:00
openvas
Packet Storm
Open-Xchange 6 XSS / LFI / SSRF / Hashing
14 Mar 201300:00
packetstorm
Prion
Open redirect
5 Sep 201311:44
prion
RedhatCVE
CVE-2013-1650
22 May 202504:13
redhatcve
securityvulns
Open-Xchange Security Advisory 2013-03-13
6 May 201300:00
securityvulns
Rows per page
ParameterPositionPathDescriptionCWE
json_0request body/ajax/mailXSS via unsanitized user input returned as JS code in mail operationCWE-264
fooquery param/servlet/TestServletArbitrary JavaScript execution in context of the OX URL via TestServlet parameterCWE-264
secretquery param/publications/files/10/meh!/66/currentPublication retrieval can execute embedded HTML/JS via content_disposition or crafted contentCWE-264
content_dispositionquery param/publications/files/10/meh!/66/currentPublication retrieval can execute embedded HTML/JS via content_disposition or crafted contentCWE-264
locationquery param/ajax/redirectHeader/redirect manipulation can inject/execute HTML or scripts via forged headersCWE-264
actionquery param/ajax/infostore/w00tness.pngHeader/content disposition manipulation leading to script execution or content injectionCWE-264
idquery param/ajax/infostore/w00tness.pngHeader/content disposition manipulation leading to script execution or content injectionCWE-264
sessionquery param/ajax/infostore/w00tness.pngHeader/content disposition manipulation leading to script execution or content injectionCWE-264
content_dispositionquery param/ajax/infostore/w00tness.pngHeader/content disposition manipulation leading to script execution or content injectionCWE-264
content_dispositionquery param/publications/files/10/meh!/66/currentInline content disposition leading to JS execution in attachments/publications contextCWE-264
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

16 Jun 2026 23:51Current
5.8Medium risk
Vulners AI Score5.8
CVSS 22.1
EPSS0.00793
69