EUVD-2016-4216

Malware in sbrugna...

EUVD-2015-1719

Malware in sbrugna...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for June 2023

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF022 and 22.0.2-IF006. Vulnerability Details CVEID:CVE-2022-43929 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows 11.1 a...

Security Bulletin: Apache Commons Text vulnerability affects Netcool Operations Insight [CVE-2022-42889]

Summary Apache Commons Text vulnerability affects Netcool Operations Insight. Apache Commons Text is used by multiple Netcool Operation Insight Services. The vulnerability has been addressed. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: OX AppSuite could allow a remote...

Security Bulletin: Multiple vulnerabilities affect IBM Db2® Graph

Summary IBM has released the below fix for IBM Db2® Graph in response to multiple vulnerabilities found in multiple components Vulnerability Details CVEID:CVE-2022-41881 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a StackOverflowError in HAProxyMessageDecoder. By sending a...

Path traversal

Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange OX AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted 1 OLE Object or 2 image in an OpenDocument text file...

CVE-2014-5236

CVE-2014-5236 affects Open-Xchange AppSuite, where the documentconverter component is vulnerable to absolute path traversal via crafted OLE Objects or images in OpenDocument text files. The impact is reading sensitive server files. Vendors provided fixes in versions: 7.4.2-rev10 and 7.6.0-rev10. ...

CVE-2014-5238

XML external entity XXE vulnerability in Open-Xchange OX AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document...

CVE-2014-5238

XML external entity XXE vulnerability in Open-Xchange OX AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document...

CVE-2014-5238

CVE-2014-5238 concerns an XML external entity (XXE) vulnerability in Open-Xchange AppSuite. The OpenDocument Text handling allows expansion of XML entities (DTD recursive entities), enabling an attacker to read server files via a crafted document. The NVD entry notes the affected products as Open...

CVE-2013-6242

Cross-site scripting XSS vulnerability in the frontend in Open-Xchange OX AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and th...

CVE-2013-6242

CVE-2013-6242 describes a cross-site scripting (XSS) flaw in the frontend of Open-Xchange (OX) AppSuite. It affects Open-Xchange AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12, where an attacker can inject arbitrary script/HTML via the subject of an email sent to the frontend. ...

CVE-2013-7486

Open-Xchange AppSuite contains a Cross-Site Scripting (XSS) vulnerability in the backend that allows remote attackers to inject script or HTML via the body of an email. Affected versions for this CVE-2013-7486 are Open-Xchange AppSuite 7.2.x prior to 7.2.2-rev27 and 7.4.x prior to 7.4.0-rev20. Th...

CVE-2013-7486

Cross-site scripting XSS vulnerability in the backend in Open-Xchange OX AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects...

CVE-2013-7485

CVE-2013-7485 is an XSS in the backend of Open-Xchange AppSuite. Affected: 7.2.x prior to 7.2.2-rev26 and 7.4.x prior to 7.4.0-rev16. Vulnerability arises from improper handling of the publication name in error messages, enabling remote attackers to inject arbitrary script/HTML. Mitigation: apply...

CVE-2013-7485

Cross-site scripting XSS vulnerability in the backend in Open-Xchange OX AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this...

CVE-2014-2078

Open-Xchange AppSuite 7.4.2 is affected by CVE-2014-2078. The vulnerability arises when E-Mail auto configuration for external accounts fails, enabling remote attackers to obtain email addresses of other users under opportunistic circumstances. Affected component is the backend in AppSuite; explo...

CVE-2015-1588

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21...

CVE-2015-1588

CVE-2015-1588 affects Open-Xchange Server 6 and OX AppSuite. The issue is multiple cross-site scripting (XSS) vulnerabilities caused by insufficient input filtering in the backend/OX AppSuite, enabling execution of crafted script in a user’s browser context and potential session-related issues. A...