EUVD-2015-8423

Malware in sbrugna...

Open-Xchange: Guard WKS lookup: Evil WKS server forces connections to last forever

Any logged-in user can cause denial of service against the AppSuite server by asking Guard to fetch keys from a badly-behaving WKS server. This WKS server's response never ends, tying up a java process and TLS connection forever. Any logged-in user can cause denial of service against the AppSuite...

CVE-2016-6853

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites,...

Design/Logic Flaw

An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its user- and context-ID...

CVE-2015-8542

An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its user- and context-ID...

CVE-2015-8542

Open-Xchange Guard prior to 2.2.0-rev8 is affected. The getprivkeybyid API allows downloading a user’s PGP Private Key after authentication. The auth parameter contains a hashed password, used as a single point of authentication, and, because id and cid are sequential, an attacker can iterate the...

CVE-2015-8542

An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its user- and context-ID...

Open-Xchange OX Guard Cross-Site Scripting Vulnerability (CNVD-2016-07641)

Open-Xchange OX Guard is a suite of security protection software for e-mail and files from Open-Xchange USA. A cross-site scripting vulnerability exists in Open-Xchange OX Guard 2.4.2 and prior versions, which stems from the program not adequately filtering user-submitted input. When a user brows...

Open-Xchange OX Guard Cross-Site Scripting Vulnerability (CNVD-2016-07642)

Open-Xchange OX Guard is a suite of security protection software for e-mail and files from Open-Xchange USA. A cross-site scripting vulnerability exists in Open-Xchange OX Guard 2.4.2 and prior versions, which stems from the program's failure to adequately filter user-submitted input. When a user...

Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities

Product: OX Guard Vendor: OX Software GmbH Internal reference: 47878 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 2.4.2 and earlier Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.4.0-rev11, 2.4.2-rev5...

Open-Xchange Guard Information Disclosure Vulnerability

Open-Xchange Guard OX Guard is a suite of security protection software for e-mail and files from Open-Xchange, Inc. in the United States. An information disclosure vulnerability exists in OX Guard version 2.4.0, which originates when the program returns a different error code. A remote attacker...

Open-Xchange Guard 2.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Product: Open-Xchange Guard Vendor: Open-Xchange GmbH Internal reference: 41466 Bug ID Vulnerability type: Cross-Site-Scripting CWE-80 Vulnerable version: 2.0 Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by...