Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-7736

Malware in sbrugna...

6.1CVSS6.2AI score0.02643EPSS
Exploits5References6
NVD
NVD
added 2016/12/15 6:59 a.m.26 views

CVE-2016-6853

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites,...

6.1CVSS6.3AI score0.02441EPSS
Exploits5References4
NVD
NVD
added 2016/12/15 6:59 a.m.17 views

CVE-2016-6851

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks against arbitrary users since no prior authentication is needed. Malicious script code can be execute...

6.1CVSS6.2AI score0.02643EPSS
Exploits5References4
NVD
NVD
added 2016/12/15 6:59 a.m.21 views

CVE-2016-4028

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the...

7.5CVSS7.6AI score0.00709EPSS
Exploits1References2
OSV
OSV
added 2016/12/15 6:59 a.m.5 views

CVE-2016-4028

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the...

7.5CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2016/12/15 6:59 a.m.17 views

Cross site scripting

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks against arbitrary users since no prior authentication is needed. Malicious script code can be execute...

4.3CVSS6.8AI score0.02643EPSS
Exploits5References4Affected Software1
Prion
Prion
added 2016/12/15 6:59 a.m.21 views

Design/Logic Flaw

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the...

3.5CVSS7.1AI score0.00709EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2016/12/15 6:59 a.m.21 views

Design/Logic Flaw

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites,...

4.3CVSS7.1AI score0.02441EPSS
Exploits5References4Affected Software1
Prion
Prion
added 2016/12/15 6:59 a.m.17 views

Open redirect

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwant...

4.3CVSS7.1AI score0.02441EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2016/12/15 6:31 a.m.31 views

CVE-2016-4028

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the...

7.6AI score0.00709EPSS
Exploits1References2
Cvelist
Cvelist
added 2016/12/15 6:31 a.m.28 views

CVE-2016-6851

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks against arbitrary users since no prior authentication is needed. Malicious script code can be execute...

6.2AI score0.02643EPSS
Exploits5References4
Cvelist
Cvelist
added 2016/12/15 6:31 a.m.32 views

CVE-2016-6854

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwant...

6.3AI score0.02441EPSS
Exploits5References4
Cvelist
Cvelist
added 2016/12/15 6:31 a.m.37 views

CVE-2016-6853

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites,...

6.2AI score0.02441EPSS
Exploits5References4
Hacker One
Hacker One
added 2016/08/12 5:10 p.m.20 views

Open-Xchange: OX Guard: DOM Based Cross-Site Scripting

Summary OX Guard's "Guest Reader" is vulnerable to DOM Based XSS. The vulnerable parameter is "templid". The reader.js script see below takes the parameter's value and injects it into the page/DOM without encoding/sanitizing it first. PoC:...

6.8AI score
Exploits0
CNVD
CNVD
added 2016/07/19 12:0 a.m.5 views

Open-Xchange OX Guard Security Bypass Vulnerability

Open-Xchange OX Guard is a suite of security protection software for e-mail and files from Open-Xchange USA. A security bypass vulnerability exists in versions 2.0 and 2.2.0 of Open-Xchange OX Guard, which can be exploited by attackers to bypass security restrictions and perform unauthorized...

8.8CVSS6.8AI score0.02211EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/11/19 8:0 p.m.23 views

CVE-2015-7385

Cross-site scripting XSS vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which is not properly handled in "Guard PGP Settings."...

5.7AI score0.01953EPSS
Exploits1References4
NVD
NVD
added 2015/09/28 4:59 p.m.12 views

CVE-2015-5703

SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS7.9AI score0.01748EPSS
Exploits0References3
Prion
Prion
added 2015/09/28 4:59 p.m.10 views

Sql injection

SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS8.5AI score0.01748EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2015/09/28 4:0 p.m.41 views

CVE-2015-5703

Open-Xchange OX Guard contains a SQL injection vulnerability in the public key discovery API calls prior to version 2.0.0-rev8. The flaw allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Mitigation is to upgrade to 2.0.0-rev8 or later (as per the linked ...

6.5CVSS8.1AI score0.01748EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/09/28 4:0 p.m.19 views

CVE-2015-5703

SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

7.9AI score0.01748EPSS
Exploits0References3
Rows per page
Query Builder