EUVD-2013-6069

Malware in sbrugna...

Open-Xchange (OX) App Suite Multiple Vulnerabilities -05 (Nov 2015)

Open-Xchange OX App Suite is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2013-6241

The Birthday widget in the backend in Open-Xchange OX AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday,...

Open redirect

The Birthday widget in the backend in Open-Xchange OX AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14, in certain user-id sharing scenarios, does not properly construct a SQL statement for next-year birthdays, which allows remote authenticated users to obtain sensitive birthday,...

CVE-2013-6241

Open-Xchange AppSuite (backend) Birthday widget flaw allows remote authenticated users to exfiltrate sensitive contact data (birthday, displayname, firstname, surname) via api/contacts?action=birthdays when birthdays fall next year. Root cause: incorrect SQL construction in certain user-id sharin...