CVE-2013-6241
Open-Xchange AppSuite (backend) Birthday widget flaw allows remote authenticated users to exfiltrate sensitive contact data (birthday, displayname, firstname, surname) via api/contacts?action=birthdays when birthdays fall next year. Root cause: incorrect SQL construction in certain user-id sharin...