EUVD-2013-1676

Malware in sbrugna...

EUVD-2013-1677

Malware in sbrugna...

EUVD-2013-1679

Malware in sbrugna...

EUVD-2013-1680

Malware in sbrugna...

EUVD-2013-1678

Malware in sbrugna...

EUVD-2013-1682

Malware in sbrugna...

EUVD-2015-5331

Malware in sbrugna...

EUVD-2015-1719

Malware in sbrugna...

EUVD-2016-3913

Malware in sbrugna...

CVE-2013-5698

Cross-site scripting XSS vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, ...

CVE-2013-1651

OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate...

CVE-2013-1648

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field, as demonstrated b...

CVE-2013-1645

Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. dot dot in the publication template path...

CVE-2013-1649

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack...

CVE-2013-1647

Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted parameter, as demonstrated by 1 the location parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21...

CVE-2015-1588

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21...

CVE-2015-1588

CVE-2015-1588 affects Open-Xchange Server 6 and OX AppSuite. The issue is multiple cross-site scripting (XSS) vulnerabilities caused by insufficient input filtering in the backend/OX AppSuite, enabling execution of crafted script in a user’s browser context and potential session-related issues. A...

CVE-2016-2840

An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context...

CVE-2016-2840

Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26 is affected. The issue arises from the session parameter on file-download requests, allowing injected script to be reflected on the subsequent status page and executed within a trusted domain’s context. Exploitation does not require authentic...