OX App Suite / OX Documents XSS / SSRF / Bypass

Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH...

Open-Xchange AppSuite 7.2.2 Phishing / Data Injection

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Internal reference: 27473 Bug ID Vulnerability type: Phishing / Data injection Vulnerable version: 7.2.2 and earlier Vulnerable component: backend Fixed version: 7.2.2-rev9, 7.2.1-rev10, 7.2.0-rev11, 7.0.2-rev14 Solution status: Fixed by...

Open-Xchange Security Advisory 2013-04-17

Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...

Open-Xchange 6 XSS / LFI / SSRF / Hashing

Multiple security issues for Open-Xchange Server have been discovered and fixed. The vendor has chosen responsible full disclosure to publish security issue details. Users of the software have already been provided with patched versions. Proof regarding authenticity can be obtained from the...