25 matches found
EUVD-2014-5337
Malware in sbrugna...
EUVD-2015-6505
Malware in sbrugna...
EUVD-2015-3480
Malware in sbrugna...
EUVD-2022-31118
Malicious code in bioql PyPI...
CVE-2022-26562
An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core = 6.30 introduced between 6.30.0 RC1e and 6.30.8 final...
Design/Logic Flaw
An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core = 6.30 introduced between 6.30.0 RC1e and 6.30.8 final...
CVE-2022-26562
CVE-2022-26562 describes an authentication bypass in Kopano Core = 6.30 (provider/libserver/ECPamAuth.cpp), allowing login even when the user password or account is expired. The connected documents confirm the affected components and root cause (expired-password-based auth bypass) but do not prov...
Information disclosure
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files...
CVE-2014-5450
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files...
CVE-2014-5450
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files...
CVE-2014-5450
CVE-2014-5450 concerns Zarafa Collaboration Platform 4.1, where /etc/zarafa/license was created with world-readable permissions, enabling local users to read license files and disclose sensitive information. Public sources in connected documents indicate this issue stems from incorrect default pe...
The vulnerability of the zarafa-autorespond application, which is part of the Zarafa Collaboration Platform, allows a perpetrator to increase their privileges.
The vulnerability of the zarafa-autorespond application, which is part of the Zarafa Collaboration Platform, is related to incorrect definition of links before accessing a file. Exploiting this vulnerability can allow an attacker, operating locally, to increase their privileges by manipulating...
Zarafa Collaboration Platform zarafa-autorespond Privilege Gain Vulnerability
Zarafa Collaboration Platform ZCP is a suite of open source email and calendar software from Zarafa, Netherlands. A security vulnerability exists in zarafa-autorespond in versions of ZCP prior to 7.2.1. A local attacker can exploit this vulnerability to gain privileges by performing a symbolic li...
Code injection
zarafa-autorespond in Zarafa Collaboration Platform ZCP before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-...
[SECURITY] Fedora 21 Update: zarafa-7.1.14-1.fc21
The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an...
Zarafa Collaboration Platform Local Arbitrary File Write Vulnerability
Zarafa Collaboration Platform is a suite of open source email and calendaring software. A security vulnerability in the provider/server/ECServer.cpp file of Zarafa Collaboration Platform allows a local attacker to write arbitrary files by performing a symbolic link attack on the...
CVE-2015-3436
provider/server/ECServer.cpp in Zarafa Collaboration Platform ZCP before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock...
Code injection
provider/server/ECServer.cpp in Zarafa Collaboration Platform ZCP before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock...
CVE-2015-3436
provider/server/ECServer.cpp in Zarafa Collaboration Platform ZCP before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock...
CVE-2015-3436
Zarafa Collaboration Platform (ZCP) is affected by CVE-2015-3436 due to a symlink attack on /tmp/zarafa-upgrade-lock in provider/server/ECServer.cpp. Affects ZCP before 7.1.13 and 7.2.x before 7.2.1, enabling local users to write arbitrary files. Remediation per sources: upgrade to 7.1.13 or 7.2....