Open-xchange Appsuite@7.4.2 Security Vulnerabilities and Issues — Open-xchange Appsuite@7.4.2 CVE List

Lucene search

Open-xchangeOpen-xchange Appsuite7.4.2

8 matches found

CVE•added 2020/01/31 10:15 p.m.•140 views

CVE-2014-5236

Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file.

7.5CVSS7.4AI score0.06674EPSS

CVE•added 2014/04/24 5:6 a.m.•40 views

CVE-2014-2391

The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain poten...

4.3CVSS6.6AI score0.0023EPSS

CVE•added 2014/04/24 5:6 a.m.•38 views

CVE-2014-2392

The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer lo...

4.3CVSS6.4AI score0.0023EPSS

CVE•added 2015/02/17 3:59 p.m.•37 views

CVE-2014-9466

Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."

4CVSS6.3AI score0.00077EPSS

CVE•added 2014/03/20 4:55 p.m.•35 views

CVE-2014-2077

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.

4.3CVSS5.8AI score0.00263EPSS

CVE•added 2018/04/10 3:29 p.m.•35 views

CVE-2014-2078

The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a failure in e-mail auto configuration for external accounts.

5.3CVSS5AI score0.00194EPSS

CVE•added 2020/01/14 4:15 p.m.•35 views

CVE-2014-5238

XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.

7.8CVSS7.5AI score0.00903EPSS

CVE•added 2014/04/24 5:6 a.m.•32 views

CVE-2014-2393

Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.

4.3CVSS5.7AI score0.00225EPSS