4 matches found
CVE-2014-0103
CVE-2014-0103 affects Zarafa WebAccess (and WebApp) prior to version 7.1.10 / 1.6, where credentials are stored in cleartext in PHP session files. This enables local Apache users to read sensitive information. OpenVAS advisories link CVE-2014-0103 to multiple Zarafa updates; Fedora/MGASA advisori...
CVE-2014-9465
CVE-2014-9465 affects Zarafa WebApp (before 2.0 beta 3) and Zarafa WebAccess in Zarafa Collaboration Platform (ZCP) 7.x (before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1). The issue allows remote attackers to cause a denial of service by uploading a large number of files, leading to /tmp disk c...
CVE-2014-5449
CVE-2014-5449 affects Zarafa WebAccess 4.1 and WebApp, where files in the tmp directory used world-readable permissions allowed local users to read temporary session data. The connected advisory set confirms multiple permission issues and includes CVEs 2014-0103, 2014-5447, 2014-5448, 2014-5449, ...
CVE-2014-5447
Technical details for CVE-2014-5447 are not publicly available in the provided documents. No concrete exploit vectors or affected versions are disclosed here; monitor for updates.