Computer Security
[EN] securityvulns.ru no-pyccku


Open-Xchange multiple security vulnerabilities
updated since 01.10.2013
Published:18.11.2013
Source:
SecurityVulns ID:13293
Type:library
Threat Level:
5/10
Description:Multiple different vulnerabilities.
Affected:OPENXCHANGE : Open-Xchange 7.2
CVE:CVE-2013-6074 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an attached SVG file.)
 CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.)
 CVE-2013-5200 (The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call.)
 CVE-2013-5035 (Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.)
 CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mail credentials of other users in opportunistic circumstances via a manual-mode association of a personal e-mail address with the hostname of a crafted IMAP server.)
Original documentdocumentOPENXCHANGE, Open-Xchange Security Advisory 2013-11-06 (18.11.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-09-30 (01.10.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-09-10 (01.10.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-08-16 (01.10.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-07-31 (01.10.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod