zarafa zarafa vulnerabilities and exploits

(subscribe to this query)

An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows malicious users to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver...

Kopano Groupware Core 11.0.2.51

zarafa-autorespond in Zarafa Collaboration Platform (ZCP) prior to 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.

Zarafa Zarafa Collaboration Platform Fedoraproject Fedora 21

provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) prior to 7.1.13 and 7.2.x prior to 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.

Zarafa Zarafa Collaboration Platform 7.2.0 Zarafa Zarafa Collaboration Platform

kopano-ical (formerly zarafa-ical) in Kopano Groupware Core up to and including 8.7.16, 9.x up to and including 9.1.0, 10.x up to and including 10.0.7, and 11.x up to and including 11.0.1 and Zarafa 6.30.x up to and including 7.2.x allows memory exhaustion via long HTTP headers.

Kopano Groupware Core Zarafa Zarafa

senddocument.php in Zarafa WebApp prior to 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x prior to 7.1.12 beta 1 and 7.2.x prior to 7.2.0 beta 1 allows remote malicious users to cause a denial of service (/tmp disk consumption) by uploading a large number of ...

Fedoraproject Fedora 21 Fedoraproject Fedora 20 Zarafa Zarafa Collaboration Platform 7.0.3 Zarafa Zarafa Collaboration Platform 7.0.5 Zarafa Zarafa Collaboration Platform 7.0.12 Zarafa Zarafa Collaboration Platform 7.1.0 Zarafa Zarafa Collaboration Platform 7.1.7 Zarafa Zarafa Collaboration Platform 7.1.9 Zarafa Webapp Zarafa Zarafa Collaboration Platform 7.0.0 Zarafa Zarafa Collaboration Platform 7.0.1 Zarafa Zarafa Collaboration Platform 7.0.2 Zarafa Zarafa Collaboration Platform 7.1.2 Zarafa Zarafa Collaboration Platform 7.1.3 Zarafa Zarafa Collaboration Platform 7.1.4 Zarafa Zarafa Collaboration Platform 7.1.5 Zarafa Zarafa Collaboration Platform 7.0.7 Zarafa Zarafa Collaboration Platform 7.0.8 Zarafa Zarafa Collaboration Platform 7.0.9 Zarafa Zarafa Collaboration Platform 7.0.10 Zarafa Zarafa Collaboration Platform 7.0.11 Zarafa Zarafa Collaboration Platform 7.1.10

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and previous versions, when using certain build conditions, allows remote malicious users to cause a denial of service (crash) via vectors related to "a NULL pointer of the password.&...

Zarafa Zarafa 6.03 Zarafa Zarafa 6.11 Zarafa Zarafa 5.10 Zarafa Zarafa 5.02 Zarafa Zarafa 5.11 Zarafa Zarafa 5.20 Zarafa Zarafa 5.22 Zarafa Zarafa 6.00 Zarafa Zarafa 6.02 Zarafa Zarafa 5.00 Zarafa Zarafa 7.1.8 Zarafa Zarafa 6.01 Zarafa Zarafa 6.10 Zarafa Zarafa 5.01 Zarafa Zarafa

Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and previous versions. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product i...

Zarafa Webaccess 7.2.0-48204

1 Github repository

Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.

Zarafa Zarafa Collaboration Platform 4.1

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.

Zarafa Webaccess 4.1 Zarafa Webapp -

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook