Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange server vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2013-1648
The Subscriptions feature in Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via a crafted Source field...
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.22.0
Open-xchange Open-xchange Server 6.20.7
1 EDB exploit
2.1
CVSSv2
CVE-2013-1650
Open-Xchange Server prior to 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 6.20.7
Open-xchange Open-xchange Server 6.22.0
1 EDB exploit
4.3
CVSSv2
CVE-2015-5375
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite prior to 6.22.8-rev8, 6.22.9 prior to 6.22.9-rev15m, 7.x prior to 7.6.1-rev25, and 7.6.2 prior to 7.6.2-rev20 allows remote malicious us...
Open-xchange Open-xchange Server
Open-xchange Open-xchange Appsuite
3.5
CVSSv2
CVE-2020-15004
OX App Suite up to and including 7.10.3 allows stats/diagnostic?param= XSS.
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
4
CVSSv2
CVE-2020-15003
OX App Suite up to and including 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).
Open-xchange Open-xchange Appsuite 7.10.2
Open-xchange Open-xchange Appsuite 7.10.3
6.5
CVSSv2
CVE-2018-5752
The backend component in Open-Xchange OX App Suite prior to 7.6.3-rev36, 7.8.x prior to 7.8.2-rev39, 7.8.3 prior to 7.8.3-rev44, and 7.8.4 prior to 7.8.4-rev22 allows remote malicious users to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal re...
Open-xchange Open-xchange Appsuite 7.8.4
Open-xchange Open-xchange Appsuite 7.8.3
Open-xchange Open-xchange Appsuite 7.8.2
Open-xchange Open-xchange Appsuite 7.8.0
Open-xchange Open-xchange Appsuite 7.6.3
Open-xchange Open-xchange Appsuite
1 EDB exploit
4.3
CVSSv2
CVE-2014-2392
The E-Mail autoconfiguration feature in Open-Xchange AppSuite prior to 7.2.2-rev20, 7.4.1 prior to 7.4.1-rev11, and 7.4.2 prior to 7.4.2-rev13 places a password in a GET request, which allows remote malicious users to obtain sensitive information by reading (1) web-server access ...
Open-xchange Open-xchange Appsuite 7.4.2
Open-xchange Open-xchange Appsuite 7.4.1
Open-xchange Open-xchange Appsuite 7.2.1
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.2.0
4.3
CVSSv2
CVE-2014-2391
The password recovery service in Open-Xchange AppSuite prior to 7.2.2-rev20, 7.4.1 prior to 7.4.1-rev11, and 7.4.2 prior to 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote ...
Open-xchange Open-xchange Appsuite 7.4.2
Open-xchange Open-xchange Appsuite 7.2.1
Open-xchange Open-xchange Appsuite 7.2.0
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.4.1
4
CVSSv2
CVE-2017-17062
The backend component in Open-Xchange OX App Suite prior to 7.6.3-rev35, 7.8.x prior to 7.8.2-rev38, 7.8.3 prior to 7.8.3-rev41, and 7.8.4 prior to 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.
Open-xchange Open-xchange Appsuite 7.8.4
Open-xchange Open-xchange Appsuite 7.8.3
Open-xchange Open-xchange Appsuite 7.8.0
Open-xchange Open-xchange Appsuite 7.6.3
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.8.2
1 EDB exploit
4
CVSSv2
CVE-2018-5751
The backend component in Open-Xchange OX App Suite prior to 7.6.3-rev36, 7.8.x prior to 7.8.2-rev39, 7.8.3 prior to 7.8.3-rev44, and 7.8.4 prior to 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the ...
Open-xchange Open-xchange Appsuite 7.8.4
Open-xchange Open-xchange Appsuite 7.8.3
Open-xchange Open-xchange Appsuite 7.6.3
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Appsuite 7.8.2
Open-xchange Open-xchange Appsuite 7.8.0
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »