Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange open-xchange appsuite vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-9466
Open-Xchange (OX) AppSuite and Server prior to 7.4.2-rev42, 7.6.0 prior to 7.6.0-rev36, and 7.6.1 prior to 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identi...
Open-xchange Open-xchange Appsuite 7.6.1
Open-xchange Open-xchange Appsuite 7.4.2
Open-xchange Open-xchange Appsuite 7.6.0
NA
CVE-2013-2582
CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server prior to 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote malicious users to inject arbitrary HTTP headers and conduct open redirect attacks by levera...
Open-xchange Open-xchange Appsuite 6.22.0
Open-xchange Open-xchange Appsuite 6.22.1
Open-xchange Open-xchange Appsuite 7.0.1
Open-xchange Open-xchange Appsuite 7.0.2
Open-xchange Open-xchange Server 6.22.1
Open-xchange Open-xchange Server 7.0.1
Open-xchange Open-xchange Server 6.22.0
Open-xchange Open-xchange Server 7.0.2
6.1
CVSSv3
CVE-2016-6846
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend prior to 7.6.2-rev59, 7.8.0 prior to 7.8.0-rev38, 7.8.2 prior to 7.8.2-rev8; AppSuite frontend prior to 7.6.2-rev47, 7.8.0 prior to 7.8.0-rev30, and 7.8.2 prior to 7.8.2-rev8; Office Web prior to 7.6.2...
Open-xchange Open-xchange Appsuite Frontend 7.6.2
Open-xchange Open-xchange Appsuite Backend 7.8.0
Open-xchange Open-xchange Appsuite Backend 7.8.2
Open-xchange Open-xchange Appsuite Backend 7.6.2
Open-xchange Office Web 7.8.0
Open-xchange Open-xchange Appsuite Frontend 7.8.0
Open-xchange Documentconverter-api 7.8.2
Open-xchange Office Web 7.8.2
Open-xchange Office Web 7.6.2
Open-xchange Open-xchange Appsuite Frontend 7.8.2
6.1
CVSSv3
CVE-2015-1588
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite prior to 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21.
Open-xchange Open-xchange Appsuite 7.6.1
Open-xchange Open-xchange Appsuite 7.6.0
Open-xchange Open-xchange Server 6.0
Open-xchange Open-xchange Appsuite
Open-xchange Open-xchange Server 6.22.13
Open-xchange Open-xchange Server 6.22.12
8.8
CVSSv3
CVE-2023-26452
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by defaul...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
8.8
CVSSv3
CVE-2023-26453
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL stateme...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
8.8
CVSSv3
CVE-2023-26454
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL s...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
7.8
CVSSv3
CVE-2023-26455
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated ...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2023-29043
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when p...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
5.4
CVSSv3
CVE-2023-29044
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parti...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525
CVE-2024-4652
CVE-2024-1438
CVE-2024-4671
CVE-2024-34351
arbitrary
CVE-2024-4650
SQL injection
overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »