Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-9466
Open-Xchange (OX) AppSuite and Server prior to 7.4.2-rev42, 7.6.0 prior to 7.6.0-rev36, and 7.6.1 prior to 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identi...
Open-xchange Open-xchange Appsuite 7.6.1
Open-xchange Open-xchange Appsuite 7.4.2
Open-xchange Open-xchange Appsuite 7.6.0
NA
CVE-2006-2738
The open source version of Open-Xchange 0.8.2 and previous versions uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote malicious users to access any server where the default has not been changed.
Open-xchange Open-xchange 0.8.1.6
Open-xchange Open-xchange
NA
CVE-2015-5375
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite prior to 6.22.8-rev8, 6.22.9 prior to 6.22.9-rev15m, 7.x prior to 7.6.1-rev25, and 7.6.2 prior to 7.6.2-rev20 allows remote malicious us...
Open-xchange Open-xchange Server
Open-xchange Open-xchange Appsuite
8.8
CVSSv3
CVE-2023-26452
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by defaul...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
8.8
CVSSv3
CVE-2023-26453
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL stateme...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
8.8
CVSSv3
CVE-2023-26454
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL s...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
7.8
CVSSv3
CVE-2023-26455
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated ...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
6.1
CVSSv3
CVE-2023-29043
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when p...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
5.4
CVSSv3
CVE-2023-29044
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parti...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
5.4
CVSSv3
CVE-2023-29045
Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data ex...
Open-xchange Open-xchange Appsuite 7.10.6
Open-xchange Open-xchange Appsuite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »