Max CVSS | 5.8 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-1651 | 5.8 |
OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software vi
|
05-03-2014 - 19:01 | 05-09-2013 - 11:44 | |
CVE-2013-1649 | 4.3 |
Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force atta
|
30-09-2013 - 14:32 | 05-09-2013 - 11:44 | |
CVE-2013-1645 | 4.0 |
Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the publication template path.
|
26-09-2013 - 16:42 | 05-09-2013 - 11:44 | |
CVE-2013-1647 | 5.0 |
Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted paramet
|
26-09-2013 - 16:38 | 05-09-2013 - 11:44 | |
CVE-2013-1646 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POS
|
26-09-2013 - 16:37 | 05-09-2013 - 11:44 | |
CVE-2013-1650 | 2.1 |
Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operati
|
26-09-2013 - 16:20 | 05-09-2013 - 11:44 | |
CVE-2013-1648 | 3.5 |
The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffi
|
06-09-2013 - 17:43 | 05-09-2013 - 11:44 |