Skip to main content
CVE-2013-1651 MEDIUM POC This Month

OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Server
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
0.6%
CVE-2013-1647 MEDIUM POC This Month

Multiple CRLF injection vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary HTTP headers and conduct. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Open Xchange Server
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
1.5%
CVE-2013-5035 MEDIUM POC This Month

Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Race Condition Htmlcleaner Open Xchange Appsuite
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-1649 MEDIUM POC This Month

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Open Xchange Server
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
2.0%
CVE-2013-1646 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Open Xchange Server
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.9%
CVE-2013-1645 MEDIUM POC This Month

Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Open Xchange Server
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
2.2%
CVE-2013-1648 LOW POC Monitor

The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

SSRF Open Xchange Server
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.8%
CVE-2013-4790 LOW POC Monitor

Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name,. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Open Xchange Appsuite
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2013-5471 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Global Site Selector (GSS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh42164. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Cisco Global Site Selector
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-3479 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF WordPress Sharethis
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-1650 LOW POC Monitor

Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Open Xchange Server
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
0.6%
CVE-2013-3276 MEDIUM This Month

EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Rsa Archer Egrc
NVD
CVSS 2.0
6.0
EPSS
0.2%
CVE-2013-3277 MEDIUM This Month

Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Open Redirect Rsa Archer Egrc
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-2582 MEDIUM This Month

CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Open Redirect RCE Open Xchange Appsuite Open Xchange Server
NVD
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-3106 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite Open Xchange Server
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-2583 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite Open Xchange Server
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-5698 LOW Monitor

Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Open Xchange Appsuite Open Xchange Server
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy