kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
Max CVSS
7.5
EPSS Score
0.13%
Published
2021-03-31
Updated
2022-07-12
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-04-11
Updated
2019-04-26
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.
Max CVSS
8.4
EPSS Score
0.09%
Published
2016-01-11
Updated
2016-01-13
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
Max CVSS
6.6
EPSS Score
0.04%
Published
2015-06-09
Updated
2016-12-06
senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.
Max CVSS
5.0
EPSS Score
4.87%
Published
2015-02-19
Updated
2016-04-07
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.
Max CVSS
5.5
EPSS Score
0.04%
Published
2018-03-19
Updated
2018-04-20
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-10-20
Updated
2017-09-08
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-10-20
Updated
2017-09-08
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-10-20
Updated
2015-11-17
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Max CVSS
2.1
EPSS Score
0.13%
Published
2014-07-29
Updated
2015-11-04
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."
Max CVSS
5.0
EPSS Score
0.34%
Published
2014-04-28
Updated
2014-04-29
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."
Max CVSS
5.0
EPSS Score
0.96%
Published
2014-04-28
Updated
2014-04-29
12 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!