NotCVE - vendor:"Zarafa" product:"Zarafa Collaboration Platform" version:"7.0.3"

3 results (0.016 seconds)

CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-6566

https://notcve.org/view.php?id=CVE-2015-6566

zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. zarafa-autorespond en Zarafa Collaboration Platform (ZCP) en versiones anteriores a 7.2.1 permite a usuarios locales obtener privilegios a través de un ataque de enlace simbólico en /tmp/zarafa-vacation-*. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172605.html https://download.zarafa.com/community/final/7.2/final-changelog-7.2.txt https://jira.zarafa.com/browse/ZCP-13533 https://jira.zarafa.com/browse/ZCP-13572 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-3436

https://notcve.org/view.php?id=CVE-2015-3436

provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock. provider/server/ECServer.cpp en Zarafa Collaboration Platform (ZCP) anterior a 7.1.13 y 7.2.x anterior a 7.2.1 permite a usuarios locales escribir en ficheros arbitrarios a través de un ataque de enlace simbólico sobre /tmp/zarafa-upgrade-lock. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159455.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159497.html http://www.securityfocus.com/bid/75104 https://jira.zarafa.com/browse/ZCP-13282 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.0EPSS: 4%CPEs: 29EXPL: 1

CVE-2014-9465

https://notcve.org/view.php?id=CVE-2014-9465

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. senddocument.php en Zarafa WebApp anterior a 2.0 beta 3 y WebAccess en Zarafa Collaboration Platform (ZCP) 7.x anterior a 7.1.12 beta 1 y 7.2.x anterior a 7.2.0 beta 1 permite a atacantes remotos causar una denegación de servicio (consumo de disco /tmp) mediante la subida de un número grande de ficheros. • http://advisories.mageia.org/MGASA-2015-0049.html http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html http://security.robert-scheck.de/cve-2014-9465-zarafa http://www.mandriva.com/security/advisories?name=MDVSA-2015:040 http://www.openwall.com/lists • CWE-399: Resource Management Errors •