CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2013-1649 – Open-Xchange Server 6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1649
14 Mar 2013 — Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. Open-Xchange Server anteior a 6.20.7 rev14, 6.22.0 anteior a rev13, y 6.22.1 anteior a rev14, usa los algoritmos de cifrado crypt y SHA-1 para el cálculo del hash de contraseñas, lo que facilita a los atacantes dependientes del contexto la obtención de contr... • https://www.exploit-db.com/exploits/24791 • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2013-1650 – Open-Xchange Server 6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1650
14 Mar 2013 — Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations. Open-Xchange Server anterior a 6.20.7 rev14, 6.22.0 anterior a rev13, y 6.22.1 anterior a rev14, usa permisos débiles (group "other" readable) bajo opt/open-xchange/etc/, lo que permite a usuarios locales obtener información sensible a través de operaciones... • https://www.exploit-db.com/exploits/24791 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 2CVE-2013-1651 – Open-Xchange Server 6 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1651
14 Mar 2013 — OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate. Open-Xchange Server anterior a 6.20.7 rev14, 6.22.0 anterior a rev13, y 6.22.1 anterior a rev14, no verifica los certificados X.509 desde los servidores SSL, lo que permite a atacantes "Man in the middle" suplantar los servidores e insta... • https://www.exploit-db.com/exploits/24791 • CWE-310: Cryptographic Issues •