Page 2 of 12 results (0.009 seconds)

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103. Zarafa WebAccess 7.1.10 y WebApp 1.6 beta utilizan permisos (644) débiles para config.php, lo que permite a usuarios locales obtener información sensible mediante la lectura de los ficheros de las sesiones PHP. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-0103. • http://advisories.mageia.org/MGASA-2014-0380.html http://seclists.org/oss-sec/2014/q3/444 http://seclists.org/oss-sec/2014/q3/445 http://www.mandriva.com/security/advisories?name=MDVSA-2014:182 http://www.securityfocus.com/bid/69362 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files. Zarafa Collaboration Platform 4.1 emplea permisos de lectura globales para /etc/zarafa/license, lo que permite que usuarios locales obtengan información sensible mediante la lectura de archivos de licencia • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137232.html http://www.openwall.com/lists/oss-security/2014/08/25/1 http://www.securityfocus.com/bid/69370 https://bugzilla.redhat.com/show_bug.cgi?id=1133439 https://exchange.xforce.ibmcloud.com/vulnerabilities/95454 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. Zarafa WebAccess 4.1 y WebApp utilizan permisos de lectura universal para los ficheros en su directorio tmp, lo que permite a usuarios locales obtener información sensible mediante la lectura de datos de sesiones temporales. • http://advisories.mageia.org/MGASA-2014-0380.html http://seclists.org/oss-sec/2014/q3/444 http://seclists.org/oss-sec/2014/q3/445 http://www.mandriva.com/security/advisories?name=MDVSA-2014:182 http://www.securityfocus.com/bid/69369 https://exchange.xforce.ibmcloud.com/vulnerabilities/95453 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files. Zarafa 5.00 utiliza permisos de lectura universal para los ficheros en el directorio del registro, lo que permite a usuarios locales obtener información sensible mediante la lectura de los ficheros del registro. • http://advisories.mageia.org/MGASA-2014-0380.html http://seclists.org/oss-sec/2014/q3/444 http://seclists.org/oss-sec/2014/q3/445 http://www.mandriva.com/security/advisories?name=MDVSA-2014:182 http://www.securityfocus.com/bid/69365 https://exchange.xforce.ibmcloud.com/vulnerabilities/95452 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.1EPSS: 0%CPEs: 24EXPL: 0

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. WebAccess en Zarafa anterior a 7.1.10 y WebApp anterior a 1.6 almacena las credenciales en texto claro, lo que permite a usuarios locales de Apache obtener información sensible mediante la lectura de los ficheros PHP de sesión. • http://advisories.mageia.org/MGASA-2014-0380.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:182 http://www.securityfocus.com/bid/68247 https://bugzilla.redhat.com/show_bug.cgi?id=1073618 • CWE-310: Cryptographic Issues •