CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-28994
https://notcve.org/view.php?id=CVE-2021-28994
31 Mar 2021 — kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers. kopano-ical (anteriormente zarafa-ical) en Kopano Groupware Core versión hasta 8.7.16, 9.x hasta 9.1.0, 10.x hasta 10.0.7, y 11.xa hasta11.0.1 y Zarafa 6.30.x hasta 7.2.x, permite el agotamiento de la memoria a través de encabezados HTTP largos. • http://www.openwall.com/lists/oss-security/2021/04/01/1 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 31%CPEs: 1EXPL: 1CVE-2019-7219
https://notcve.org/view.php?id=CVE-2019-7219
11 Apr 2019 — Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead. Reflected Cross-Site Scripting (XSS) no autenticados se presenta en Zarafa Webapp versión 2.0.1.47791 y anteriores. NOTA: este es un producto descontinuado. • https://github.com/verifysecurity/CVE-2019-7219 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6566
https://notcve.org/view.php?id=CVE-2015-6566
11 Jan 2016 — zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. zarafa-autorespond en Zarafa Collaboration Platform (ZCP) en versiones anteriores a 7.2.1 permite a usuarios locales obtener privilegios a través de un ataque de enlace simbólico en /tmp/zarafa-vacation-*. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172605.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3436
https://notcve.org/view.php?id=CVE-2015-3436
09 Jun 2015 — provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock. provider/server/ECServer.cpp en Zarafa Collaboration Platform (ZCP) anterior a 7.1.13 y 7.2.x anterior a 7.2.1 permite a usuarios locales escribir en ficheros arbitrarios a través de un ataque de enlace simbólico sobre /tmp/zarafa-upgrade-lock. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159455.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 2%CPEs: 29EXPL: 1CVE-2014-9465 – Mandriva Linux Security Advisory 2015-040
https://notcve.org/view.php?id=CVE-2014-9465
10 Feb 2015 — senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. senddocument.php en Zarafa WebApp anterior a 2.0 beta 3 y WebAccess en Zarafa Collaboration Platform (ZCP) 7.x anterior a 7.1.12 beta 1 y 7.2.x anterior a 7.2.0 beta 1 permite a atacantes remotos causar una denegación de servicio (consum... • http://advisories.mageia.org/MGASA-2015-0049.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5450 – Mandriva Linux Security Advisory 2014-182
https://notcve.org/view.php?id=CVE-2014-5450
25 Sep 2014 — Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files. Zarafa Collaboration Platform 4.1 emplea permisos de lectura globales para /etc/zarafa/license, lo que permite que usuarios locales obtengan información sensible mediante la lectura de archivos de licencia Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5447 – Mandriva Linux Security Advisory 2014-182
https://notcve.org/view.php?id=CVE-2014-5447
25 Sep 2014 — Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103. Zarafa WebAccess 7.1.10 y WebApp 1.6 beta utilizan permisos (644) débiles para config.php, lo que permite a usuarios locales obtener información sensible mediante la lectura de los ficheros de las sesiones PHP. NOTA: esta vulnerabilidad existe debido a ... • http://advisories.mageia.org/MGASA-2014-0380.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5448 – Mandriva Linux Security Advisory 2014-182
https://notcve.org/view.php?id=CVE-2014-5448
25 Sep 2014 — Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files. Zarafa 5.00 utiliza permisos de lectura universal para los ficheros en el directorio del registro, lo que permite a usuarios locales obtener información sensible mediante la lectura de los ficheros del registro. Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. Thi... • http://advisories.mageia.org/MGASA-2014-0380.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5449 – Mandriva Linux Security Advisory 2014-182
https://notcve.org/view.php?id=CVE-2014-5449
25 Sep 2014 — Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. Zarafa WebAccess 4.1 y WebApp utilizan permisos de lectura universal para los ficheros en su directorio tmp, lo que permite a usuarios locales obtener información sensible mediante la lectura de datos de sesiones temporales. Robert Scheck reported that Zarafa's WebAccess stored session information, including login cr... • http://advisories.mageia.org/MGASA-2014-0380.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2014-0103 – Mandriva Linux Security Advisory 2014-182
https://notcve.org/view.php?id=CVE-2014-0103
29 Jul 2014 — WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. WebAccess en Zarafa anterior a 7.1.10 y WebApp anterior a 1.6 almacena las credenciales en texto claro, lo que permite a usuarios locales de Apache obtener información sensible mediante la lectura de los ficheros PHP de sesión. Robert Scheck reported that Zarafa's WebAccess stored session information, including login creden... • http://advisories.mageia.org/MGASA-2014-0380.html • CWE-310: Cryptographic Issues •