CVSS: 7.5EPSS: 2%CPEs: 29EXPL: 1CVE-2014-9465 – Mandriva Linux Security Advisory 2015-040
https://notcve.org/view.php?id=CVE-2014-9465
10 Feb 2015 — senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. senddocument.php en Zarafa WebApp anterior a 2.0 beta 3 y WebAccess en Zarafa Collaboration Platform (ZCP) 7.x anterior a 7.1.12 beta 1 y 7.2.x anterior a 7.2.0 beta 1 permite a atacantes remotos causar una denegación de servicio (consum... • http://advisories.mageia.org/MGASA-2015-0049.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5447 – Mandriva Linux Security Advisory 2014-182
https://notcve.org/view.php?id=CVE-2014-5447
25 Sep 2014 — Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103. Zarafa WebAccess 7.1.10 y WebApp 1.6 beta utilizan permisos (644) débiles para config.php, lo que permite a usuarios locales obtener información sensible mediante la lectura de los ficheros de las sesiones PHP. NOTA: esta vulnerabilidad existe debido a ... • http://advisories.mageia.org/MGASA-2014-0380.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5449 – Mandriva Linux Security Advisory 2014-182
https://notcve.org/view.php?id=CVE-2014-5449
25 Sep 2014 — Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. Zarafa WebAccess 4.1 y WebApp utilizan permisos de lectura universal para los ficheros en su directorio tmp, lo que permite a usuarios locales obtener información sensible mediante la lectura de datos de sesiones temporales. Robert Scheck reported that Zarafa's WebAccess stored session information, including login cr... • http://advisories.mageia.org/MGASA-2014-0380.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2014-0103 – Mandriva Linux Security Advisory 2014-182
https://notcve.org/view.php?id=CVE-2014-0103
29 Jul 2014 — WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. WebAccess en Zarafa anterior a 7.1.10 y WebApp anterior a 1.6 almacena las credenciales en texto claro, lo que permite a usuarios locales de Apache obtener información sensible mediante la lectura de los ficheros PHP de sesión. Robert Scheck reported that Zarafa's WebAccess stored session information, including login creden... • http://advisories.mageia.org/MGASA-2014-0380.html • CWE-310: Cryptographic Issues •