CVE-2014-9465
https://notcve.org/view.php?id=CVE-2014-9465
senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. senddocument.php en Zarafa WebApp anterior a 2.0 beta 3 y WebAccess en Zarafa Collaboration Platform (ZCP) 7.x anterior a 7.1.12 beta 1 y 7.2.x anterior a 7.2.0 beta 1 permite a atacantes remotos causar una denegación de servicio (consumo de disco /tmp) mediante la subida de un número grande de ficheros. • http://advisories.mageia.org/MGASA-2015-0049.html http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html http://security.robert-scheck.de/cve-2014-9465-zarafa http://www.mandriva.com/security/advisories?name=MDVSA-2015:040 http://www.openwall.com/lists • CWE-399: Resource Management Errors •
CVE-2014-5447
https://notcve.org/view.php?id=CVE-2014-5447
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103. Zarafa WebAccess 7.1.10 y WebApp 1.6 beta utilizan permisos (644) débiles para config.php, lo que permite a usuarios locales obtener información sensible mediante la lectura de los ficheros de las sesiones PHP. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-0103. • http://advisories.mageia.org/MGASA-2014-0380.html http://seclists.org/oss-sec/2014/q3/444 http://seclists.org/oss-sec/2014/q3/445 http://www.mandriva.com/security/advisories?name=MDVSA-2014:182 http://www.securityfocus.com/bid/69362 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-5449
https://notcve.org/view.php?id=CVE-2014-5449
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data. Zarafa WebAccess 4.1 y WebApp utilizan permisos de lectura universal para los ficheros en su directorio tmp, lo que permite a usuarios locales obtener información sensible mediante la lectura de datos de sesiones temporales. • http://advisories.mageia.org/MGASA-2014-0380.html http://seclists.org/oss-sec/2014/q3/444 http://seclists.org/oss-sec/2014/q3/445 http://www.mandriva.com/security/advisories?name=MDVSA-2014:182 http://www.securityfocus.com/bid/69369 https://exchange.xforce.ibmcloud.com/vulnerabilities/95453 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-0103
https://notcve.org/view.php?id=CVE-2014-0103
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. WebAccess en Zarafa anterior a 7.1.10 y WebApp anterior a 1.6 almacena las credenciales en texto claro, lo que permite a usuarios locales de Apache obtener información sensible mediante la lectura de los ficheros PHP de sesión. • http://advisories.mageia.org/MGASA-2014-0380.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:182 http://www.securityfocus.com/bid/68247 https://bugzilla.redhat.com/show_bug.cgi?id=1073618 • CWE-310: Cryptographic Issues •