Search Results | AttackerKB

Show filters

Topics 11 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

11 Total Results

Displaying 1-10 of 11

Attacker Value

Unknown

CVE-2020-8544

Disclosure Date: June 16, 2020 (last updated February 21, 2025)

OX App Suite through 7.10.3 allows SSRF.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2020-8543

Disclosure Date: June 16, 2020 (last updated February 21, 2025)

OX App Suite through 7.10.3 has Improper Input Validation.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2018-9997

Disclosure Date: July 05, 2018 (last updated November 27, 2024)

Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets.

0

Attacker Value

Unknown

CVE-2018-9998

Disclosure Date: July 05, 2018 (last updated November 27, 2024)

Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote attackers to obtain sensitive information via the folder parameter in an "all" action to api/tasks.

0

Attacker Value

Unknown

CVE-2018-5754

Disclosure Date: June 16, 2018 (last updated November 26, 2024)

Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard.

0

Attacker Value

Unknown

CVE-2018-5753

Disclosure Date: June 16, 2018 (last updated November 26, 2024)

The frontend component in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev20 allows remote attackers to spoof the origin of e-mails via unicode characters in the "personal part" of a (1) From or (2) Sender address.

0

Attacker Value

Unknown

CVE-2018-5751

Disclosure Date: June 16, 2018 (last updated November 26, 2024)

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote authenticated users to obtain sensitive information about external guest users via vectors related to the "groups" and "users" APIs.

0

Attacker Value

Unknown

CVE-2018-5755

Disclosure Date: June 16, 2018 (last updated November 26, 2024)

Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.

0

Attacker Value

Unknown

CVE-2018-5756

Disclosure Date: June 16, 2018 (last updated November 26, 2024)

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a delete action to api/tasks.

0

Attacker Value

Unknown

CVE-2017-17062

Disclosure Date: June 16, 2018 (last updated November 26, 2024)

The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, 7.8.x before 7.8.2-rev38, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev19 allows remote authenticated users to save arbitrary user attributes by leveraging improper privilege management.

0