Search Results | AttackerKB

Show filters

Clear All

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

2 Total Results

Displaying 1-2 of 2

Attacker Value

Unknown

CVE-2014-5447

Disclosure Date: October 20, 2014 (last updated October 05, 2023)

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.

Attacker Value

Unknown

CVE-2014-0103

Disclosure Date: July 29, 2014 (last updated October 05, 2023)

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

2 Total Results

Displaying 1-2 of 2

Unknown

CVE-2014-5447

Unknown

CVE-2014-0103

Quick Cookie Notification