RSS   Vulnerabilities for 'Webapp'   RSS

2015-02-19
 
CVE-2014-9465

 

 
senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.

 
2014-10-20
 
CVE-2014-5449

 

 
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.

 
 
CVE-2014-5447

 

 
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.

 
2014-07-29
 
CVE-2014-0103

 

 
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.

 

 >>> Vendor: Zarafa 4 Products
Zarafa
Webapp
Webaccess
Zarafa collaboration platform


Copyright 2019, cxsecurity.com

 

Back to Top