Check CVE Id
Check CWE Id
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
Zarafa collaboration platform
CVSS Base Score
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 22.214.171.124791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the rela...
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.
senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading ...
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2...
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Back to Top