|
265221
|
4.3 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those re…
|
CWE-200
CWE-611
Information Exposure
XXE
|
CVE-2016-4047
|
2024-11-21 11:51 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265222
|
5.8 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of th…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2016-4046
|
2024-11-21 11:51 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265223
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader …
|
CWE-79
Cross-site Scripting
|
CVE-2016-4045
|
2024-11-21 11:51 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265224
|
7.5 |
HIGH
Network
|
open-xchange
|
ox_guard
|
An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle…
|
CWE-255
Credentials Management
|
CVE-2016-4028
|
2024-11-21 11:51 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265225
|
3.5 |
LOW
Network
|
open-xchange
|
open-xchange_appsuite
|
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionalit…
|
CWE-200
Information Exposure
|
CVE-2016-4027
|
2024-11-21 11:51 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265226
|
6.1 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such c…
|
CWE-79
Cross-site Scripting
|
CVE-2016-4026
|
2024-11-21 11:51 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265227
|
9.8 |
CRITICAL
Network
|
bmc
|
bladelogic_server_automation_console
|
BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveragin…
|
CWE-287
Improper Authentication
|
CVE-2016-4322
|
2024-11-21 11:51 |
2016-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265228
|
8.6 |
HIGH
Local
|
hdfgroup
|
hdf5
|
The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's term…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4333
|
2024-11-21 11:51 |
2016-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265229
|
8.6 |
HIGH
Local
|
hdfgroup
|
hdf5
|
The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't su…
|
CWE-20
Improper Input Validation
|
CVE-2016-4332
|
2024-11-21 11:51 |
2016-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265230
|
8.6 |
HIGH
Local
|
hdfgroup
|
hdf5
|
When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execu…
|
CWE-787
Out-of-bounds Write
|
CVE-2016-4331
|
2024-11-21 11:51 |
2016-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
