Monthly Archive: May 2019

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. Date published : 2019-05-23 https://documentation.open-xchange.com/components/releasenotes/7.8.3/ http://ox.com

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is:...

Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). Date published : 2019-05-23 https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html http://open-xchange.com

Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. Date published : 2019-05-23 https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html http://open-xchange.com

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS). Date published : 2019-05-23 https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html http://ox.com

OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. Date published : 2019-05-23 https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html http://ox.com

In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by...

In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a "Utility Widget" with a "Custom...

In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the ‘haid’ parameter of the ‘/auditLogAction.do’ module is vulnerable to a Time-based Blind SQL Injection attack. Date published : 2019-05-23 http://www.securityfocus.com/bid/108470 https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html

An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a...

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations...

An issue was discovered in ZOHO ManageEngine OpManager 12.2. The ‘apiKey’ parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack. Date published : 2019-05-23 http://manageengine.com http://opmanager.com

An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company’s network environment via a...

Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator. Date...