Vulnerabilities > Zarafa

DATE CVE VULNERABILITY TITLE RISK
2021-03-31 CVE-2021-28994 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
network
low complexity
kopano zarafa CWE-770
5.0
2019-04-11 CVE-2019-7219 Cross-site Scripting vulnerability in Zarafa Webaccess 7.2.048204
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier.
network
zarafa CWE-79
4.3
2018-03-19 CVE-2014-5450 Information Exposure vulnerability in Zarafa Collaboration Platform 4.1
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.
local
low complexity
zarafa CWE-200
2.1
2016-01-11 CVE-2015-6566 Link Following vulnerability in multiple products
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.
local
low complexity
zarafa fedoraproject CWE-59
7.2
2015-06-09 CVE-2015-3436 Link Following vulnerability in Zarafa Collaboration Platform
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
local
low complexity
zarafa CWE-59
6.6
2015-02-19 CVE-2014-9465 Resource Management Errors vulnerability in multiple products
senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.
network
low complexity
fedoraproject zarafa CWE-399
5.0
2014-10-20 CVE-2014-5449 Information Exposure vulnerability in Zarafa Webaccess and Webapp
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
local
low complexity
zarafa CWE-200
2.1
2014-10-20 CVE-2014-5448 Information Exposure vulnerability in Zarafa 5.00
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
local
low complexity
zarafa CWE-200
2.1
2014-10-20 CVE-2014-5447 Information Exposure vulnerability in Zarafa Webapp and Zarafa
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files.
local
low complexity
zarafa CWE-200
2.1
2014-07-29 CVE-2014-0103 Cryptographic Issues vulnerability in multiple products
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
local
low complexity
zarafa fedoraproject CWE-310
2.1