Open-Xchange


62 total issues disclosed

$33,218 total paid publicly


Most disclosed (10 disclosures) — Server-Side Request Forgery (SSRF)

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
Guard WKS lookup: Evil WKS server forces connections to last forever Denial of Service afewgoats Low 2021-12-07
access to stack memory beyond array boundaries Memory Corruption - Generic ihsinme Medium 2021-12-03
Path Traversal in dict-fs and no-check Escape Character in oauth2-jwt Path Traversal northsea Medium 2021-09-07
Command Injection via STARTTLS in SMTP Cryptographic Issues - Generic murgi Medium 2021-06-21
A malicious user can upload a malicious script through managesieve and trigger its execution in order to consume almost 100% of CPU (LMTP). Denial of Service rumata Medium 2021-06-21
SSRF - Unchecked Snippet IDs for distributed files Server-Side Request Forgery (SSRF) zhutyra High 2021-05-01
SSRF protection bypass in /appsuite/api/oxodocumentfilter addfile action Server-Side Request Forgery (SSRF) skr0x1c0 Medium 2020-11-27
XSS on opening malicious OpenOffice presentation document Cross-site Scripting (XSS) - DOM skr0x1c0 Medium 2020-11-27
XSS on opening a malicious OpenOffice text document Cross-site Scripting (XSS) - DOM skr0x1c0 Medium 2020-11-23
XSS on opening malicious OpenOffice presentation document Cross-site Scripting (XSS) - DOM skr0x1c0 Medium 2020-11-23
Blind SSRF in /appsuite/api/oxodocumentfilter&action=addfile Server-Side Request Forgery (SSRF) skr0x1c0 Medium 2020-11-23
A specifically designed sieve script can cause a DoS in lib-sieve during sieve script compilation via NULL pointer dereference NULL Pointer Dereference rumata None 2020-10-05
Buffer over read from `smtp_command_parse_parameters` Buffer Over-read catenacyber None 2020-09-21
Failed assert in `mail_index_transaction_lookup` Business Logic Errors catenacyber None 2020-08-27
Pre-auth Denial-of-Service in Dovecot RPA implementation Denial of Service orange Medium 2020-08-13
Pre-auth buffer over-read in Dovecot NTLM implementation Buffer Over-read orange Medium 2020-08-13
Null dereference or redundant null check in `mail_crypt_load_global_private_key` for plugin mail-crypt NULL Pointer Dereference catenacyber Medium 2020-07-07
Out of memory with combination of `test_config_set` and `test_config_reload` Denial of Service catenacyber Medium 2020-07-07
Panic in file smtp-address.c: line 684 (smtp_address_write): assertion failed: (smtp_char_is_qpair(*p)) Denial of Service catenacyber None 2020-06-22
Panic: Input stream data unexpectedly has references Denial of Service catenacyber None 2020-06-22
null dereference in `sieve_address_do_validate` (or redundant null check) NULL Pointer Dereference catenacyber None 2020-06-22
Null pointer deference in call to `mail_get_flags` NULL Pointer Dereference catenacyber None 2020-06-22
SSRF - Guard - Unchecked HKP servers Server-Side Request Forgery (SSRF) zhutyra Medium 2020-06-17
SSRF - Guard - Unchecked WKS servers Server-Side Request Forgery (SSRF) zhutyra Medium 2020-06-17
XSS - Guard - Insufficient escaping of User-IDs from PGP Keys Cross-site Scripting (XSS) - DOM zhutyra Medium 2020-06-17
Null pointer dereference in SMTP server function smtp_string_parse NULL Pointer Dereference catenacyber High 2020-05-18
Use after free in smtp_server_connection_handle_command Use After Free catenacyber Medium 2020-05-18
Multiple buffer over reads in mbox_from_parse Buffer Over-read catenacyber None 2020-04-03
Buffer overread in parse_angle_addr called from message_address_parse_path Buffer Over-read catenacyber None 2020-04-02
Buffer over-reads in i_stream_zlib_read Buffer Over-read catenacyber None 2020-04-01
Null pointer dereference in SMTP server function smtp_command_parse_data_with_size NULL Pointer Dereference catenacyber None 2020-04-01
SSRF - Office Documents - Image URL Server-Side Request Forgery (SSRF) zhutyra No rating 2020-03-25
SSRF - Image Sources in HTML Snippets - 727234 bypass Server-Side Request Forgery (SSRF) zhutyra Medium 2020-02-20
SSRF - URL Attachments - 725307 bypass Server-Side Request Forgery (SSRF) zhutyra Medium 2020-02-20
Unchecked URL in attachment datasource Server-Side Request Forgery (SSRF) zhutyra Medium 2020-02-20
Arbitrary local system file read on open-xchange server Resource Injection pnig0s Critical 2020-01-24
[XSS] Style/Event Filter Bypass v3.0 Cross-site Scripting (XSS) - Stored secator High 2020-01-24
CSRF combined with IDOR within Document Converter exposes files Cross-Site Request Forgery (CSRF) logan5 Medium 2020-01-24
Memory corruption in imap-parser.c Memory Corruption - Generic nick_roessler High 2019-10-24
Another window.opener issue Open Redirect zee_shan Medium 2019-08-15
SSRF in VCARD photo upload functionality Server-Side Request Forgery (SSRF) logan5 Medium 2019-07-05
Blind XXE via Powerpoint files XML External Entities (XXE) mishre Critical 2018-07-23
OX Guard: DOM Based Cross-Site Scripting (#2) Cross-site Scripting (XSS) - Generic dejavuln No rating 2017-12-19
OX Guard: DOM Based Cross-Site Scripting Cross-site Scripting (XSS) - Generic dejavuln No rating 2017-12-19
IDOR - Downloading all attachements if having access to a shared link Information Disclosure inhibitor181 High 2017-09-28
IDOR - Deleting other user's reminders just by id Violation of Secure Design Principles inhibitor181 No rating 2017-09-28
IDOR - Leaking other user's folder names from /appsuite/api/import?action=ICA Information Disclosure inhibitor181 No rating 2017-09-28
IDOR - Deleting other user's signature via /appsuite/api/snippet?action=update (although an error is thrown) Information Disclosure inhibitor181 No rating 2017-09-28
IDOR - Accessing other user's attachements via PUT /appsuite/api/files?action=saveAs Information Disclosure inhibitor181 High 2017-09-28
RTLO character in file names UI Redressing (Clickjacking) inhibitor181 No rating 2017-09-28
Incomplete HTML sanitization + Session id leaking + private information disclosure Information Disclosure inhibitor181 No rating 2017-09-27
IDOR - Folder names disclosure inside a domain, regardless of user Information Disclosure inhibitor181 Low 2017-09-27
Resend invitation to members by Read only user(Privilege Escalation) Privilege Escalation vijay_kumar1110 Medium 2017-08-17
Unauthorized access to attachments details of Private Calendar appointments (Access control issue) Improper Access Control - Generic vijay_kumar1110 High 2017-08-17
Critical : View/Edit access to private appointments of calendar folder by read only user (Vertical privilege escalation) Privilege Escalation vijay_kumar1110 Critical 2017-08-17
Set Cookie Via SVG Violation of Secure Design Principles proabiral Medium 2017-07-03
Reflected Cross-Site Scripting due to vulnerable Flash component (Flashmediaelement.swf) Cross-site Scripting (XSS) - Generic lukasreschke Medium 2017-01-27
Tab nabbing via window.opener Open Redirect haquaman No rating 2016-12-28
Selecting encryption for email with drive attachment overrides the drive email password Information Disclosure haquaman No rating 2016-12-28
Stored XSS in Template Documents Cross-site Scripting (XSS) - Generic haquaman No rating 2016-12-28
OX (Guard): Stored Cross-Site Scripting via Email Attachment Cross-site Scripting (XSS) - Generic dejavuln No rating 2016-11-22
OX (Guard): Stored Cross-Site Scripting via Incoming Email Cross-site Scripting (XSS) - Generic dejavuln No rating 2016-10-27