| Guard WKS lookup: Evil WKS server forces connections to last forever |
Denial of Service |
afewgoats |
Low |
2021-12-07 |
| access to stack memory beyond array boundaries |
Memory Corruption - Generic |
ihsinme |
Medium |
2021-12-03 |
| Path Traversal in dict-fs and no-check Escape Character in oauth2-jwt |
Path Traversal |
northsea |
Medium |
2021-09-07 |
| Command Injection via STARTTLS in SMTP |
Cryptographic Issues - Generic |
murgi |
Medium |
2021-06-21 |
| A malicious user can upload a malicious script through managesieve and trigger its execution in order to consume almost 100% of CPU (LMTP). |
Denial of Service |
rumata |
Medium |
2021-06-21 |
| SSRF - Unchecked Snippet IDs for distributed files |
Server-Side Request Forgery (SSRF) |
zhutyra |
High |
2021-05-01 |
| SSRF protection bypass in /appsuite/api/oxodocumentfilter addfile action |
Server-Side Request Forgery (SSRF) |
skr0x1c0 |
Medium |
2020-11-27 |
| XSS on opening malicious OpenOffice presentation document |
Cross-site Scripting (XSS) - DOM |
skr0x1c0 |
Medium |
2020-11-27 |
| XSS on opening a malicious OpenOffice text document |
Cross-site Scripting (XSS) - DOM |
skr0x1c0 |
Medium |
2020-11-23 |
| XSS on opening malicious OpenOffice presentation document |
Cross-site Scripting (XSS) - DOM |
skr0x1c0 |
Medium |
2020-11-23 |
| Blind SSRF in /appsuite/api/oxodocumentfilter&action=addfile |
Server-Side Request Forgery (SSRF) |
skr0x1c0 |
Medium |
2020-11-23 |
| A specifically designed sieve script can cause a DoS in lib-sieve during sieve script compilation via NULL pointer dereference |
NULL Pointer Dereference |
rumata |
None |
2020-10-05 |
| Buffer over read from `smtp_command_parse_parameters` |
Buffer Over-read |
catenacyber |
None |
2020-09-21 |
| Failed assert in `mail_index_transaction_lookup` |
Business Logic Errors |
catenacyber |
None |
2020-08-27 |
| Pre-auth Denial-of-Service in Dovecot RPA implementation |
Denial of Service |
orange |
Medium |
2020-08-13 |
| Pre-auth buffer over-read in Dovecot NTLM implementation |
Buffer Over-read |
orange |
Medium |
2020-08-13 |
| Null dereference or redundant null check in `mail_crypt_load_global_private_key` for plugin mail-crypt |
NULL Pointer Dereference |
catenacyber |
Medium |
2020-07-07 |
| Out of memory with combination of `test_config_set` and `test_config_reload` |
Denial of Service |
catenacyber |
Medium |
2020-07-07 |
| Panic in file smtp-address.c: line 684 (smtp_address_write): assertion failed: (smtp_char_is_qpair(*p)) |
Denial of Service |
catenacyber |
None |
2020-06-22 |
| Panic: Input stream data unexpectedly has references |
Denial of Service |
catenacyber |
None |
2020-06-22 |
| null dereference in `sieve_address_do_validate` (or redundant null check) |
NULL Pointer Dereference |
catenacyber |
None |
2020-06-22 |
| Null pointer deference in call to `mail_get_flags` |
NULL Pointer Dereference |
catenacyber |
None |
2020-06-22 |
| SSRF - Guard - Unchecked HKP servers |
Server-Side Request Forgery (SSRF) |
zhutyra |
Medium |
2020-06-17 |
| SSRF - Guard - Unchecked WKS servers |
Server-Side Request Forgery (SSRF) |
zhutyra |
Medium |
2020-06-17 |
| XSS - Guard - Insufficient escaping of User-IDs from PGP Keys |
Cross-site Scripting (XSS) - DOM |
zhutyra |
Medium |
2020-06-17 |
| Null pointer dereference in SMTP server function smtp_string_parse |
NULL Pointer Dereference |
catenacyber |
High |
2020-05-18 |
| Use after free in smtp_server_connection_handle_command |
Use After Free |
catenacyber |
Medium |
2020-05-18 |
| Multiple buffer over reads in mbox_from_parse |
Buffer Over-read |
catenacyber |
None |
2020-04-03 |
| Buffer overread in parse_angle_addr called from message_address_parse_path |
Buffer Over-read |
catenacyber |
None |
2020-04-02 |
| Buffer over-reads in i_stream_zlib_read |
Buffer Over-read |
catenacyber |
None |
2020-04-01 |
| Null pointer dereference in SMTP server function smtp_command_parse_data_with_size |
NULL Pointer Dereference |
catenacyber |
None |
2020-04-01 |
| SSRF - Office Documents - Image URL |
Server-Side Request Forgery (SSRF) |
zhutyra |
No rating |
2020-03-25 |
| SSRF - Image Sources in HTML Snippets - 727234 bypass |
Server-Side Request Forgery (SSRF) |
zhutyra |
Medium |
2020-02-20 |
| SSRF - URL Attachments - 725307 bypass |
Server-Side Request Forgery (SSRF) |
zhutyra |
Medium |
2020-02-20 |
| Unchecked URL in attachment datasource |
Server-Side Request Forgery (SSRF) |
zhutyra |
Medium |
2020-02-20 |
| Arbitrary local system file read on open-xchange server |
Resource Injection |
pnig0s |
Critical |
2020-01-24 |
| [XSS] Style/Event Filter Bypass v3.0 |
Cross-site Scripting (XSS) - Stored |
secator |
High |
2020-01-24 |
| CSRF combined with IDOR within Document Converter exposes files |
Cross-Site Request Forgery (CSRF) |
logan5 |
Medium |
2020-01-24 |
| Memory corruption in imap-parser.c |
Memory Corruption - Generic |
nick_roessler |
High |
2019-10-24 |
| Another window.opener issue |
Open Redirect |
zee_shan |
Medium |
2019-08-15 |
| SSRF in VCARD photo upload functionality |
Server-Side Request Forgery (SSRF) |
logan5 |
Medium |
2019-07-05 |
| Blind XXE via Powerpoint files |
XML External Entities (XXE) |
mishre |
Critical |
2018-07-23 |
| OX Guard: DOM Based Cross-Site Scripting (#2) |
Cross-site Scripting (XSS) - Generic |
dejavuln |
No rating |
2017-12-19 |
| OX Guard: DOM Based Cross-Site Scripting |
Cross-site Scripting (XSS) - Generic |
dejavuln |
No rating |
2017-12-19 |
| IDOR - Downloading all attachements if having access to a shared link |
Information Disclosure |
inhibitor181 |
High |
2017-09-28 |
| IDOR - Deleting other user's reminders just by id |
Violation of Secure Design Principles |
inhibitor181 |
No rating |
2017-09-28 |
| IDOR - Leaking other user's folder names from /appsuite/api/import?action=ICA |
Information Disclosure |
inhibitor181 |
No rating |
2017-09-28 |
| IDOR - Deleting other user's signature via /appsuite/api/snippet?action=update (although an error is thrown) |
Information Disclosure |
inhibitor181 |
No rating |
2017-09-28 |
| IDOR - Accessing other user's attachements via PUT /appsuite/api/files?action=saveAs |
Information Disclosure |
inhibitor181 |
High |
2017-09-28 |
| RTLO character in file names |
UI Redressing (Clickjacking) |
inhibitor181 |
No rating |
2017-09-28 |
| Incomplete HTML sanitization + Session id leaking + private information disclosure |
Information Disclosure |
inhibitor181 |
No rating |
2017-09-27 |
| IDOR - Folder names disclosure inside a domain, regardless of user |
Information Disclosure |
inhibitor181 |
Low |
2017-09-27 |
| Resend invitation to members by Read only user(Privilege Escalation) |
Privilege Escalation |
vijay_kumar1110 |
Medium |
2017-08-17 |
| Unauthorized access to attachments details of Private Calendar appointments (Access control issue) |
Improper Access Control - Generic |
vijay_kumar1110 |
High |
2017-08-17 |
| Critical : View/Edit access to private appointments of calendar folder by read only user (Vertical privilege escalation) |
Privilege Escalation |
vijay_kumar1110 |
Critical |
2017-08-17 |
| Set Cookie Via SVG |
Violation of Secure Design Principles |
proabiral |
Medium |
2017-07-03 |
| Reflected Cross-Site Scripting due to vulnerable Flash component (Flashmediaelement.swf) |
Cross-site Scripting (XSS) - Generic |
lukasreschke |
Medium |
2017-01-27 |
| Tab nabbing via window.opener |
Open Redirect |
haquaman |
No rating |
2016-12-28 |
| Selecting encryption for email with drive attachment overrides the drive email password |
Information Disclosure |
haquaman |
No rating |
2016-12-28 |
| Stored XSS in Template Documents |
Cross-site Scripting (XSS) - Generic |
haquaman |
No rating |
2016-12-28 |
| OX (Guard): Stored Cross-Site Scripting via Email Attachment |
Cross-site Scripting (XSS) - Generic |
dejavuln |
No rating |
2016-11-22 |
| OX (Guard): Stored Cross-Site Scripting via Incoming Email |
Cross-site Scripting (XSS) - Generic |
dejavuln |
No rating |
2016-10-27 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles