exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 26 - 47 of 47

Files from Martin Heiland

OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation

Posted Jun 12, 2020

Authored by Martin Heiland, Johannes Moritz, zee_shan, chbi, Hasan Ali

OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities.

tags | exploit, vulnerability, xss

advisories | CVE-2019-18846, CVE-2020-8541, CVE-2020-8542, CVE-2020-8543, CVE-2020-8544

SHA-256 | 64ac41f600218c8a53f85f7edaf868fd9208d415671cac26f51f2f16940095bb

Download | Favorite | View

Open-Xchange App Suite / Documents Server-Side Request Forgery

Posted Feb 21, 2020

Authored by Martin Heiland

Open-Xchange App Suite and Documents versions 7.10.2 and below suffer from multiple server-side request forgery vulnerabilities.

tags | exploit, vulnerability

advisories | CVE-2019-18846, CVE-2019-9853

SHA-256 | 9e95ed9b8b18b7aa67aa539e677d18a46c58d0f74c70f908ef7a336569ff51e9

Download | Favorite | View

OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control

Posted Jan 2, 2020

Authored by Martin Heiland

Open-Xchange App Suite versions 7.10.2 and below suffer from cross site scripting and improper access control vulnerabilities.

tags | exploit, vulnerability, xss

advisories | CVE-2019-16716, CVE-2019-16717

SHA-256 | f91286e977b72a5c49cfb19cbc8ab36556eed739bb0463e808cd0c851816ff64

Download | Favorite | View

Open-Xchange OX App Suite SSRF / XSS / Information Disclosure / Access Controls

Posted Oct 14, 2019

Authored by MantiS, Martin Heiland, Michael Medvedev, Manas Gupta, hd7exploit

Various Open-Xchange OX App Suite versions suffer from server-side request forgery, cross site scripting, information disclosure, and improper access control vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure

advisories | CVE-2019-14225, CVE-2019-14226, CVE-2019-14227

SHA-256 | 6bbc17512735cd2e68b49123c22dd4e31db09620ca1cc4d07081dd51dda4894a

Download | Favorite | View

Open-Xchange OX App Suite Content Spoofing / Cross Site Scripting

Posted Aug 16, 2019

Authored by Martin Heiland, zee_shan

Open-Xchange OX App Suite suffers from a content spoofing, cross site scripting, and information disclosure vulnerabilities. Versions affected vary depending on the vulnerability.

tags | exploit, spoof, vulnerability, xss, info disclosure

advisories | CVE-2019-11521, CVE-2019-11522, CVE-2019-11806

SHA-256 | 2071c53e872acfa5491162c42ffc088b0353ec35291faf2ce74402fd3c1328d6

Download | Favorite | View

Open-Xchange OX Guard Cross Site Scripting / Signature Validation

Posted Aug 16, 2019

Authored by Hanno Boeck, Juraj Somorovsky, Martin Heiland, Jorg Schwenk, Sebastian Schinzel, Damian Poddebniak, Jens Muller, Marcus Brinkmann

Open-Xchange OX Guard versions 7.10.2 and below suffer from a cross site scripting vulnerability. Open-Xchange OX Guard versions 7.10.1 and below, 2.10.2 and below suffer from a signature validation vulnerability.

tags | exploit, xss

advisories | CVE-2018-9997, CVE-2019-11521

SHA-256 | ea4821effec5ebd51f45bdf732d362fc22eb10a99a7363c2441cceeedc97dfae

Download | Favorite | View

Open-Xchange AppSuite 7.10.1 Information Disclosure / Improper Access Control

Posted Apr 5, 2019

Authored by Martin Heiland

Open-Xchange AppSuite versions 7.10.1 and below suffer from information exposure and improper access control vulnerabilities.

tags | exploit, vulnerability, info disclosure

advisories | CVE-2019-7158, CVE-2019-7159

SHA-256 | a722921e6fddc3e83ee1b00bdf589f283a0af7624c6b56c8422fdc8435786cc9

Download | Favorite | View

Open-Xchange OX App Suite Cross Site Scripting / SSRF

Posted Jan 21, 2019

Authored by Martin Heiland, Secator, Zhihua Yao, stemcloud, Gamal negm eldin

Open-Xchange OX App Suite suffers from cross site scripting and server-side request forgery vulnerabilities. The vulnerabilities spawn a multitude of versions.

tags | exploit, vulnerability, xss

advisories | CVE-2018-13103, CVE-2018-13104

SHA-256 | 24e2155c543cabcd184eee8f58682b0f7854489ae93e4d51a85b793fe3464e40

Download | Favorite | View

OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal

Posted Jun 8, 2018

Authored by Martin Heiland

OX App Suite versions 7.8.4 and below suffer from cross site scripting, improper privilege management, content spoofing, server-side request forgery, and path traversal vulnerabilities.

tags | exploit, spoof, vulnerability, xss

advisories | CVE-2017-17062, CVE-2018-5751, CVE-2018-5752, CVE-2018-5753, CVE-2018-5754, CVE-2018-5755, CVE-2018-5756

SHA-256 | b05b1425ad2ad09c94d5f8ea14683797a289d6404376b147dc5a8333076d15fc

Download | Favorite | View

Open-Xchange Guard 2.4.2 Cross Site Scripting

Posted Sep 13, 2016

Authored by Martin Heiland, Benjamin Daniel Mussler

Open-Xchange Guard versions 2.4.2 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

advisories | CVE-2016-6851, CVE-2016-6853, CVE-2016-6854

SHA-256 | b6b00b94ecd8a6eb1ccee7f194f7bf72d2f3738376ca2774dec5ff0fb5b81020

Download | Favorite | View

Open-Xchange App Suite 7.8.2 Cross Site Scripting

Posted Sep 13, 2016

Authored by Martin Heiland

Open-Xchange App Suite versions 7.8.2 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

advisories | CVE-2016-5740

SHA-256 | 357ca5858f8f3f0f5e8af6faa2268fb1efd131b5eada5dfc41eb2ddb9239f572

Download | Favorite | View

Open-Xchange App Suite 7.8.1 Cross Site Scripting

Posted Jul 13, 2016

Authored by Martin Heiland

Open-Xchange App Suite version 7.8.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

advisories | CVE-2016-5124

SHA-256 | 54885411364ea66a6a88cc613ff3399708f6b52cbe59e735d9647a8e158559b8

Download | Favorite | View

Open-Xchange App Suite 7.8.1 Information Disclosure

Posted Jun 22, 2016

Authored by Martin Heiland

Open-Xchange App Suite versions 7.8.1 and below suffer from an information disclosure vulnerability.

tags | exploit, info disclosure

advisories | CVE-2016-4027

SHA-256 | 27b0e6e0ca5abeb66f30b28d40b4ac9eb51c5bb7ed4b48985aba9a1fe1586857

Download | Favorite | View

Open-Xchange Guard 2.2.0 / 2.0 Private Key Disclosure

Posted Mar 3, 2016

Authored by Martin Heiland

Open-Xchange Guard versions 2.2.0 and 2.0 suffer from a PGP private key disclosure vulnerability.

tags | advisory, info disclosure

advisories | CVE-2015-8542

SHA-256 | 26dcd04d04fbbbfbc871d177446f464caec77c184534a45f0c096d98ce63bc0f

Download | Favorite | View

Open-Xchange Guard 2.0 Cross Site Scripting

Posted Nov 17, 2015

Authored by Martin Heiland, Eduard Hauck

Open-Xchange Guard version 2.0 suffers from a cross site scripting vulnerability.

tags | advisory, xss

advisories | CVE-2015-7385

SHA-256 | 888154affc2ef5c3a8d0c97e1dc560312910892473344310de9e89d6ca8fcd4c

Download | Favorite | View

Open-Xchange Server 6 / OX AppSuite Cross Site Scripting

Posted Sep 23, 2015

Authored by Martin Heiland

Open-Xchange Server 6 version 6.22.9 and AppSuite versions 7.6.2 and below suffer from a cross site scripting vulnerability.

tags | advisory, xss

advisories | CVE-2015-5375

SHA-256 | c9c4d8ccdad8eb8bf72cebfe60896e103804e4d5ce9efd53ba50b89a83af98c9

Download | Favorite | View

Guard 2.0.0-rev7 SQL Injection

Posted Sep 23, 2015

Authored by Martin Heiland

Guard versions 2.0.0-rev7 and below suffer from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection

advisories | CVE-2015-5703

SHA-256 | 3c809640481eb4fdb7281fa918f2ac3bef55825d59b63af8b4673e6934d06de1

Download | Favorite | View

Open-Xchange Server 6 / OX AppSuite Cross Site Scripting

Posted Apr 27, 2015

Authored by Martin Heiland

Open-Xchange Server 6 and OX AppSuite versions 7.6.1 and below suffer from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss

advisories | CVE-2015-1588

SHA-256 | 0631e8cc651e7c9442b7d94ef0687aa105118b9d15a7f3df9861fe4949e88104

Download | Favorite | View

Open-Xchange Server 6 / OX AppSuite 7.6.1 Exposure

Posted Feb 12, 2015

Authored by Martin Heiland

Open-Xchange Server 6 / OX AppSuite suffers from an information exposure vulnerability in versions 7.6.1 and below.

tags | advisory

advisories | CVE-2014-9466

SHA-256 | 8229982ea2c858877843bfc93dec828d259e06e7d9ea4893899722e0857cf8f5

Download | Favorite | View

Open-Xchange Server 6 / OX AppSuite 7.6.1 Cross Site Scripting

Posted Jan 5, 2015

Authored by Martin Heiland, John de Kroon

Open-Xchange Server 6 / OX AppSuite versions 7.6.1 and below suffer from a cross site scripting vulnerability.

tags | advisory, xss

advisories | CVE-2014-8993

SHA-256 | 082a1460b2f65e6b4b3397a9ef978268baecb50e15bea63170fa4f7b077f109b

Download | Favorite | View

OX App Suite 7.6.0 SQL Injection

Posted Nov 7, 2014

Authored by Martin Heiland

OX App Suite versions 7.6.0 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

advisories | CVE-2014-7871

SHA-256 | e90b305cda305ae3ab8aaa3cf59b529eb43f81db98e02e577ac0b8865f49f4a4

Download | Favorite | View

Open-Xchange 7.6.0 XSS / SSRF / Traversal

Posted Sep 15, 2014

Authored by Martin Heiland

Open-Xchange versions 7.6.0 and below suffer from absolute path traversal, server-side request forgery, XXE injection, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, file inclusion, xxe

advisories | CVE-2014-5234, CVE-2014-5235, CVE-2014-5236, CVE-2014-5237, CVE-2014-5238

SHA-256 | a67a92350a6eb49fcfcd83bb5f4009ea48632c5c129805bdc644ed7b80ed0a6b

Download | Favorite | View