Webapp

webapp

Vendor: Zarafa • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-9465 2Fedoraproject Zarafa 3Fedora WebappZarafa Collaboration Platform May 6, 2026 Feb 19, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp d...Show more senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.Show less
CVE-2014-5449 1Zarafa 2Webaccess Webapp May 6, 2026 Oct 20, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
CVE-2014-5447 1Zarafa 2Webapp Zarafa May 6, 2026 Oct 20, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because...Show more Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.Show less
CVE-2014-0103 2Fedoraproject Zarafa 3Fedora WebappZarafa May 6, 2026 Jul 29, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.