Skip to content

Latest commit

 

History

History
123 lines (122 loc) · 15.8 KB

TOPOPENXCHANGE.md

File metadata and controls

123 lines (122 loc) · 15.8 KB
Raw

Top reports from Open-Xchange program at HackerOne:

  1. Arbitrary local system file read on open-xchange server to Open-Xchange - 125 upvotes, $2000
  2. Null pointer dereference in SMTP server function smtp_string_parse to Open-Xchange - 105 upvotes, $1500
  3. Blind XXE via Powerpoint files to Open-Xchange - 86 upvotes, $2000
  4. Path Traversal in dict-fs and no-check Escape Character in oauth2-jwt to Open-Xchange - 57 upvotes, $982
  5. CSRF combined with IDOR within Document Converter exposes files to Open-Xchange - 52 upvotes, $500
  6. SSRF - Unchecked Snippet IDs for distributed files to Open-Xchange - 49 upvotes, $1500
  7. SSRF in VCARD photo upload functionality to Open-Xchange - 49 upvotes, $850
  8. OX (Guard): Stored Cross-Site Scripting via Incoming Email to Open-Xchange - 48 upvotes, $1000
  9. Memory corruption in imap-parser.c to Open-Xchange - 46 upvotes, $5000
  10. SSRF - Blacklist bypass for mail account addition to Open-Xchange - 43 upvotes, $500
  11. SSRF - Image Sources in HTML Snippets - 727234 bypass to Open-Xchange - 41 upvotes, $400
  12. [XSS] Style/Event Filter Bypass v3.0 to Open-Xchange - 39 upvotes, $500
  13. SSRF - Office Documents - Image URL to Open-Xchange - 37 upvotes, $450
  14. SSRF - URL Attachments - 725307 bypass to Open-Xchange - 37 upvotes, $400
  15. Another window.opener issue to Open-Xchange - 33 upvotes, $900
  16. SSRF - RSS feed, blacklist bypass (301 re-direct) to Open-Xchange - 33 upvotes, $850
  17. Stored XSS to Open-Xchange - 33 upvotes, $500
  18. SSRF - RSS feed, blacklist bypass (IP Formatting) to Open-Xchange - 32 upvotes, $850
  19. Tab nabbing via window.opener to Open-Xchange - 30 upvotes, $666
  20. Use after free in smtp_server_connection_handle_command to Open-Xchange - 30 upvotes, $500
  21. Set Cookie Via SVG to Open-Xchange - 29 upvotes, $250
  22. Two heap use-after-free errors in IMAP operations to Open-Xchange - 26 upvotes, $1200
  23. Username restriction bypass with SSL client authentication to Open-Xchange - 26 upvotes, $1000
  24. IDOR - Downloading all attachements if having access to a shared link to Open-Xchange - 26 upvotes, $888
  25. Panic: Input stream data unexpectedly has references to Open-Xchange - 21 upvotes, $50
  26. IDOR - Accessing other user's attachements via PUT /appsuite/api/files?action=saveAs to Open-Xchange - 20 upvotes, $888
  27. SSRF in /appsuite/api/autoconfig to Open-Xchange - 20 upvotes, $850
  28. Command Injection via STARTTLS in SMTP to Open-Xchange - 20 upvotes, $350
  29. IDOR - Deleting other user's signature via /appsuite/api/snippet?action=update (although an error is thrown) to Open-Xchange - 20 upvotes, $300
  30. XSS on opening a malicious OpenOffice text document to Open-Xchange - 18 upvotes, $400
  31. OX (Guard): Stored Cross-Site Scripting via Email Attachment to Open-Xchange - 17 upvotes, $300
  32. Dovecot authentication is vulnerable to timing attacks. to Open-Xchange - 16 upvotes, $600
  33. Unchecked URL in attachment datasource to Open-Xchange - 15 upvotes, $850
  34. Another Stored XSS in mail app using Drive app to Open-Xchange - 15 upvotes, $500
  35. XSS - Search - Unescaped contact job to Open-Xchange - 15 upvotes, $450
  36. [IDOR] Deleting other people's tasks to Open-Xchange - 15 upvotes, $300
  37. IDOR - Folder names disclosure inside a domain, regardless of user to Open-Xchange - 15 upvotes, $250
  38. Reflected Cross-Site Scripting due to vulnerable Flash component (Flashmediaelement.swf) to Open-Xchange - 14 upvotes, $500
  39. XSS - Notes - Attribute injection through overlapping tags to Open-Xchange - 14 upvotes, $450
  40. IDOR - Leaking other user's folder names from /appsuite/api/import?action=ICA to Open-Xchange - 14 upvotes, $300
  41. IDOR allow to extract all registered email to Open-Xchange - 14 upvotes, $300
  42. reading the stack data of the imap process to Open-Xchange - 14 upvotes, $50
  43. IDOR - setAttribute action of user object in API to Open-Xchange - 13 upvotes, $400
  44. IDOR - Deleting other user's reminders just by id to Open-Xchange - 13 upvotes, $300
  45. SSRF protection bypass in /appsuite/api/oxodocumentfilter addfile action to Open-Xchange - 12 upvotes, $550
  46. OX Guard: DOM Based Cross-Site Scripting (#2) to Open-Xchange - 12 upvotes, $500
  47. store xss in calendar via upload filename to Open-Xchange - 12 upvotes, $250
  48. IDOR to view other user folder name to Open-Xchange - 12 upvotes, $250
  49. Pre-auth Denial-of-Service in Dovecot RPA implementation to Open-Xchange - 11 upvotes, $550
  50. Stored XSS in mail app to Open-Xchange - 11 upvotes, $500
  51. [XSS] RSS Feed Widget to Open-Xchange - 11 upvotes, $500
  52. Guard WKS lookup: Evil WKS server forces connections to last forever to Open-Xchange - 11 upvotes, $444
  53. access to stack memory beyond array boundaries to Open-Xchange - 11 upvotes, $400
  54. No session expiry after log-out and session id exposed in URL to Open-Xchange - 11 upvotes, $300
  55. [SSRF] PDF documentconverterws to Open-Xchange - 10 upvotes, $850
  56. [XSS/CSRF] filter content-type bypass in Files to Open-Xchange - 10 upvotes, $750
  57. Blind SSRF in /appsuite/api/oxodocumentfilter&action=addfile to Open-Xchange - 10 upvotes, $550
  58. XSS on opening malicious OpenOffice presentation document to Open-Xchange - 9 upvotes, $400
  59. Stored XSS in Template Documents to Open-Xchange - 9 upvotes, $300
  60. A malicious user can upload a malicious script through managesieve and trigger its execution in order to consume almost 100% of CPU (LMTP). to Open-Xchange - 9 upvotes, $300
  61. Buffer over-reads in i_stream_zlib_read to Open-Xchange - 9 upvotes, $50
  62. Buffer over read from smtp_command_parse_parameters to Open-Xchange - 9 upvotes, $50
  63. OX Guard: DOM Based Cross-Site Scripting to Open-Xchange - 8 upvotes, $500
  64. XSS - Calendar - Unescaped common name of appointment participant to Open-Xchange - 8 upvotes, $450
  65. RTLO character in file names to Open-Xchange - 8 upvotes, $250
  66. Incomplete HTML sanitization + Session id leaking + private information disclosure to Open-Xchange - 8 upvotes, $200
  67. Selecting encryption for email with drive attachment overrides the drive email password to Open-Xchange - 8 upvotes, $100
  68. Stored XSS in Email attachment file name to Open-Xchange - 7 upvotes, $500
  69. XSS - Guard - Insufficient escaping of User-IDs from PGP Keys to Open-Xchange - 7 upvotes, $500
  70. XSS on opening malicious OpenOffice presentation document to Open-Xchange - 7 upvotes, $400
  71. Privilege escalation possible in dovecot when similar passdbs are used to Open-Xchange - 6 upvotes, $900
  72. [XSS] Style/Event Filter Bypass v4.0 to Open-Xchange - 6 upvotes, $500
  73. Stored-XSS with user interaction on [sandbox.open-xchange.com] via inserted link in mail to Open-Xchange - 6 upvotes, $500
  74. Adding external participants to unaccessible appointments to Open-Xchange - 6 upvotes, $300
  75. Panic in file smtp-address.c: line 684 (smtp_address_write): assertion failed: (smtp_char_is_qpair(*p)) to Open-Xchange - 6 upvotes, $50
  76. Buffer overflow in sha3 to Open-Xchange - 6 upvotes, $0
  77. Pre-auth buffer over-read in Dovecot NTLM implementation to Open-Xchange - 5 upvotes, $550
  78. A specially crafted message sent to the local delivery agent (LMTP) causes the LMTP child process to issue a panic (call i_panic) to Open-Xchange - 5 upvotes, $450
  79. Recursor accepts unsigned, empty NXDOMAINs in secure zones to Open-Xchange - 5 upvotes, $400
  80. Incomplete fix for CVE-2020-12673 : Specially crafted NTML message leads to buffer over read to Open-Xchange - 5 upvotes, $400
  81. null dereference in sieve_address_do_validate (or redundant null check) to Open-Xchange - 5 upvotes, $50
  82. Null pointer deference in call to mail_get_flags to Open-Xchange - 5 upvotes, $50
  83. Out of memory with combination of test_config_set and test_config_reload to Open-Xchange - 5 upvotes, $50
  84. nginx server vulnerable to Open-Xchange - 5 upvotes, $0
  85. Information About Your System(Sensitive Directories) to Open-Xchange - 5 upvotes, $0
  86. [XSS] Mail <style> v2.0 to Open-Xchange - 4 upvotes, $500
  87. SSRF - Guard - Unchecked HKP servers to Open-Xchange - 4 upvotes, $400
  88. SSRF - Guard - Unchecked WKS servers to Open-Xchange - 4 upvotes, $400
  89. Unauthorized access to attachments details of Private Calendar appointments (Access control issue) to Open-Xchange - 4 upvotes, $200
  90. Directory listing to Open-Xchange - 4 upvotes, $0
  91. command Injection in rawlog binary to Open-Xchange - 4 upvotes, $0
  92. [XSS] content_disposition=inline in files to Open-Xchange - 3 upvotes, $500
  93. [XSS/CSRF] filter content-type bypass in Files v2.0 to Open-Xchange - 3 upvotes, $500
  94. [XSS] Parameter Theme to Open-Xchange - 3 upvotes, $300
  95. [XSS] Forgot password link to Open-Xchange - 3 upvotes, $300
  96. [XSS] select/onchange in TinyMCE via set body to Open-Xchange - 3 upvotes, $300
  97. [XSS] Portal Widget Mail to Open-Xchange - 3 upvotes, $250
  98. Critical : View/Edit access to private appointments of calendar folder by read only user (Vertical privilege escalation) to Open-Xchange - 3 upvotes, $200
  99. Null pointer dereference in SMTP server function smtp_command_parse_data_with_size to Open-Xchange - 3 upvotes, $50
  100. Null dereference or redundant null check in mail_crypt_load_global_private_key for plugin mail-crypt to Open-Xchange - 3 upvotes, $50
  101. Web Browser XSS Protection Not Enabled to Open-Xchange - 3 upvotes, $0
  102. Some build dependencies are downloaded over an insecure channel (without subsequent integrity checks) to Open-Xchange - 3 upvotes, $0
  103. Null pointer dereference in lib-sieve after calling sieve_binary_block_index to Open-Xchange - 3 upvotes, $0
  104. Buffer overread off by one in rpa_read_buffer, incomplete fix for CVE-2020-12674 to Open-Xchange - 2 upvotes, $400
  105. [XSS] Pasting bootstrap in mail compose to Open-Xchange - 2 upvotes, $300
  106. Resend invitation to members by Read only user(Privilege Escalation) to Open-Xchange - 2 upvotes, $200
  107. Buffer overread in parse_angle_addr called from message_address_parse_path to Open-Xchange - 2 upvotes, $50
  108. Multiple buffer over reads in mbox_from_parse to Open-Xchange - 2 upvotes, $50
  109. Failed assert in mail_index_transaction_lookup to Open-Xchange - 2 upvotes, $50
  110. Cross-Site Scripting Vulnerability in dovecot.fi to Open-Xchange - 2 upvotes, $0
  111. Outdated Apache Server in www.dovecot.fi is vulnerable to various attack. to Open-Xchange - 2 upvotes, $0
  112. SSL Certification Expired And TLS Vulnerability to Open-Xchange - 2 upvotes, $0
  113. Directory traversal allows execution of arbitrary binaries usign doveadm exec to Open-Xchange - 2 upvotes, $0
  114. Referer in /servlet/TestServlet to Open-Xchange - 1 upvotes, $300
  115. DIrectory Listing Found to Open-Xchange - 1 upvotes, $0
  116. Apache version disclosure to Open-Xchange - 1 upvotes, $0
  117. Null dereference in mcht_relational_validate ext-relational-common.c:136 to Open-Xchange - 0 upvotes, $50
  118. Null dereference in cmd_denotify_operation_execute to Open-Xchange - 0 upvotes, $50
  119. Assert failed in edit_mail_istream_read to Open-Xchange - 0 upvotes, $50
  120. Missing (or redundant) null check in dcrypt_openssl_sign to Open-Xchange - 0 upvotes, $0
  121. A specifically designed sieve script can cause a DoS in lib-sieve during sieve script compilation via NULL pointer dereference to Open-Xchange - 0 upvotes, $0