CVE-2016-2840
published 2016-12-15CVE-2016-2840: An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject…
PriorityP427medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.64%
73.4th percentile
An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| open-xchange | open-xchange_appsuite | <= 7.8.0 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7pfx-7xwq-x3pm: An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7
ghsa_unreviewed·2022-05-14
CVE-2016-2840 [MEDIUM] CWE-79 GHSA-7pfx-7xwq-x3pm: An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7
An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context. While no OX App Suite specific data can be manipulated, the vulnerability can be exploited without being authenticated and therefore used for social engineering attacks, stealing cookies or redirecting from trustworthy to malicious hosts.
Red Hat
chromium-browser: info leak in extensions
vendor_redhat·2016-11-09·CVSS 6.5
CVE-2016-5201 [MEDIUM] chromium-browser: info leak in extensions
chromium-browser: info leak in extensions
A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page.
Red Hat
chromium-browser: various fixes from internal audits
vendor_redhat·2016-11-09·CVSS 9.1
CVE-2016-5202 [CRITICAL] chromium-browser: various fixes from internal audits
chromium-browser: various fixes from internal audits
browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy.
Red Hat
chromium-browser: heap corruption in ffmpeg
vendor_redhat·2016-11-09·CVSS 8.8
CVE-2016-5199 [HIGH] chromium-browser: heap corruption in ffmpeg
chromium-browser: heap corruption in ffmpeg
An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
Red Hat
chromium-browser: out of bounds memory access in v8
vendor_redhat·2016-11-09·CVSS 8.8
CVE-2016-5200 [HIGH] chromium-browser: out of bounds memory access in v8
chromium-browser: out of bounds memory access in v8
V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Red Hat
chromium-browser: out of bounds memory access in v8
vendor_redhat·2016-11-01·CVSS 8.8
CVE-2016-5198 [HIGH] chromium-browser: out of bounds memory access in v8
chromium-browser: out of bounds memory access in v8
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
Red Hat
chromium-browser: out of bounds read in devtools
vendor_redhat·2016-10-12·CVSS 5.3
CVE-2016-5186 [MEDIUM] chromium-browser: out of bounds read in devtools
chromium-browser: out of bounds read in devtools
Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.
Red Hat
chromium-browser: universal xss in bookmarks
vendor_redhat·2016-10-12·CVSS 6.1
CVE-2016-5191 [MEDIUM] chromium-browser: universal xss in bookmarks
chromium-browser: universal xss in bookmarks
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:[email protected] URL.
Red Hat
chromium-browser: use after free in pdfium
vendor_redhat·2016-10-12·CVSS 8.8
CVE-2016-5183 [HIGH] chromium-browser: use after free in pdfium
chromium-browser: use after free in pdfium
A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.
Red Hat
chromium-browser: various fixes from internal audits
vendor_redhat·2016-10-12·CVSS 9.8
CVE-2016-5194 [CRITICAL] chromium-browser: various fixes from internal audits
chromium-browser: various fixes from internal audits
Unspecified vulnerabilities in Google Chrome before 54.0.2840.59.
Red Hat
chromium-browser: universal xss in blink
vendor_redhat·2016-10-12·CVSS 6.1
CVE-2016-5181 [MEDIUM] chromium-browser: universal xss in blink
chromium-browser: universal xss in blink
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages.
Red Hat
chromium-browser: url spoofing
vendor_redhat·2016-10-12·CVSS 6.5
CVE-2016-5187 [MEDIUM] chromium-browser: url spoofing
chromium-browser: url spoofing
Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of full screen mode, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
Red Hat
chromium-browser: url spoofing
vendor_redhat·2016-10-12·CVSS 6.5
CVE-2016-5189 [MEDIUM] chromium-browser: url spoofing
chromium-browser: url spoofing
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted navigation to blob URLs with non-canonical origins, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via crafted HTML pages.
Red Hat
chromium-browser: use after free in pdfium
vendor_redhat·2016-10-12·CVSS 8.8
CVE-2016-5184 [HIGH] chromium-browser: use after free in pdfium
chromium-browser: use after free in pdfium
PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.
Red Hat
chromium-browser: ui spoofing
vendor_redhat·2016-10-12·CVSS 4.3
CVE-2016-5188 [MEDIUM] chromium-browser: ui spoofing
chromium-browser: ui spoofing
Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.
Red Hat
chromium-browser: cross-origin bypass in blink
vendor_redhat·2016-10-12·CVSS 6.5
CVE-2016-5192 [MEDIUM] chromium-browser: cross-origin bypass in blink
chromium-browser: cross-origin bypass in blink
Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrackLoader, which allowed a remote attacker to bypass cross-origin restrictions via crafted HTML pages.
Red Hat
chromium-browser: use after free in blink
vendor_redhat·2016-10-12·CVSS 8.8
CVE-2016-5185 [HIGH] chromium-browser: use after free in blink
chromium-browser: use after free in blink
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly allowed reentrance of FrameView::updateLifecyclePhasesInternal(), which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
Red Hat
chromium-browser: use after free in internals
vendor_redhat·2016-10-12·CVSS 6.3
CVE-2016-5190 [MEDIUM] chromium-browser: use after free in internals
chromium-browser: use after free in internals
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
Red Hat
chromium-browser: heap overflow in blink
vendor_redhat·2016-10-12·CVSS 8.8
CVE-2016-5182 [HIGH] chromium-browser: heap overflow in blink
chromium-browser: heap overflow in blink
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/archive/1/537959/100/0/threadedhttp://www.securitytracker.com/id/1035469http://packetstormsecurity.com/files/136543/Open-Xchange-7.8.0-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/archive/1/537959/100/0/threadedhttp://www.securitytracker.com/id/1035469
2016-12-15
Published