TOPOPENXCHANGE.md

Back

Top reports from Open-Xchange program at HackerOne:

1. Arbitrary local system file read on open-xchange server to Open-Xchange - 124 upvotes, $2000
2. Null pointer dereference in SMTP server function smtp_string_parse to Open-Xchange - 103 upvotes, $1500
3. Blind XXE via Powerpoint files to Open-Xchange - 81 upvotes, $2000
4. SSRF in VCARD photo upload functionality to Open-Xchange - 49 upvotes, $850
5. OX (Guard): Stored Cross-Site Scripting via Incoming Email to Open-Xchange - 48 upvotes, $1000
6. CSRF combined with IDOR within Document Converter exposes files to Open-Xchange - 48 upvotes, $500
7. Memory corruption in imap-parser.c to Open-Xchange - 46 upvotes, $5000
8. SSRF - Blacklist bypass for mail account addition to Open-Xchange - 43 upvotes, $500
9. SSRF - Image Sources in HTML Snippets - 727234 bypass to Open-Xchange - 41 upvotes, $400
10. [XSS] Style/Event Filter Bypass v3.0 to Open-Xchange - 39 upvotes, $500
11. SSRF - Office Documents - Image URL to Open-Xchange - 37 upvotes, $450
12. SSRF - URL Attachments - 725307 bypass to Open-Xchange - 36 upvotes, $400
13. SSRF - RSS feed, blacklist bypass (301 re-direct) to Open-Xchange - 33 upvotes, $850
14. SSRF - RSS feed, blacklist bypass (IP Formatting) to Open-Xchange - 32 upvotes, $850
15. Stored XSS to Open-Xchange - 32 upvotes, $500
16. Another window.opener issue to Open-Xchange - 31 upvotes, $900
17. Use after free in smtp_server_connection_handle_command to Open-Xchange - 29 upvotes, $500
18. Tab nabbing via window.opener to Open-Xchange - 28 upvotes, $666
19. Set Cookie Via SVG to Open-Xchange - 28 upvotes, $250
20. Two heap use-after-free errors in IMAP operations to Open-Xchange - 26 upvotes, $1200
21. Username restriction bypass with SSL client authentication to Open-Xchange - 25 upvotes, $1000
22. IDOR - Downloading all attachements if having access to a shared link to Open-Xchange - 24 upvotes, $888
23. SSRF in /appsuite/api/autoconfig to Open-Xchange - 20 upvotes, $850
24. IDOR - Accessing other user's attachements via PUT /appsuite/api/files?action=saveAs to Open-Xchange - 18 upvotes, $888
25. OX (Guard): Stored Cross-Site Scripting via Email Attachment to Open-Xchange - 17 upvotes, $300
26. IDOR - Deleting other user's signature via /appsuite/api/snippet?action=update (although an error is thrown) to Open-Xchange - 17 upvotes, $300
27. Dovecot authentication is vulnerable to timing attacks. to Open-Xchange - 16 upvotes, $600
28. Unchecked URL in attachment datasource to Open-Xchange - 15 upvotes, $850
29. Reflected Cross-Site Scripting due to vulnerable Flash component (Flashmediaelement.swf) to Open-Xchange - 14 upvotes, $500
30. Another Stored XSS in mail app using Drive app to Open-Xchange - 14 upvotes, $500
31. IDOR - Leaking other user's folder names from /appsuite/api/import?action=ICA to Open-Xchange - 13 upvotes, $300
32. IDOR - Deleting other user's reminders just by id to Open-Xchange - 12 upvotes, $300
33. IDOR - Folder names disclosure inside a domain, regardless of user to Open-Xchange - 12 upvotes, $250
34. store xss in calendar via upload filename to Open-Xchange - 12 upvotes, $250
35. OX Guard: DOM Based Cross-Site Scripting (#2) to Open-Xchange - 11 upvotes, $500
36. [XSS] RSS Feed Widget to Open-Xchange - 11 upvotes, $500
37. IDOR - setAttribute action of user object in API to Open-Xchange - 11 upvotes, $400
38. [IDOR] Deleting other people's tasks to Open-Xchange - 11 upvotes, $300
39. IDOR allow to extract all registered email to Open-Xchange - 11 upvotes, $300
40. Stored XSS in mail app to Open-Xchange - 10 upvotes, $500
41. IDOR to view other user folder name to Open-Xchange - 10 upvotes, $250
42. [SSRF] PDF documentconverterws to Open-Xchange - 9 upvotes, $850
43. [XSS/CSRF] filter content-type bypass in Files to Open-Xchange - 9 upvotes, $750
44. Stored XSS in Template Documents to Open-Xchange - 9 upvotes, $300
45. No session expiry after log-out and session id exposed in URL to Open-Xchange - 9 upvotes, $300
46. Buffer over-reads in i_stream_zlib_read to Open-Xchange - 9 upvotes, $50
47. OX Guard: DOM Based Cross-Site Scripting to Open-Xchange - 8 upvotes, $500
48. RTLO character in file names to Open-Xchange - 8 upvotes, $250
49. Incomplete HTML sanitization + Session id leaking + private information disclosure to Open-Xchange - 8 upvotes, $200
50. Selecting encryption for email with drive attachment overrides the drive email password to Open-Xchange - 8 upvotes, $100
51. Stored XSS in Email attachment file name to Open-Xchange - 7 upvotes, $500
52. [XSS] Style/Event Filter Bypass v4.0 to Open-Xchange - 6 upvotes, $500
53. Stored-XSS with user interaction on [sandbox.open-xchange.com] via inserted link in mail to Open-Xchange - 6 upvotes, $500
54. Adding external participants to unaccessible appointments to Open-Xchange - 6 upvotes, $300
55. Buffer overflow in sha3 to Open-Xchange - 6 upvotes, $0
56. Recursor accepts unsigned, empty NXDOMAINs in secure zones to Open-Xchange - 5 upvotes, $400
57. nginx server vulnerable to Open-Xchange - 5 upvotes, $0
58. Information About Your System(Sensitive Directories) to Open-Xchange - 5 upvotes, $0
59. [XSS] Mail <style> v2.0 to Open-Xchange - 4 upvotes, $500
60. command Injection in rawlog binary to Open-Xchange - 4 upvotes, $0
61. [XSS/CSRF] filter content-type bypass in Files v2.0 to Open-Xchange - 3 upvotes, $500
62. [XSS] Parameter Theme to Open-Xchange - 3 upvotes, $300
63. [XSS] Portal Widget Mail to Open-Xchange - 3 upvotes, $250
64. Critical : View/Edit access to private appointments of calendar folder by read only user (Vertical privilege escalation) to Open-Xchange - 3 upvotes, $200
65. Unauthorized access to attachments details of Private Calendar appointments (Access control issue) to Open-Xchange - 3 upvotes, $200
66. Null pointer dereference in SMTP server function smtp_command_parse_data_with_size to Open-Xchange - 3 upvotes, $50
67. [XSS] content_disposition=inline in files to Open-Xchange - 2 upvotes, $500
68. [XSS] Forgot password link to Open-Xchange - 2 upvotes, $300
69. [XSS] select/onchange in TinyMCE via set body to Open-Xchange - 2 upvotes, $300
70. [XSS] Pasting bootstrap in mail compose to Open-Xchange - 2 upvotes, $300
71. Resend invitation to members by Read only user(Privilege Escalation) to Open-Xchange - 2 upvotes, $200
72. Buffer overread in parse_angle_addr called from message_address_parse_path to Open-Xchange - 2 upvotes, $50
73. Multiple buffer over reads in mbox_from_parse to Open-Xchange - 2 upvotes, $50
74. Directory listing to Open-Xchange - 2 upvotes, $0
75. Web Browser XSS Protection Not Enabled to Open-Xchange - 2 upvotes, $0
76. SSL Certification Expired And TLS Vulnerability to Open-Xchange - 2 upvotes, $0
77. Referer in /servlet/TestServlet to Open-Xchange - 1 upvotes, $300
78. Cross-Site Scripting Vulnerability in dovecot.fi to Open-Xchange - 1 upvotes, $0
79. DIrectory Listing Found to Open-Xchange - 1 upvotes, $0
80. Apache version disclosure to Open-Xchange - 1 upvotes, $0
81. Outdated Apache Server in www.dovecot.fi is vulnerable to various attack. to Open-Xchange - 1 upvotes, $0
82. Missing (or redundant) null check in dcrypt_openssl_sign to Open-Xchange - 0 upvotes, $0

Back