Group-Office Multiple Security Bypass Vulnerabilities
BID:23925
Info
Group-Office Multiple Security Bypass Vulnerabilities
| Bugtraq ID: | 23925 |
| Class: | Design Error |
| CVE: |
CVE-2007-2720 |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | The vendor reported these issues. |
| Vulnerable: |
Group-Office Group-Office 2.16-12 |
| Not Vulnerable: |
Group-Office Group-Office 2.16-15 |
Discussion
Group-Office Multiple Security Bypass Vulnerabilities
Group-Office is prone to a security-bypass vulnerability due to a design error.
Successful exploits may allow attackers to obtain access to email accounts of victim users, bypassing application security restrictions.
Group-Office 2.16-12 and prior versions are reported vulnerable; other versions may also be affected.
Group-Office is prone to a security-bypass vulnerability due to a design error.
Successful exploits may allow attackers to obtain access to email accounts of victim users, bypassing application security restrictions.
Group-Office 2.16-12 and prior versions are reported vulnerable; other versions may also be affected.
Exploit / POC
Group-Office Multiple Security Bypass Vulnerabilities
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
Group-Office Multiple Security Bypass Vulnerabilities
Solution:
The vendor has released version 2.16-13 to address these issues. Please see the references for more information.
Group-Office Group-Office 2.16-12
Solution:
The vendor has released version 2.16-13 to address these issues. Please see the references for more information.
Group-Office Group-Office 2.16-12
-
Cuyahoga groupoffice-com-2.16-15.tar.gz
http://internap.dl.sourceforge.net/sourceforge/group-office/groupoffic e-com-2.16-15.tar.gz
References
Group-Office Multiple Security Bypass Vulnerabilities
References:
References:
- Group-Office File Release Notes and Changelog (Group-Office)
- Group-Office Web Site (Group-Office)