Robert Scheck

**Name of the Vulnerable Software and Affected Versions** Zarafa WebApp versions prior to 2.0 beta 3 Zarafa Collaboration Platform (ZCP) versions 7.0.x through 7.1.11 and 7.2.x prior to 7.2.0 beta 1 **Description** The issue allows remote attackers to cause a denial of service by consuming disk space in /tmp through the upload of a large number of files. This is related to the senddocument.php file in Zarafa WebApp and WebAccess in Zarafa Collaboration Platform. **Recommendations** For Zarafa WebApp versions prior to 2.0 beta 3, update to version 2.0 beta 3 or later. For Zarafa Collaboration Platform (ZCP) versions 7.0.x through 7.1.11, update to version 7.1.12 beta 1 or later. For Zarafa Collaboration Platform (ZCP) versions 7.2.x prior to 7.2.0 beta 1, update to version 7.2.0 beta 1 or later.

**Name of the Vulnerable Software and Affected Versions** Zarafa WebAccess version 4.1 Zarafa WebApp (affected versions not specified) **Description** The issue allows local users to obtain sensitive information by reading temporary session data due to world-readable permissions for the files in the tmp directory. **Recommendations** For Zarafa WebAccess version 4.1, consider changing the permissions of the tmp directory to restrict access to sensitive information. For Zarafa WebApp, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zarafa WebAccess versions prior to 7.1.10 Zarafa WebApp versions prior to 1.6 **Description** The issue allows local Apache users to obtain sensitive information by reading the PHP session files, as credentials are stored in cleartext. **Recommendations** For Zarafa WebAccess versions prior to 7.1.10, update to version 7.1.10 or later. For Zarafa WebApp versions prior to 1.6, update to version 1.6 or later.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 2.11.9.1 **Description** The issue allows remote authenticated users to execute arbitrary code. This is achieved by sending a request to the "server databases.php" endpoint with a `sort by` parameter that contains PHP sequences. These sequences are then processed by the `create function` function, enabling the execution of arbitrary code. **Recommendations** For versions prior to 2.11.9.1, update to version 2.11.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "server databases.php" endpoint or disabling the `create function` function until a patch is applied. Avoid using the `sort by` parameter in the affected endpoint until the issue is resolved.