Ludovic Marcotte

3 exploits Active since Feb 2017
CVE-2016-6189 WRITEUP MEDIUM WRITEUP
SOGo < 2.3.12 and 3.x < 3.1.1 - Authenticated Information Disclosure via Calendar Feed Fields
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.
CVSS 4.3
CVE-2016-6190 WRITEUP MEDIUM WRITEUP
SOGo <2.3.12-3.1.1 - Info Disclosure
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.
CVSS 4.3
CVE-2015-5395 WRITEUP HIGH WRITEUP
SOGo <3.1.0 - CSRF
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.
CVSS 8.8