NotCVE - vendor:"Citadel"

Page 2 of 16 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-27741

https://notcve.org/view.php?id=CVE-2020-27741

Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Citadel WebCit versiones hasta 926, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio de múltiples páginas y parámetros. NOTA: esto se reportó al proveedor en un hilo o subproceso "Multiple Security Vulnerabilities in WebCit 926" archivado públicamente • http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834 https://www.citadel.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-27740

https://notcve.org/view.php?id=CVE-2020-27740

Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread. Citadel WebCit versiones hasta 926, permite a atacantes remotos no autenticados enumerar usuarios válidos dentro de la plataforma. NOTA: esto se reportó al proveedor en un hilo o subproceso "Multiple Security Vulnerabilities in WebCit 926" archivado públicamente • http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834 https://www.citadel.org •

CVSS: 5.0EPSS: 3%CPEs: 8EXPL: 0

CVE-2011-1756

https://notcve.org/view.php?id=CVE-2011-1756

modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. El archivo modules/xmpp/serv_xmpp.c en Citadel versión 7.86 y anteriores, no detectan apropiadamente la recursión durante la expansión de la entidad, lo que permite a los atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) por medio de un documento XML especialmente diseñado que contiene un gran número de referencias de entidades anidadas, un problema similar a CVE-2003-1564. • http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=27c991cc2059f5530d3d4e9689dc976b745f5b0c http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=95040add546a705cc2d1d8f16293141f9f9845a6 http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.37-8+lenny1/changelog http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.83-2squeeze2/changelog http://secunia.com/advisories/44788 http://security.debian.org/debian-security/pool/updates/main/c/citadel/citadel_7.83-2squeeze2& • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 4%CPEs: 7EXPL: 0

CVE-2009-0364

https://notcve.org/view.php?id=CVE-2009-0364

Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors. Una vulnerabilidad de formato de cadena en en componente mini_calendar en Citadel.org WebCit v7.22, y otras versiones anteriores a v7.39 permite a usuarios remotos ejecutar código de su elección a través de vectores no específicos. • http://osvdb.org/52915 http://secunia.com/advisories/34457 http://www.citadel.org/doku.php/news:webcit.security.advisory.-.2009-march-23 http://www.debian.org/security/2009/dsa-1752 http://www.securityfocus.com/bid/34206 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 7.5EPSS: 23%CPEs: 1EXPL: 1

CVE-2008-0394 – Citadel SMTP 7.10 - Remote Overflow

https://notcve.org/view.php?id=CVE-2008-0394

Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information. Desbordamiento de búfer en Citadel SMTP server 7.10 y anteriores permite a atacantes remotos ejecutgar código de su elección a través del comando largos RCTP TO, el cual no es manejado de forma adecuada por la función makeuserkey. NOTA: algunos de estos detalles se obtuvieron de terceras fuentes de información. • https://www.exploit-db.com/exploits/4949 http://secunia.com/advisories/28590 http://www.milw0rm.com/sploits/2008-vs-GNU-citadel.tar.gz http://www.securityfocus.com/bid/27376 http://www.securitytracker.com/id?1019255 http://www.vupen.com/english/advisories/2008/0252 https://exchange.xforce.ibmcloud.com/vulnerabilities/39807 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

1 2 3 4