CVE-2009-0547 – evolution-data-server: S/MIME signatures are considered to be valid even for modified messages (MITM)
https://notcve.org/view.php?id=CVE-2009-0547
Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077. Evolution v2.22.3.1, comprueba las firmas S/MIME contra una copia del texto del correo electrónico con un campo de datos firmados, la copia del texto del correo no se muestra al usuario, esto permite a atacantes remotos falsificar la firma modificando la copia posterior. Se trata de una vulnerabilidad diferente de CVE-2008-5077. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479 http://bugzilla.gnome.org/show_bug.cgi?id=564465 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://openwall.com/lists/oss-security/2009/02/10/7 http://secunia.com/advisories/33848 http://secunia.com/advisories/34338 http://secunia.com/advisories • CWE-310: Cryptographic Issues •
CVE-2007-6221 – TuMusika Evolution 1.7R5 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2007-6221
TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. TuMusika Evolution 1.7R5 permite a atacantes remotos obtener información de la configuración a través de una respuesta directa en phpinfo.php, que llama a la función phpinfo. NOTA: el origen de esta información es desconocido; los detalles se obtuvieron solamente de terceras fuentes de información. • https://www.exploit-db.com/exploits/4674 http://secunia.com/advisories/27866 https://exchange.xforce.ibmcloud.com/vulnerabilities/38724 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-6188 – TuMusika Evolution 1.7R5 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2007-6188
Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php. Múltiples vulnerabilidades de salto de directorio en TuMusika Evolution 1.7R5 permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante una secuencia .. (punto punto) en el parámetro language a (1) languages_n.php, (2) languages_f.php, o (3) languages.php en inc/; y (4) permite a atacantes remotos leer ficheros locales de su elección mediante una secuencia .. • https://www.exploit-db.com/exploits/4674 http://osvdb.org/42450 http://osvdb.org/42451 http://osvdb.org/42452 http://osvdb.org/42453 http://secunia.com/advisories/27866 http://www.securityfocus.com/bid/26631 http://www.securityfocus.com/bid/26632 https://exchange.xforce.ibmcloud.com/vulnerabilities/38719 https://exchange.xforce.ibmcloud.com/vulnerabilities/38720 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2007-2090 – TuMusika Evolution 1.6 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2090
Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de TuMusika Evolution 1.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro msg. • https://www.exploit-db.com/exploits/29848 http://secunia.com/advisories/24874 http://securityreason.com/securityalert/2585 http://www.securityfocus.com/archive/1/465515/100/0/threaded http://www.vupen.com/english/advisories/2007/1374 https://exchange.xforce.ibmcloud.com/vulnerabilities/33593 •
CVE-2007-1002 – evolution format string flaw
https://notcve.org/view.php?id=CVE-2007-1002
Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. Vulnerabilidad de cadena de formato en la función write_html en calendar/gui/e-cal-component-memo-preview.c de Evolution Shared Memo 2.8.2.1, y posiblemente versiones anteriores, permite a atacantes remotos con la intervención del usuario ejecutar código de su elección mediante especificadores de formato en las categorías de un memorándum compartido manipulado. • http://secunia.com/advisories/24234 http://secunia.com/advisories/24651 http://secunia.com/advisories/24668 http://secunia.com/advisories/25102 http://secunia.com/advisories/25551 http://secunia.com/advisories/25880 http://secunia.com/secunia_research/2007-44/advisory http://security.gentoo.org/glsa/glsa-200706-02.xml http://www.debian.org/security/2007/dsa-1325 http://www.mandriva.com/security/advisories?name=MDKSA-2007:070 http://www.novell.com/linux/security/advisories/ •