CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1427
https://notcve.org/view.php?id=CVE-2010-1427
15 Apr 2010 — Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin SearchHighlight en MODx Evolution anterior v1.0.3 permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores desconocidos relacionados con AjaxSearch. • http://jvn.jp/en/jp/JVN46669729/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 1CVE-2009-1631
https://notcve.org/view.php?id=CVE-2009-1631
14 May 2009 — The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. El componente Mailer en Evolution v2.26.1 y versiones anteriores utiliza permisos de lectura para todos para el directorio .evolution, y determinados directorios y ficheros bajo .evolution/ relacionados con el correo local, lo cual permite a... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 12%CPEs: 2EXPL: 0CVE-2008-0072 – Evolution format string flaw
https://notcve.org/view.php?id=CVE-2008-0072
06 Mar 2008 — Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. Una vulnerabilidad de cadena de formato en la función emf_multipart_encrypted en el archivo mail/em-format.c en Evolution versión 2.12.3 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un mensaje encriptado diseñado, tal y como es dem... • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3257 – evolution malicious server arbitrary code execution
https://notcve.org/view.php?id=CVE-2007-3257
19 Jun 2007 — Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. Camel (camel-imap-folder.c) en el componente de mensajería (mailer) para Evolution Data Server 1.11 permite a servidores IMAP remotos ejecutar código de su elección mediante un valor negativo de SEQUENCE en GData, lo cual se usa como índice de una rray. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2007-1266 – Gnome Evolution 2.x - GnuPG Arbitrary Content Injection
https://notcve.org/view.php?id=CVE-2007-1266
06 Mar 2007 — Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Evolution 2.8.1 y anteriores no utilizan adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Evolution no distinga visualmente entre trozos firmados y no firmados de me... • https://www.exploit-db.com/exploits/29691 •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 0CVE-2005-2549
https://notcve.org/view.php?id=CVE-2005-2549
12 Aug 2005 — Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. • http://marc.info/?l=full-disclosure&m=112368237712032&w=2 •
CVSS: 9.8EPSS: 5%CPEs: 11EXPL: 0CVE-2005-2550
https://notcve.org/view.php?id=CVE-2005-2550
12 Aug 2005 — Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. • http://marc.info/?l=full-disclosure&m=112368237712032&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0102
https://notcve.org/view.php?id=CVE-2005-0102
24 Jan 2005 — Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000925 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2003-0296
https://notcve.org/view.php?id=CVE-2003-0296
15 May 2003 — The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP para Evolution 1.2.4 permite que servidores IMAP remotos dañinos provoquen una denegación de servicio y posiblemente ejecuten código arbitrario mediante ciertos valores literales muy grandes que causan errores de desbordamiento de búfer de enteros. • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0300
https://notcve.org/view.php?id=CVE-2003-0300
15 May 2003 — The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP para Sylpheed 0.8.11 permite que servidores IMAP remotos dañinos originen una denegación de servicio (caída) mediante ciertos tamaños literales muy largos que causan desbordamientos de búfer de enteros. • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •