CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1427
https://notcve.org/view.php?id=CVE-2010-1427
15 Apr 2010 — Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin SearchHighlight en MODx Evolution anterior v1.0.3 permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores desconocidos relacionados con AjaxSearch. • http://jvn.jp/en/jp/JVN46669729/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 1CVE-2009-1631
https://notcve.org/view.php?id=CVE-2009-1631
14 May 2009 — The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. El componente Mailer en Evolution v2.26.1 y versiones anteriores utiliza permisos de lectura para todos para el directorio .evolution, y determinados directorios y ficheros bajo .evolution/ relacionados con el correo local, lo cual permite a... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 12%CPEs: 2EXPL: 0CVE-2008-0072 – Evolution format string flaw
https://notcve.org/view.php?id=CVE-2008-0072
06 Mar 2008 — Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. Una vulnerabilidad de cadena de formato en la función emf_multipart_encrypted en el archivo mail/em-format.c en Evolution versión 2.12.3 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un mensaje encriptado diseñado, tal y como es dem... • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2CVE-2007-1266 – Gnome Evolution 2.x - GnuPG Arbitrary Content Injection
https://notcve.org/view.php?id=CVE-2007-1266
06 Mar 2007 — Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Evolution 2.8.1 y anteriores no utilizan adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Evolution no distinga visualmente entre trozos firmados y no firmados de me... • https://www.exploit-db.com/exploits/29691 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0102
https://notcve.org/view.php?id=CVE-2005-0102
24 Jan 2005 — Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000925 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 1CVE-2002-1471
https://notcve.org/view.php?id=CVE-2002-1471
22 Apr 2003 — The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack. El componente camel de Ximian Evolution 1.0.x y anteriores no verifica certificados cuando establece una conexión SSL nueva después de haberlo verificado anteriormente, lo que podría permitir a atacantes remotos monitorizar o modificar sesiones... • http://archives.neohapsis.com/archives/bugtraq/2002-10/0045.html •
CVSS: 8.8EPSS: 23%CPEs: 10EXPL: 2CVE-2003-0128 – Ximian Evolution 1.x - UUEncoding Denial of Service
https://notcve.org/view.php?id=CVE-2003-0128
21 Mar 2003 — The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow. La función try_uudecoding en mail-format.c en Ximian Evolution Mail User Agent 1.2.2 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario mediante una ca... • https://www.exploit-db.com/exploits/22370 •
CVSS: 7.5EPSS: 16%CPEs: 10EXPL: 2CVE-2003-0129 – Ximian Evolution 1.x - UUEncoding Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2003-0129
21 Mar 2003 — Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times. Ximian Evolution Mail User Agent 1.2.2 y anteriores, permiten a atacantes remotos causar la Denegación de Servicios (por consumo de memoria) mediante un correo que se decodifica muchas veces. • https://www.exploit-db.com/exploits/22369 •
CVSS: 5.4EPSS: 13%CPEs: 10EXPL: 2CVE-2003-0130 – Ximian Evolution 1.x - MIME image/* Content-Type Data Inclusion
https://notcve.org/view.php?id=CVE-2003-0130
21 Mar 2003 — The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image. La función handle_image de mail-format.c en Ximian Evolution Mail User Agent 1.2.2 y anteriores no interpreta correctamente los caracteres 'escapados' de HTML, lo que permite a atacantes remotos la inyección arbitraria de datos y HTML mediante una cabece... • https://www.exploit-db.com/exploits/22371 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1765
https://notcve.org/view.php?id=CVE-2002-1765
31 Dec 2002 — Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service (memory consumption and crash) via an email with a malformed MIME header. • http://mail.gnome.org/archives/gnome-announce-list/2002-May/msg00020.html •