Page 2 of 10 results (0.041 seconds)

CVSS: 5.8EPSS: 0%CPEs: 14EXPL: 2

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer. • https://www.exploit-db.com/exploits/27 http://securityreason.com/securityalert/3290 http://www.securityfocus.com/archive/1/320438 http://www.securityfocus.com/bid/7501 https://exchange.xforce.ibmcloud.com/vulnerabilities/11932 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information. • http://archives.neohapsis.com/archives/bugtraq/2002-07/0016.html http://www.iss.net/security_center/static/9463.php • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks. • https://www.exploit-db.com/exploits/20175 http://www.securityfocus.com/archive/1/139523 http://www.securityfocus.com/bid/1792 https://exchange.xforce.ibmcloud.com/vulnerabilities/5363 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 3

The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. • https://www.exploit-db.com/exploits/20091 http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html http://www.osvdb.org/5774 http://www.securityfocus.com/bid/1493 https://exchange.xforce.ibmcloud.com/vulnerabilities/5105 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port. • http://marc.info/?l=bugtraq&m=94426440413027&w=2 http://marc.info/?l=ntbugtraq&m=94454565726775&w=2 http://www.securityfocus.com/bid/860 •