Page 2 of 9 results (0.032 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibly earlier versions allows remote attackers to list the contents of the WebUser directory and its parent directory via a (1) .. (dot dot) or (2) . (dot) in a URL. NOTE: it is not clear whether this issue reveals any more information regarding directory structure than is already available to any CommuniGate Pro user, although there is a possibility that it could be used to infer product version information. • http://archives.neohapsis.com/archives/bugtraq/2002-07/0016.html http://www.iss.net/security_center/static/9463.php • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks. • https://www.exploit-db.com/exploits/20175 http://www.securityfocus.com/archive/1/139523 http://www.securityfocus.com/bid/1792 https://exchange.xforce.ibmcloud.com/vulnerabilities/5363 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 3

The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. • https://www.exploit-db.com/exploits/20091 http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html http://www.osvdb.org/5774 http://www.securityfocus.com/bid/1493 https://exchange.xforce.ibmcloud.com/vulnerabilities/5105 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port. • http://marc.info/?l=bugtraq&m=94426440413027&w=2 http://marc.info/?l=ntbugtraq&m=94454565726775&w=2 http://www.securityfocus.com/bid/860 •