CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2007-3821
https://notcve.org/view.php?id=CVE-2007-3821
Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Webcit anterior a 7.11 permite a atacantes remotos modificar configuraciones y realizar otras acciones como un usuario de su elección a través de vectores no especificados. • http://osvdb.org/38181 http://secunia.com/advisories/26090 http://securityreason.com/securityalert/2890 http://www.securityfocus.com/archive/1/473714/100/0/threaded http://www.securityfocus.com/bid/24913 https://exchange.xforce.ibmcloud.com/vulnerabilities/35432 •
CVSS: 2.6EPSS: 1%CPEs: 1EXPL: 2CVE-2007-3822 – Citadel WebCit 7.02/7.10 - 'showuser?who' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-3822
Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Webcit anterior a 7.11 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) who en showuser; y otros vectores afectando a (2) modo calendario,(3) modo tablón de anuncios, (4)nombres de habitación, y (5)nombres de archivos actualizados. • https://www.exploit-db.com/exploits/30312 http://osvdb.org/38176 http://osvdb.org/38177 http://osvdb.org/38178 http://osvdb.org/38179 http://osvdb.org/38180 http://secunia.com/advisories/26090 http://securityreason.com/securityalert/2890 http://www.securityfocus.com/archive/1/473714/100/0/threaded http://www.securityfocus.com/bid/24913 https://exchange.xforce.ibmcloud.com/vulnerabilities/35433 •
CVSS: 10.0EPSS: 6%CPEs: 6EXPL: 1CVE-2004-1192 – Citadel/UX 6.27 - Format String
https://notcve.org/view.php?id=CVE-2004-1192
Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server. • https://www.exploit-db.com/exploits/681 http://marc.info/?l=bugtraq&m=110295469430696&w=2 http://marc.info/?l=bugtraq&m=110304986223400&w=2 http://www.nosystem.com.ar/advisories/advisory-09.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/18429 •
CVSS: 5.0EPSS: 4%CPEs: 5EXPL: 7CVE-2004-1705 – Citadel/UX - Remote Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2004-1705
Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username. • https://www.exploit-db.com/exploits/370 https://www.exploit-db.com/exploits/424 https://www.exploit-db.com/exploits/437 http://marc.info/?l=bugtraq&m=109121546120575&w=2 http://marc.info/?l=bugtraq&m=109146099404071&w=2 http://secunia.com/advisories/12197 http://securitytracker.com/id?1010809 http://www.nosystem.com.ar/advisories/advisory-04.txt http://www.securityfocus.com/bid/10833 https://exchange.xforce.ibmcloud.com/vulnerabilities/16840 •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2004-1933
https://notcve.org/view.php?id=CVE-2004-1933
Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages. • http://marc.info/?l=bugtraq&m=108180024428804&w=2 http://www.securityfocus.com/bid/10102 https://exchange.xforce.ibmcloud.com/vulnerabilities/15850 •