Page 3 of 25 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin SearchHighlight en MODx Evolution anterior v1.0.3 permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores desconocidos relacionados con AjaxSearch. • http://jvn.jp/en/jp/JVN46669729/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000013.html http://modxcms.com/forums/index.php/topic%2C47759.msg280304.html#msg280304 http://secunia.com/advisories/39298 https://exchange.xforce.ibmcloud.com/vulnerabilities/57635 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 1

The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. El componente Mailer en Evolution v2.26.1 y versiones anteriores utiliza permisos de lectura para todos para el directorio .evolution, y determinados directorios y ficheros bajo .evolution/ relacionados con el correo local, lo cual permite a usuarios locales obtener información sensible a través de la lectura de esos ficheros. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409 http://bugzilla.gnome.org/show_bug.cgi?id=581604 http://www.openwall.com/lists/oss-security/2009/05/12/6 http://www.securityfocus.com/bid/34921 https://bugzilla.redhat.com/show_bug.cgi?id=498648 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 59%CPEs: 2EXPL: 0

Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. Una vulnerabilidad de cadena de formato en la función emf_multipart_encrypted en el archivo mail/em-format.c en Evolution versión 2.12.3 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un mensaje encriptado diseñado, tal y como es demostrado usando el campo Version. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html http://secunia.com/advisories/29057 http://secunia.com/advisories/29163 http://secunia.com/advisories/29210 http://secunia.com/advisories/29244 http://secunia.com/advisories/29258 http://secunia.com/advisories/29264 http://secunia.com/advisories/29317 http://secunia.com/advisories/30437 http://secunia.com/advisories/30491 http://secunia.com/secunia_research/2008-8/advisory http://security.gentoo.org/glsa& • CWE-134: Use of Externally-Controlled Format String •

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0

Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. Camel (camel-imap-folder.c) en el componente de mensajería (mailer) para Evolution Data Server 1.11 permite a servidores IMAP remotos ejecutar código de su elección mediante un valor negativo de SEQUENCE en GData, lo cual se usa como índice de una rray. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://bugzilla.gnome.org/show_bug.cgi?id=447414 http://mail.gnome.org/archives/evolution-hackers/2007-June/msg00064.html http://osvdb.org/37489 http://secunia.com/advisories/25765 http://secunia.com/advisories/25766 http://secunia.com/advisories/25774 http://secunia.com/advisories/25777 http://secunia.com/advisories/25793 http://secunia.com/advisories/25798 http://secunia.com/advisories/25843 http:&# •

CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 2

Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Evolution 2.8.1 y anteriores no utilizan adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Evolution no distinga visualmente entre trozos firmados y no firmados de mensajes OpenPGP con múltiples componentes, lo cual permite a atacantes remotos falsificar el contenido de un mensaje si ser detectado. • https://www.exploit-db.com/exploits/29691 http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html http://secunia.com/advisories/24412 http://securityreason.com/securityalert/2353 http://www.coresecurity.com/?action=item&id=1687 http://www.securityfocus.com/archive/1/461958/100/0/threaded http://www.securityfocus.com/archive/1/461958/30/7710/threaded http://www.securityfocus.com/bid/22760 http://www.securitytracker.com/id?1017727 http://www.vupen.com/english/ad •