CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1427
https://notcve.org/view.php?id=CVE-2010-1427
Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el plugin SearchHighlight en MODx Evolution anterior v1.0.3 permite a atacantes remotos inyectar código web o HTML de su elección a través de vectores desconocidos relacionados con AjaxSearch. • http://jvn.jp/en/jp/JVN46669729/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000013.html http://modxcms.com/forums/index.php/topic%2C47759.msg280304.html#msg280304 http://secunia.com/advisories/39298 https://exchange.xforce.ibmcloud.com/vulnerabilities/57635 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 1CVE-2009-1631
https://notcve.org/view.php?id=CVE-2009-1631
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files. El componente Mailer en Evolution v2.26.1 y versiones anteriores utiliza permisos de lectura para todos para el directorio .evolution, y determinados directorios y ficheros bajo .evolution/ relacionados con el correo local, lo cual permite a usuarios locales obtener información sensible a través de la lectura de esos ficheros. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526409 http://bugzilla.gnome.org/show_bug.cgi?id=581604 http://www.openwall.com/lists/oss-security/2009/05/12/6 http://www.securityfocus.com/bid/34921 https://bugzilla.redhat.com/show_bug.cgi?id=498648 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 10%CPEs: 1EXPL: 0CVE-2008-1108 – evolution: iCalendar buffer overflow via large timezone specification
https://notcve.org/view.php?id=CVE-2008-1108
Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. Desbordamiento de búfer en Evolution 2.22.1, cuando el plugin ITip Formates está desactivado, permite a atacantes remotos ejecutar código arbitrario a través de una cadena "timezone" larga en un adjunto iCalendar. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html http://secunia.com/advisories/30298 http://secunia.com/advisories/30527 http://secunia.com/advisories/30536 http://secunia.com/advisories/30564 http://secunia.com/advisories/30571 http://secunia.com/advisories/30702 http://secunia.com/advisories/30716 http://secunia.com/secunia_research/2008-22/advisory http://security.gentoo.org/glsa/glsa-200806-06.xml http://www.mandriva.com/security/advisories?name=MDVSA& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 59%CPEs: 2EXPL: 0CVE-2008-0072 – Evolution format string flaw
https://notcve.org/view.php?id=CVE-2008-0072
Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field. Una vulnerabilidad de cadena de formato en la función emf_multipart_encrypted en el archivo mail/em-format.c en Evolution versión 2.12.3 y anteriores, permite a atacantes remotos ejecutar código arbitrario por medio de un mensaje encriptado diseñado, tal y como es demostrado usando el campo Version. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html http://secunia.com/advisories/29057 http://secunia.com/advisories/29163 http://secunia.com/advisories/29210 http://secunia.com/advisories/29244 http://secunia.com/advisories/29258 http://secunia.com/advisories/29264 http://secunia.com/advisories/29317 http://secunia.com/advisories/30437 http://secunia.com/advisories/30491 http://secunia.com/secunia_research/2008-8/advisory http://security.gentoo.org/glsa& • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0CVE-2007-3257 – evolution malicious server arbitrary code execution
https://notcve.org/view.php?id=CVE-2007-3257
Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. Camel (camel-imap-folder.c) en el componente de mensajería (mailer) para Evolution Data Server 1.11 permite a servidores IMAP remotos ejecutar código de su elección mediante un valor negativo de SEQUENCE en GData, lo cual se usa como índice de una rray. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://bugzilla.gnome.org/show_bug.cgi?id=447414 http://mail.gnome.org/archives/evolution-hackers/2007-June/msg00064.html http://osvdb.org/37489 http://secunia.com/advisories/25765 http://secunia.com/advisories/25766 http://secunia.com/advisories/25774 http://secunia.com/advisories/25777 http://secunia.com/advisories/25793 http://secunia.com/advisories/25798 http://secunia.com/advisories/25843 http:&# •