
CVE-2022-4869 – Evolution Events Artaxerxes POST Parameter middleware.py information disclosure
https://notcve.org/view.php?id=CVE-2022-4869
05 Jan 2023 — A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information disclosure. The attack can be initiated remotely. • https://github.com/evolution-events/Artaxerxes/commit/022111407d34815c16c6eada2de69ca34084dc0d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2018-1000889
https://notcve.org/view.php?id=CVE-2018-1000889
27 Dec 2018 — Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. This attack appears to be exploitable via the victim opening a specially crafted circuit file. This vulnerability appears to have been fixed in 2.14.4. Logisim Evolution, en versiones 2.14.3 y anteriores, contiene una vulnerabilidad... • https://github.com/reds-heig/logisim-evolution/pull/139 • CWE-611: Improper Restriction of XML External Entity Reference •

CVE-2014-5590
https://notcve.org/view.php?id=CVE-2014-5590
09 Sep 2014 — The Snake Evolution (aka com.btwgames.snake) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Snake Evolution (también conocido como com.btwgames.snake) 1.3.1 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un cer... • http://www.kb.cert.org/vuls/id/370681 • CWE-310: Cryptographic Issues •

CVE-2009-1457
https://notcve.org/view.php?id=CVE-2009-1457
28 Apr 2009 — Cross-site scripting (XSS) vulnerability in player.php in Nuke Evolution Xtreme 2.x allows remote attackers to inject arbitrary web script or HTML via the defaultVisualExt parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en player.php en Nuke Evolución Xtreme v2.x permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro defaultVisual... • http://osvdb.org/53779 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2009-0587 – evolution-data-server: integer overflow in base64 encoding functions
https://notcve.org/view.php?id=CVE-2009-0587
12 Mar 2009 — Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. Múltiples desbordamientos de enteros en Evolution Data Server (alias Evolution-Data-Server) antes de la version 2.24.5 permiten a atacantes dependientes de contexto ejecutar código arbitrario a través de u... • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVE-2009-0547 – evolution-data-server: S/MIME signatures are considered to be valid even for modified messages (MITM)
https://notcve.org/view.php?id=CVE-2009-0547
12 Feb 2009 — Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077. Evolution v2.22.3.1, comprueba las firmas S/MIME contra una copia del texto del correo electrónico con un campo de datos firmados, la copia del texto del correo no se muestra al usuario, esto permite a atacantes remotos falsi... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479 • CWE-310: Cryptographic Issues •

CVE-2007-6221 – TuMusika Evolution 1.7R5 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2007-6221
04 Dec 2007 — TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. TuMusika Evolution 1.7R5 permite a atacantes remotos obtener información de la configuración a través de una respuesta directa en phpinfo.php, que llama a la función phpinfo. NOTA: el origen de esta información es desconocido; los detalles s... • https://www.exploit-db.com/exploits/4674 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2007-6188 – TuMusika Evolution 1.7R5 - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2007-6188
30 Nov 2007 — Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php. Múltiples vulnerabilidades de salto de directorio en TuMusika Evolution 1.7R5 permite a atacantes remotos incluir y e... • https://www.exploit-db.com/exploits/4674 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVE-2007-2090 – TuMusika Evolution 1.6 - 'index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2090
18 Apr 2007 — Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de TuMusika Evolution 1.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro msg. • https://www.exploit-db.com/exploits/29848 •

CVE-2007-1002 – evolution format string flaw
https://notcve.org/view.php?id=CVE-2007-1002
21 Mar 2007 — Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. Vulnerabilidad de cadena de formato en la función write_html en calendar/gui/e-cal-component-memo-preview.c de Evolution Shared Memo 2.8.2.1, y posiblemente versiones anteriores, permite a atacantes remotos con la i... • http://secunia.com/advisories/24234 •