CVE-2022-4869 – Evolution Events Artaxerxes POST Parameter middleware.py information disclosure
https://notcve.org/view.php?id=CVE-2022-4869
A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information disclosure. The attack can be initiated remotely. • https://github.com/evolution-events/Artaxerxes/commit/022111407d34815c16c6eada2de69ca34084dc0d https://vuldb.com/?ctiid.217438 https://vuldb.com/?id.217438 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-1000889
https://notcve.org/view.php?id=CVE-2018-1000889
Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. This attack appears to be exploitable via the victim opening a specially crafted circuit file. This vulnerability appears to have been fixed in 2.14.4. Logisim Evolution, en versiones 2.14.3 y anteriores, contiene una vulnerabilidad XEE (XML External Entity) en la funcionalidad de carga de archivos Circuit (loadXmlFrom en src/com/cburch/logisim/file/XmlReader.java) que puede resultar en la fuga de información y una posible ejecución remota de código, dependiendo de la configuración del sistema. El ataque parece ser explotable si una víctima abre un archivo circuit especialmente manipulado. • https://github.com/reds-heig/logisim-evolution/pull/139 https://www.kvakil.me/posts/logisim • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2014-5590
https://notcve.org/view.php?id=CVE-2014-5590
The Snake Evolution (aka com.btwgames.snake) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Snake Evolution (también conocido como com.btwgames.snake) 1.3.1 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/370681 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVE-2009-1457
https://notcve.org/view.php?id=CVE-2009-1457
Cross-site scripting (XSS) vulnerability in player.php in Nuke Evolution Xtreme 2.x allows remote attackers to inject arbitrary web script or HTML via the defaultVisualExt parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en player.php en Nuke Evolución Xtreme v2.x permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro defaultVisualExt. NOTA: la procedencia de esta información es desconocida, los detalles son obtenidos exclusivamente de la información de terceros. • http://osvdb.org/53779 http://secunia.com/advisories/34783 http://www.securityfocus.com/bid/34594 https://exchange.xforce.ibmcloud.com/vulnerabilities/49944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-0587 – evolution-data-server: integer overflow in base64 encoding functions
https://notcve.org/view.php?id=CVE-2009-0587
Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. Múltiples desbordamientos de enteros en Evolution Data Server (alias Evolution-Data-Server) antes de la version 2.24.5 permiten a atacantes dependientes de contexto ejecutar código arbitrario a través de una cadena demasiado larga que es convertida en una representación en base64 en (1) addressbook/libebook/e-vcard.c en evc o (2) camel/camel-mime-utils.c en libcamel. • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://ocert.org/patches/2008-015/camel-CVE-2009-0587.diff http://ocert.org/patches/2008-015/evc-CVE-2009-0587.diff http://openwall.com/lists/oss-security/2009/03/12/2 http://osvdb.org/52702 http://osvdb.org/52703 http://secunia.com/advisories/34338 http://secunia.com/advisories/34339 http://secunia.com/advisories/34348 http://secunia.com/advisories/34351 http://secunia.com/advisories/ • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •