12 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

05 Jan 2023 — A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information disclosure. The attack can be initiated remotely. • https://github.com/evolution-events/Artaxerxes/commit/022111407d34815c16c6eada2de69ca34084dc0d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

27 Dec 2018 — Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that can result in information leak, possible RCE depending on system configuration. This attack appears to be exploitable via the victim opening a specially crafted circuit file. This vulnerability appears to have been fixed in 2.14.4. Logisim Evolution, en versiones 2.14.3 y anteriores, contiene una vulnerabilidad... • https://github.com/reds-heig/logisim-evolution/pull/139 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

09 Sep 2014 — The Snake Evolution (aka com.btwgames.snake) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación Snake Evolution (también conocido como com.btwgames.snake) 1.3.1 para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un cer... • http://www.kb.cert.org/vuls/id/370681 • CWE-310: Cryptographic Issues •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

28 Apr 2009 — Cross-site scripting (XSS) vulnerability in player.php in Nuke Evolution Xtreme 2.x allows remote attackers to inject arbitrary web script or HTML via the defaultVisualExt parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en player.php en Nuke Evolución Xtreme v2.x permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través del parámetro defaultVisual... • http://osvdb.org/53779 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

12 Mar 2009 — Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. Múltiples desbordamientos de enteros en Evolution Data Server (alias Evolution-Data-Server) antes de la version 2.24.5 permiten a atacantes dependientes de contexto ejecutar código arbitrario a través de u... • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0

12 Feb 2009 — Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077. Evolution v2.22.3.1, comprueba las firmas S/MIME contra una copia del texto del correo electrónico con un campo de datos firmados, la copia del texto del correo no se muestra al usuario, esto permite a atacantes remotos falsi... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508479 • CWE-310: Cryptographic Issues •

CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 1

04 Dec 2007 — TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. TuMusika Evolution 1.7R5 permite a atacantes remotos obtener información de la configuración a través de una respuesta directa en phpinfo.php, que llama a la función phpinfo. NOTA: el origen de esta información es desconocido; los detalles s... • https://www.exploit-db.com/exploits/4674 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.1EPSS: 10%CPEs: 1EXPL: 1

30 Nov 2007 — Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php. Múltiples vulnerabilidades de salto de directorio en TuMusika Evolution 1.7R5 permite a atacantes remotos incluir y e... • https://www.exploit-db.com/exploits/4674 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 1

18 Apr 2007 — Cross-site scripting (XSS) vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de TuMusika Evolution 1.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro msg. • https://www.exploit-db.com/exploits/29848 •

CVSS: 8.8EPSS: 10%CPEs: 1EXPL: 0

21 Mar 2007 — Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. Vulnerabilidad de cadena de formato en la función write_html en calendar/gui/e-cal-component-memo-preview.c de Evolution Shared Memo 2.8.2.1, y posiblemente versiones anteriores, permite a atacantes remotos con la i... • http://secunia.com/advisories/24234 •