CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 2CVE-2018-3815 – CommuniGatePro 6.2 Missing XIMSS Tag Validation
https://notcve.org/view.php?id=CVE-2018-3815
06 Jan 2018 — The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements. La implementación en el protocolo XIMSS (XML Interface to Messaging, Scheduling, and Signaling) en ... • https://packetstorm.news/files/id/145724 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 2CVE-2008-6702 – S.T.A.L.K.E.R. 1.0.06 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-6702
10 Apr 2009 — S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception. S.T.A.L.K.E.R.: Shadow of Chernobyl v1.0006 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída) a través de una nickname largo, lo que provoca una excepción. • https://www.exploit-db.com/exploits/31919 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 17%CPEs: 1EXPL: 2CVE-2008-6703 – S.T.A.L.K.E.R Shadow of Chernobyl 1.0006 - Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-6703
10 Apr 2009 — Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function. Desbordamiento de búfer basado en pila en la función IPureServer::_Recieve en S.T.A.L.K.E.R.: Shadow of Chernobyl v1.0006 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de un paquete 0x39 comprimido, que es ... • https://www.exploit-db.com/exploits/31998 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2008-6704
https://notcve.org/view.php?id=CVE-2008-6704
10 Apr 2009 — Integer overflow in the NET_Compressor::Decompress function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (server crash) via a crafted packet with a 0xc1 value that contains no compressed data, which triggers a copy of a large amount of memory. Desbordamiento de entero en la función NET_Compressor::Decompress en S.T.A.L.K.E.R.: Shadow of Chernobyl v1.0006 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída del ... • http://aluigi.altervista.org/adv/stalker39x-adv.txt • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2008-6705
https://notcve.org/view.php?id=CVE-2008-6705
10 Apr 2009 — The MultipacketReciever::RecievePacket function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (server termination) via a crafted packet without an expected 0xe0 or 0xe1 value, which triggers the INT3 instruction. La función MultipacketReciever::RecievePacket en S.T.A.L.K.E.R.: Shadow of Chernobyl v1.0006 y aanteriores, permiten a atacantes remotos provocar una denegación de servicio (finalización de servicio) a través de paquetes manipulados s... • http://aluigi.altervista.org/adv/stalker39x-adv.txt •
CVSS: 6.1EPSS: 16%CPEs: 2EXPL: 1CVE-2007-2718 – CommuniGate Pro 5.1.8 - Web Mail HTML Injection
https://notcve.org/view.php?id=CVE-2007-2718
16 May 2007 — Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el sistema WebMail de Stalker CommuniGate Pro 5.1.8 y anteriores, utilizando Microsoft Internet Explorer, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante etique... • https://www.exploit-db.com/exploits/30027 •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2006-3477
https://notcve.org/view.php?id=CVE-2006-3477
10 Jul 2006 — Unspecified vulnerability in the POP service in Stalker CommuniGate Pro 5.1c1 and earlier allows remote attackers to cause a denial of service (server crash) via unspecified vectors involving opening an empty inbox. Vulnerabilidad no especificada en el servicio POP de Stalker CommuniGate Pro 5.1c1 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída de servidor) a través de vectores no especificados involucrando la apertura de un buzón de entrada vacío. • http://secunia.com/advisories/20905 •
CVSS: 9.8EPSS: 17%CPEs: 14EXPL: 1CVE-2006-0468 – CommuniGate Pro 5.0.6 - Server LDAP Denial of Service
https://notcve.org/view.php?id=CVE-2006-0468
30 Jan 2006 — CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite. • https://www.exploit-db.com/exploits/27144 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2005-2861
https://notcve.org/view.php?id=CVE-2005-2861
08 Sep 2005 — Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. • http://seclists.org/lists/vulnwatch/2005/Jul-Sep/0032.html •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2005-1007
https://notcve.org/view.php?id=CVE-2005-1007
07 Apr 2005 — Unknown vulnerability in the LIST functionality in CommuniGate Pro before 4.3c3 allows remote attackers to cause a denial of service (server crash) via certain multipart messages. • http://secunia.com/advisories/14604 •