CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1CVE-2018-3815 – CommuniGatePro 6.2 Missing XIMSS Tag Validation
https://notcve.org/view.php?id=CVE-2018-3815
The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements. La implementación en el protocolo XIMSS (XML Interface to Messaging, Scheduling, and Signaling) en CommuniGate Pro (CGP) 6.2 sufre un ataque basado en la ausencia de validación del protocolo XIMSS que conduce a un ataque de suplantación de email, permitiendo a un atacante autenticado malicioso enviar un mensaje desde cualquier dirección de correo. El ataque utiliza una petición HTTP POST a la URI /Session e intercambia los elementos XML "From" y "To". CommunigatePro XML Interface to Messaging, Scheduling, and Signaling protocol ("XIMSS") version 6.2 suffers from a missing XIMSS protocol validation vulnerability that can lead to an email spoofing attack. • https://packetstormsecurity.com/files/145724/communigatepro62-spoof • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 5%CPEs: 2EXPL: 1CVE-2007-2718 – CommuniGate Pro 5.1.8 - Web Mail HTML Injection
https://notcve.org/view.php?id=CVE-2007-2718
Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el sistema WebMail de Stalker CommuniGate Pro 5.1.8 y anteriores, utilizando Microsoft Internet Explorer, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante etiquetas STYLE manipuladas artesanalmente. • https://www.exploit-db.com/exploits/30027 http://marc.info/?l=full-disclosure&m=117900749209206&w=2 http://osvdb.org/36017 http://secunia.com/advisories/25250 http://www.communigate.com/CommuniGatePro/History51.html http://www.scanit.be/advisory-2007-05-12.html http://www.securityfocus.com/bid/23950 http://www.securitytracker.com/id?1018048 http://www.vupen.com/english/advisories/2007/1795 https://exchange.xforce.ibmcloud.com/vulnerabilities/34266 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2006-3477
https://notcve.org/view.php?id=CVE-2006-3477
Unspecified vulnerability in the POP service in Stalker CommuniGate Pro 5.1c1 and earlier allows remote attackers to cause a denial of service (server crash) via unspecified vectors involving opening an empty inbox. Vulnerabilidad no especificada en el servicio POP de Stalker CommuniGate Pro 5.1c1 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída de servidor) a través de vectores no especificados involucrando la apertura de un buzón de entrada vacío. • http://secunia.com/advisories/20905 http://www.communigate.com/CommuniGatePro/History.html http://www.securityfocus.com/bid/18770 http://www.vupen.com/english/advisories/2006/2632 https://exchange.xforce.ibmcloud.com/vulnerabilities/27500 •
CVSS: 7.5EPSS: 31%CPEs: 14EXPL: 1CVE-2006-0468 – CommuniGate Pro 5.0.6 - Server LDAP Denial of Service
https://notcve.org/view.php?id=CVE-2006-0468
CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite. • https://www.exploit-db.com/exploits/27144 http://secunia.com/advisories/18640 http://www.gleg.net/advisory_cg.shtml http://www.securityfocus.com/archive/1/423364/100/0/threaded http://www.securityfocus.com/bid/16407 http://www.stalker.com/CommuniGatePro/History.html http://www.vupen.com/english/advisories/2006/0364 https://exchange.xforce.ibmcloud.com/vulnerabilities/24409 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2005-1007
https://notcve.org/view.php?id=CVE-2005-1007
Unknown vulnerability in the LIST functionality in CommuniGate Pro before 4.3c3 allows remote attackers to cause a denial of service (server crash) via certain multipart messages. • http://secunia.com/advisories/14604 http://www.osvdb.org/15257 http://www.stalker.com/CommuniGatePro/History.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19961 •