Search criteria
15 vulnerabilities by citadel
CVE-2023-44272 (GCVE-0-2023-44272)
Vulnerability from cvelistv5 – Published: 2023-10-04 08:07 – Updated: 2024-09-19 19:55
VLAI?
Summary
A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.
Severity ?
No CVSS data available.
CWE
- Cross-site scripting (XSS)
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:51.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.citadel.org/download.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://code.citadel.org/citadel/citadel"
},
{
"tags": [
"x_transferred"
],
"url": "https://code.citadel.org/citadel/citadel/-/commit/f0dac5ff074ad686fa71ea663c8ead107bd3041e"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN08237727/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T19:54:07.538323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:55:17.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Citadel",
"vendor": "Citadel",
"versions": [
{
"status": "affected",
"version": "prior to 994"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-04T08:07:46.459Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.citadel.org/download.html"
},
{
"url": "https://code.citadel.org/citadel/citadel"
},
{
"url": "https://code.citadel.org/citadel/citadel/-/commit/f0dac5ff074ad686fa71ea663c8ead107bd3041e"
},
{
"url": "https://jvn.jp/en/jp/JVN08237727/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-44272",
"datePublished": "2023-10-04T08:07:46.459Z",
"dateReserved": "2023-09-28T02:30:04.107Z",
"dateUpdated": "2024-09-19T19:55:17.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-29547 (GCVE-0-2020-29547)
Vulnerability from cvelistv5 – Published: 2023-05-29 00:00 – Updated: 2025-01-14 17:52
VLAI?
Summary
An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure.
Severity ?
5.9 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://uncensored.citadel.org/msg/4576039"
},
{
"tags": [
"x_transferred"
],
"url": "http://uncensored.citadel.org/dotgoto?room=Citadel%20Security"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-29547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T17:52:47.985805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T17:52:53.266Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-29T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://uncensored.citadel.org/msg/4576039"
},
{
"url": "http://uncensored.citadel.org/dotgoto?room=Citadel%20Security"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29547",
"datePublished": "2023-05-29T00:00:00",
"dateReserved": "2020-12-04T00:00:00",
"dateUpdated": "2025-01-14T17:52:53.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37845 (GCVE-0-2021-37845)
Vulnerability from cvelistv5 – Published: 2023-05-29 00:00 – Updated: 2025-01-14 17:46
VLAI?
Summary
An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potentially allows an attacker to cause a victim's e-mail messages to be stored into an attacker's IMAP mailbox, but depends on details of the victim's client behavior.
Severity ?
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://uncensored.citadel.org/dotgoto?room=Citadel%20Security"
},
{
"tags": [
"x_transferred"
],
"url": "https://uncensored.citadel.org/msg/2099264259"
},
{
"tags": [
"x_transferred"
],
"url": "https://nostarttls.secvuln.info/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-37845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T17:46:27.774902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T17:46:34.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of \"The STARTTLS command is only valid in non-authenticated state.\" in RFC2595). This potentially allows an attacker to cause a victim\u0027s e-mail messages to be stored into an attacker\u0027s IMAP mailbox, but depends on details of the victim\u0027s client behavior."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-29T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://uncensored.citadel.org/dotgoto?room=Citadel%20Security"
},
{
"url": "https://uncensored.citadel.org/msg/2099264259"
},
{
"url": "https://nostarttls.secvuln.info/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37845",
"datePublished": "2023-05-29T00:00:00",
"dateReserved": "2021-08-02T00:00:00",
"dateUpdated": "2025-01-14T17:46:34.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27739 (GCVE-0-2020-27739)
Vulnerability from cvelistv5 – Published: 2020-10-28 18:44 – Updated: 2024-08-04 16:18
VLAI?
Summary
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.citadel.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users\u0027 sessions. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T18:44:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.citadel.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users\u0027 sessions. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.citadel.org/",
"refsource": "MISC",
"url": "https://www.citadel.org/"
},
{
"name": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834",
"refsource": "MISC",
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27739",
"datePublished": "2020-10-28T18:44:39",
"dateReserved": "2020-10-26T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27742 (GCVE-0-2020-27742)
Vulnerability from cvelistv5 – Published: 2020-10-28 18:44 – Updated: 2024-08-04 16:18
VLAI?
Summary
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.citadel.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else\u0027s emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T18:44:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.citadel.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else\u0027s emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.citadel.org/",
"refsource": "MISC",
"url": "https://www.citadel.org/"
},
{
"name": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834",
"refsource": "MISC",
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27742",
"datePublished": "2020-10-28T18:44:36",
"dateReserved": "2020-10-26T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27741 (GCVE-0-2020-27741)
Vulnerability from cvelistv5 – Published: 2020-10-28 18:44 – Updated: 2024-08-04 16:18
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.citadel.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T18:44:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.citadel.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.citadel.org/",
"refsource": "MISC",
"url": "https://www.citadel.org/"
},
{
"name": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834",
"refsource": "MISC",
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27741",
"datePublished": "2020-10-28T18:44:34",
"dateReserved": "2020-10-26T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27740 (GCVE-0-2020-27740)
Vulnerability from cvelistv5 – Published: 2020-10-28 18:44 – Updated: 2024-08-04 16:18
VLAI?
Summary
Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:18:45.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.citadel.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-28T18:44:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.citadel.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.citadel.org/",
"refsource": "MISC",
"url": "https://www.citadel.org/"
},
{
"name": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834",
"refsource": "MISC",
"url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27740",
"datePublished": "2020-10-28T18:44:30",
"dateReserved": "2020-10-26T00:00:00",
"dateUpdated": "2024-08-04T16:18:45.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1756 (GCVE-0-2011-1756)
Vulnerability from cvelistv5 – Published: 2011-06-21 01:00 – Updated: 2024-08-06 22:37
VLAI?
Summary
modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=27c991cc2059f5530d3d4e9689dc976b745f5b0c"
},
{
"name": "48071",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48071"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.37-8+lenny1/changelog"
},
{
"name": "DSA-2250",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2250"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/debian-security/pool/updates/main/c/citadel/citadel_7.83-2squeeze2.diff.gz"
},
{
"name": "44788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44788"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.83-2squeeze2/changelog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=95040add546a705cc2d1d8f16293141f9f9845a6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-26T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=27c991cc2059f5530d3d4e9689dc976b745f5b0c"
},
{
"name": "48071",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48071"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.37-8+lenny1/changelog"
},
{
"name": "DSA-2250",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2250"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/debian-security/pool/updates/main/c/citadel/citadel_7.83-2squeeze2.diff.gz"
},
{
"name": "44788",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44788"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.83-2squeeze2/changelog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=95040add546a705cc2d1d8f16293141f9f9845a6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=27c991cc2059f5530d3d4e9689dc976b745f5b0c",
"refsource": "CONFIRM",
"url": "http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=27c991cc2059f5530d3d4e9689dc976b745f5b0c"
},
{
"name": "48071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48071"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.37-8+lenny1/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.37-8+lenny1/changelog"
},
{
"name": "DSA-2250",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2250"
},
{
"name": "http://security.debian.org/debian-security/pool/updates/main/c/citadel/citadel_7.83-2squeeze2.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/debian-security/pool/updates/main/c/citadel/citadel_7.83-2squeeze2.diff.gz"
},
{
"name": "44788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44788"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.83-2squeeze2/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/c/citadel/citadel_7.83-2squeeze2/changelog"
},
{
"name": "http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=95040add546a705cc2d1d8f16293141f9f9845a6",
"refsource": "CONFIRM",
"url": "http://code.citadel.org/cgit.cgi/git.citadel.org/commit/?id=95040add546a705cc2d1d8f16293141f9f9845a6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1756",
"datePublished": "2011-06-21T01:00:00",
"dateReserved": "2011-04-19T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0364 (GCVE-0-2009-0364)
Vulnerability from cvelistv5 – Published: 2009-03-24 19:00 – Updated: 2024-08-07 04:31
VLAI?
Summary
Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:31:25.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.citadel.org/doku.php/news:webcit.security.advisory.-.2009-march-23"
},
{
"name": "52915",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52915"
},
{
"name": "34206",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34206"
},
{
"name": "DSA-1752",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-04-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.citadel.org/doku.php/news:webcit.security.advisory.-.2009-march-23"
},
{
"name": "52915",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52915"
},
{
"name": "34206",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34206"
},
{
"name": "DSA-1752",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1752"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34457"
},
{
"name": "http://www.citadel.org/doku.php/news:webcit.security.advisory.-.2009-march-23",
"refsource": "CONFIRM",
"url": "http://www.citadel.org/doku.php/news:webcit.security.advisory.-.2009-march-23"
},
{
"name": "52915",
"refsource": "OSVDB",
"url": "http://osvdb.org/52915"
},
{
"name": "34206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34206"
},
{
"name": "DSA-1752",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1752"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0364",
"datePublished": "2009-03-24T19:00:00",
"dateReserved": "2009-01-29T00:00:00",
"dateUpdated": "2024-08-07T04:31:25.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0394 (GCVE-0-2008-0394)
Vulnerability from cvelistv5 – Published: 2008-01-23 11:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:53.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.milw0rm.com/sploits/2008-vs-GNU-citadel.tar.gz"
},
{
"name": "27376",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27376"
},
{
"name": "1019255",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019255"
},
{
"name": "4949",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4949"
},
{
"name": "ADV-2008-0252",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0252"
},
{
"name": "28590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28590"
},
{
"name": "citadel-makeuserkey-bo(39807)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.milw0rm.com/sploits/2008-vs-GNU-citadel.tar.gz"
},
{
"name": "27376",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27376"
},
{
"name": "1019255",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019255"
},
{
"name": "4949",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4949"
},
{
"name": "ADV-2008-0252",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0252"
},
{
"name": "28590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28590"
},
{
"name": "citadel-makeuserkey-bo(39807)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.milw0rm.com/sploits/2008-vs-GNU-citadel.tar.gz",
"refsource": "MISC",
"url": "http://www.milw0rm.com/sploits/2008-vs-GNU-citadel.tar.gz"
},
{
"name": "27376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27376"
},
{
"name": "1019255",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019255"
},
{
"name": "4949",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4949"
},
{
"name": "ADV-2008-0252",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0252"
},
{
"name": "28590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28590"
},
{
"name": "citadel-makeuserkey-bo(39807)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0394",
"datePublished": "2008-01-23T11:00:00",
"dateReserved": "2008-01-22T00:00:00",
"dateUpdated": "2024-08-07T07:46:53.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3822 (GCVE-0-2007-3822)
Vulnerability from cvelistv5 – Published: 2007-07-17 01:00 – Updated: 2024-08-07 14:28
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38179"
},
{
"name": "38177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38177"
},
{
"name": "38180",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38180"
},
{
"name": "24913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24913"
},
{
"name": "2890",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2890"
},
{
"name": "38178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38178"
},
{
"name": "20070714 Session Riding and multiple XSS in WebCit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473714/100/0/threaded"
},
{
"name": "26090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26090"
},
{
"name": "webcit-multiple-xss(35433)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35433"
},
{
"name": "38176",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38176"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38179"
},
{
"name": "38177",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38177"
},
{
"name": "38180",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38180"
},
{
"name": "24913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24913"
},
{
"name": "2890",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2890"
},
{
"name": "38178",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38178"
},
{
"name": "20070714 Session Riding and multiple XSS in WebCit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473714/100/0/threaded"
},
{
"name": "26090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26090"
},
{
"name": "webcit-multiple-xss(35433)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35433"
},
{
"name": "38176",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38176"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38179",
"refsource": "OSVDB",
"url": "http://osvdb.org/38179"
},
{
"name": "38177",
"refsource": "OSVDB",
"url": "http://osvdb.org/38177"
},
{
"name": "38180",
"refsource": "OSVDB",
"url": "http://osvdb.org/38180"
},
{
"name": "24913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24913"
},
{
"name": "2890",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2890"
},
{
"name": "38178",
"refsource": "OSVDB",
"url": "http://osvdb.org/38178"
},
{
"name": "20070714 Session Riding and multiple XSS in WebCit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473714/100/0/threaded"
},
{
"name": "26090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26090"
},
{
"name": "webcit-multiple-xss(35433)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35433"
},
{
"name": "38176",
"refsource": "OSVDB",
"url": "http://osvdb.org/38176"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3822",
"datePublished": "2007-07-17T01:00:00",
"dateReserved": "2007-07-16T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3821 (GCVE-0-2007-3821)
Vulnerability from cvelistv5 – Published: 2007-07-17 01:00 – Updated: 2024-08-07 14:28
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38181"
},
{
"name": "24913",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24913"
},
{
"name": "2890",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2890"
},
{
"name": "20070714 Session Riding and multiple XSS in WebCit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473714/100/0/threaded"
},
{
"name": "26090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26090"
},
{
"name": "webcit-unspecified-csrf(35432)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38181",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38181"
},
{
"name": "24913",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24913"
},
{
"name": "2890",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2890"
},
{
"name": "20070714 Session Riding and multiple XSS in WebCit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473714/100/0/threaded"
},
{
"name": "26090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26090"
},
{
"name": "webcit-unspecified-csrf(35432)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38181",
"refsource": "OSVDB",
"url": "http://osvdb.org/38181"
},
{
"name": "24913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24913"
},
{
"name": "2890",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2890"
},
{
"name": "20070714 Session Riding and multiple XSS in WebCit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473714/100/0/threaded"
},
{
"name": "26090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26090"
},
{
"name": "webcit-unspecified-csrf(35432)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3821",
"datePublished": "2007-07-17T01:00:00",
"dateReserved": "2007-07-16T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1705 (GCVE-0-2004-1705)
Vulnerability from cvelistv5 – Published: 2005-02-26 05:00 – Updated: 2024-08-08 01:00
VLAI?
Summary
Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040731 Citadel/UX Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109121546120575\u0026w=2"
},
{
"name": "10833",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nosystem.com.ar/advisories/advisory-04.txt"
},
{
"name": "20040731 Re: Citadel/UX Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109146099404071\u0026w=2"
},
{
"name": "citadel-user-dos(16840)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16840"
},
{
"name": "12197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12197"
},
{
"name": "1010809",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010809"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040731 Citadel/UX Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109121546120575\u0026w=2"
},
{
"name": "10833",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nosystem.com.ar/advisories/advisory-04.txt"
},
{
"name": "20040731 Re: Citadel/UX Remote DoS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109146099404071\u0026w=2"
},
{
"name": "citadel-user-dos(16840)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16840"
},
{
"name": "12197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12197"
},
{
"name": "1010809",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010809"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040731 Citadel/UX Remote DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109121546120575\u0026w=2"
},
{
"name": "10833",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10833"
},
{
"name": "http://www.nosystem.com.ar/advisories/advisory-04.txt",
"refsource": "MISC",
"url": "http://www.nosystem.com.ar/advisories/advisory-04.txt"
},
{
"name": "20040731 Re: Citadel/UX Remote DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109146099404071\u0026w=2"
},
{
"name": "citadel-user-dos(16840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16840"
},
{
"name": "12197",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12197"
},
{
"name": "1010809",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010809"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1705",
"datePublished": "2005-02-26T05:00:00",
"dateReserved": "2005-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1192 (GCVE-0-2004-1192)
Vulnerability from cvelistv5 – Published: 2004-12-15 05:00 – Updated: 2024-08-08 00:46
VLAI?
Summary
Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:11.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041214 Re: Citadel/UX \u003c= v6.27 Remote Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110304986223400\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nosystem.com.ar/advisories/advisory-09.txt"
},
{
"name": "citadel-format-string(18429)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18429"
},
{
"name": "20041213 Citadel/UX \u003c= v6.27 Remote Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110295469430696\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041214 Re: Citadel/UX \u003c= v6.27 Remote Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110304986223400\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nosystem.com.ar/advisories/advisory-09.txt"
},
{
"name": "citadel-format-string(18429)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18429"
},
{
"name": "20041213 Citadel/UX \u003c= v6.27 Remote Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110295469430696\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041214 Re: Citadel/UX \u003c= v6.27 Remote Format String Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110304986223400\u0026w=2"
},
{
"name": "http://www.nosystem.com.ar/advisories/advisory-09.txt",
"refsource": "MISC",
"url": "http://www.nosystem.com.ar/advisories/advisory-09.txt"
},
{
"name": "citadel-format-string(18429)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18429"
},
{
"name": "20041213 Citadel/UX \u003c= v6.27 Remote Format String Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110295469430696\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1192",
"datePublished": "2004-12-15T05:00:00",
"dateReserved": "2004-12-13T00:00:00",
"dateUpdated": "2024-08-08T00:46:11.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0432 (GCVE-0-2002-0432)
Vulnerability from cvelistv5 – Published: 2002-06-11 04:00 – Updated: 2024-08-08 02:49
VLAI?
Summary
Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:49:28.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "citadel-helo-bo(8426)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8426.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz"
},
{
"name": "20020309 Citadel/UX Server Remote DoS attack Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/260934"
},
{
"name": "4263",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4263"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "citadel-helo-bo(8426)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8426.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz"
},
{
"name": "20020309 Citadel/UX Server Remote DoS attack Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/260934"
},
{
"name": "4263",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4263"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "citadel-helo-bo(8426)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8426.php"
},
{
"name": "http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz",
"refsource": "CONFIRM",
"url": "http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz"
},
{
"name": "20020309 Citadel/UX Server Remote DoS attack Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/260934"
},
{
"name": "4263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4263"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0432",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:49:28.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}