Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
citadel webcit vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-0364
Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions prior to 7.39, allows remote malicious users to execute arbitrary code via unspecified vectors.
Citadel Webcit
Citadel Webcit 7.10
Citadel Webcit 7.02
Citadel Webcit 7.11
Citadel Webcit 7.12
Citadel Webcit 7.22
Citadel Webcit 7.37
7.5
CVSSv2
CVE-2007-3821
Cross-site request forgery (CSRF) vulnerability in Webcit prior to 7.11 allows remote malicious users to modify configurations and perform other actions as arbitrary users via unspecified vectors.
Citadel Webcit
2.6
CVSSv2
CVE-2007-3822
Multiple cross-site scripting (XSS) vulnerabilities in Webcit prior to 7.11 allow remote malicious users to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) u...
Citadel Webcit
1 EDB exploit
NA
CVE-2020-29547
An issue exists in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure.
Citadel Webcit
7.5
CVSSv2
CVE-2020-27739
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote malicious users to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 92...
Citadel Webcit
5
CVSSv2
CVE-2020-27740
Citadel WebCit through 926 allows unauthenticated remote malicious users to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
Citadel Webcit
4.3
CVSSv2
CVE-2020-27741
Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote malicious users to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabil...
Citadel Webcit
4
CVSSv2
CVE-2020-27742
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote malicious users to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security V...
Citadel Webcit
NA
CVE-2021-37845
An issue exists in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potential...
Citadel Webcit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started