Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
citadel citadel vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv3
CVE-2021-37845
An issue exists in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potential...
Citadel Webcit
5.9
CVSSv3
CVE-2020-29547
An issue exists in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure.
Citadel Webcit
NA
CVE-2002-0432
Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and previous versions allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server.
Citadel Ux
5.3
CVSSv3
CVE-2020-27740
Citadel WebCit through 926 allows unauthenticated remote malicious users to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
Citadel Webcit
6.5
CVSSv3
CVE-2020-27742
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote malicious users to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security V...
Citadel Webcit
NA
CVE-2007-3822
Multiple cross-site scripting (XSS) vulnerabilities in Webcit prior to 7.11 allow remote malicious users to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) u...
Citadel Webcit
1 EDB exploit
NA
CVE-2008-3930
migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
Debian Citadel Server 7.37
NA
CVE-2004-1933
Citadel/UX 5.00 up to and including 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages.
6.7
CVSSv3
CVE-2021-0454
In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelA...
Google Android -
6.7
CVSSv3
CVE-2021-0455
In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelA...
Google Android -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »