Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
citadel citadel vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-1756
modules/xmpp/serv_xmpp.c in Citadel 7.86 and previous versions does not properly detect recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested ...
Citadel Citadel
Citadel Citadel 7.80
Citadel Citadel 7.81
Citadel Citadel 7.82
Citadel Citadel 7.84
Citadel Citadel 7.50
Citadel Citadel 7.60
Citadel Citadel 7.11
NA
CVE-2009-0364
Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions prior to 7.39, allows remote malicious users to execute arbitrary code via unspecified vectors.
Citadel Webcit
Citadel Webcit 7.10
Citadel Webcit 7.02
Citadel Webcit 7.11
Citadel Webcit 7.12
Citadel Webcit 7.22
Citadel Webcit 7.37
NA
CVE-2004-1192
Format string vulnerability in the lprintf function in Citadel/UX 6.27 and previous versions allows remote malicious users to execute arbitrary code via format string specifiers sent to the server.
Citadel Ux 6.23
Citadel Ux 6.24
Citadel Ux 6.26
Citadel Ux 6.07
Citadel Ux 6.08
Citadel Ux 6.27
1 EDB exploit
NA
CVE-2004-1705
Buffer overflow in Citadel/UX 6.23 and previous versions allows remote malicious users to cause a denial of service via a long username.
Citadel Ux 6.08
Citadel Ux 6.23
Citadel Ux 5.90
Citadel Ux 5.91
Citadel Ux 6.07
3 EDB exploits
5.4
CVSSv3
CVE-2023-44272
A cross-site scripting vulnerability exists in Citadel versions before 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.
Citadel Citadel
6.1
CVSSv3
CVE-2022-1293
The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions.
Thalesgroup Citadel
3.7
CVSSv3
CVE-2021-37845
An issue exists in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potential...
Citadel Webcit
5.9
CVSSv3
CVE-2020-29547
An issue exists in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure.
Citadel Webcit
NA
CVE-2002-0432
Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and previous versions allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server.
Citadel Ux
NA
CVE-2007-3821
Cross-site request forgery (CSRF) vulnerability in Webcit prior to 7.11 allows remote malicious users to modify configurations and perform other actions as arbitrary users via unspecified vectors.
Citadel Webcit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »