46 matches found
EUVD-2020-20244
Malware in sbrugna...
EUVD-2020-20245
Malware in sbrugna...
EUVD-2020-20246
Malware in sbrugna...
EUVD-2020-20243
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-29547
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS...
Linux Distros Unpatched Vulnerability : CVE-2020-27741
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages...
Linux Distros Unpatched Vulnerability : CVE-2020-27742
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the...
Linux Distros Unpatched Vulnerability : CVE-2020-27739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE...
CVE-2020-27741
Multiple cross-site scripting XSS vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...
CVE-2020-27740
Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...
CVE-2020-27742
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...
CVE-2020-27739
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...
CVE-2020-29547
An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...
Citadel 命令注入漏洞
Citadel is an asset management software from Citadel, Inc. in the United States. A security vulnerability exists in Citadel webcit 926, which can be exploited by an attacker to inject commands into an encrypted user session via a pipe after a POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS command,...
Citadel 安全漏洞
Citadel is an asset management software from Citadel, Inc. in the United States. A security vulnerability exists in Citadel webcit 932, which originates from a vulnerability that allows an attacker to store a victim's email message in the attacker's IMAP mailbox, which can be exploited by an...
Citadel WebCit < 926 - Session Hijacking Exploit
Exploit Title: Citadel WebCit 926 - Session Hijacking Exploit Exploit Author: Simone Quatrini Version: 926 !/usr/bin/env python3 import argparse import requests import time import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning...
Citadel WebCit User Enumeration Vulnerability
WebCit is the Citadel Servlet engine. A user enumeration vulnerability exists in Citadel WebCit 926 and earlier versions. A remote, unauthenticated attacker could exploit this vulnerability to enumerate valid users within the platform to obtain sensitive information...
Unspecified Vulnerability in Citadel WebCit
WebCit is the Citadel Servlet engine. A security vulnerability exists in Citadel WebCit 926 and earlier versions. A remote authentication attacker can exploit this vulnerability to read someone's email via the msgconfirmmove template...
Citadel WebCit Weak Session Management Vulnerability
WebCit is the Citadel Servlet engine. A weak session management vulnerability exists in Citadel WebCit 926 and earlier versions. A remote, unauthenticated attacker could exploit this vulnerability to hijack the session of a recently logged-in user...
Citadel WebCit Cross-Site Scripting Vulnerability
WebCit is the Citadel Servlet engine. A cross-site scripting vulnerability exists in Citadel WebCit 926 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via multiple pages and parameters...