Lucene search
K

265 matches found

Vulnrichment
Vulnrichment
added 2023/05/29 12:0 a.m.7 views

CVE-2020-29547

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...

6.9AI score0.00753EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2023/05/29 12:0 a.m.26 views

CVE-2021-37845

Removed by vendor...

3.7CVSS4.8AI score0.00665EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/05/29 12:0 a.m.6 views

PT-2023-12330 · Citadel · Citadel

Name of the Vulnerable Software and Affected Versions: Citadel through webcit-932 Description: An issue was discovered that allows a meddler-in-the-middle attacker to fixate their own session during the cleartext phase before a STARTTLS command, violating the RFC2595 standard. This potentially...

3.7CVSS6.6AI score0.00665EPSS
Exploits1References9
Cvelist
Cvelist
added 2023/05/29 12:0 a.m.29 views

CVE-2020-29547

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...

5.7AI score0.00753EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/05/29 12:0 a.m.8 views

Citadel 命令注入漏洞

Citadel is an asset management software from Citadel, Inc. in the United States. A security vulnerability exists in Citadel webcit 926, which can be exploited by an attacker to inject commands into an encrypted user session via a pipe after a POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS command,...

5.9CVSS6.1AI score0.00753EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/05/29 12:0 a.m.14 views

CVE-2020-29547

Removed by vendor...

5.9CVSS5.8AI score0.00753EPSS
Exploits0
Exploit DB
Exploit DB
added 2023/04/08 12:0 a.m.243 views

Google Chrome 109.0.5414.74 - Code Execution via missing lib file (Ubuntu)

Exploit Title: Google Chrome 109.0.5414.74 - Code Execution via missing lib file Ubuntu Product: Google Chrome Discovered by: Rafay Baloch and Muhammad Samak Version: 109.0.5414.74 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Tested-on : Ubuntu 22.04.1 Description...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/04/08 12:0 a.m.156 views

Google Chrome 109.0.5414.74 - Code Execution via missing lib file Vulnerability

Exploit Title: Google Chrome 109.0.5414.74 - Code Execution via missing lib file Ubuntu Product: Google Chrome Discovered by: Rafay Baloch and Muhammad Samak Version: 109.0.5414.74 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Tested-on : Ubuntu 22.04.1 Description...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/03/28 12:0 a.m.306 views

Google Chrome 109.0.5414.74 Unsafe Library Load Vulnerability

Google Chrome version 109.0.5414.74 on Ubuntu attempts to load libnssckbi.so from a user-writable location and if missing, a replacement piece of malware can be used by an attacker to achieve code execution. Although privilege escalation is not likely as an attacker would already need access to t...

7.7AI score
Exploits0
Packet Storm
Packet Storm
added 2023/03/27 12:0 a.m.189 views

Google Chrome 109.0.5414.74 Unsafe Library Load

Vulnerability: Google Chrome code execution via missing lib file Ubuntu Product: Google Chrome Discovered by: Rafay Baloch and Muhammad Samak Version: 109.0.5414.74 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Tested-on : Ubuntu 22.04.1 Description Google chrome...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.7 views

Vault staked along with "Hands of the Citadel" does not have any effect but still be locked

Lines of code Vulnerability details Impact In function stakeS1Citizen, when the S1 citizen has class Hands of Citadel, it will ignore the vault staked but still transfer the vault into Staking contract. It will effectively lock the vault for timelockDuration but does not have any effect on...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2022/08/02 3:24 p.m.19 views

CVE-2022-1293 XSS vulnerability in Citadel

The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions...

5.7CVSS6.4AI score0.00408EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/02 12:0 a.m.14 views

PT-2022-13781 · Thales +1 · Citadel Macosx Desktop Client +3

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves the bypassing of embedded neutralization of Script-Related HTML Tag under certain extra conditions. No information is provided about...

6.1CVSS6.2AI score0.00408EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/08/02 12:0 a.m.8 views

Citadel 跨站脚本漏洞

Citadel is an asset management software from Citadel, Inc. in the United States. A cross-site scripting vulnerability exists in Citadel client version 7.1.1 and earlier, which stems from the embedded neutralization of a Script-Related HTML Tag, and can be bypassed under a number of additional...

6.1CVSS5.9AI score0.00408EPSS
Exploits0References2
Code423n4
Code423n4
added 2022/04/20 12:0 a.m.7 views

Function name doesn't match the interface

Lines of code Vulnerability details Impact StakedCitadelVester contract doesn't support the IVesting interface, so the withdrawal of Citadel from the StakedCitadel contract will be impossible because the IVestingvesting.setupVestingmsg.sender, amount, block.timestamp; call will revert because the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/20 12:0 a.m.8 views

the governance can mint citadel tokens for themselves

Lines of code Vulnerability details the governance can call mint in citadel token and mint for themselves as much as they want and sell, which will cause the token price to drop to zero. --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/20 12:0 a.m.12 views

Funding.getAmountOut returns zero when there is no discount set

Lines of code Vulnerability details Impact User provided asset funds will be lost, i.e. 100% to be frozen in the contract, as the system will not give away any Citadel in return. The issue is that when Funding's funding.discount is zero the getAmountOut will return zero for any given assetAmountI...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/02/06 12:0 a.m.9 views

Zero tokenOut balance = rug pull

Lines of code Vulnerability details Impact The only time that the Badger Citadel contract checks that the balance of tokenOut is greater than or equal to totalTokenOutBought is in the finalize function, which happens at the end of the sale. A contract owner can start a token sale but never send...

6.6AI score
Exploits0
0day.today
0day.today
added 2021/12/04 12:0 a.m.551 views

DuckDuckGo 7.64.4 Address Bar Spoofing Vulnerability

Vulnerability: Address Bar Spoofing Vulnerability Product: DuckDuckGo Discovered by: Rafay Baloch and Muhammad Samak Version: 7.64.4 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Description DuckDuckGo browser for iOS was prone to an "Address Bar Spoofing"...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2021/12/03 12:0 a.m.460 views

DuckDuckGo 7.64.4 Address Bar Spoofing

Vulnerability: Address Bar Spoofing Vulnerability Product: DuckDuckGo Discovered by: Rafay Baloch and Muhammad Samak Version: 7.64.4 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Description DuckDuckGo browser for iOS was prone to an "Address Bar Spoofing"...

0.1AI score
Exploits0
Rows per page
Query Builder