265 matches found
CVE-2020-29547
An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...
CVE-2021-37845
Removed by vendor...
PT-2023-12330 · Citadel · Citadel
Name of the Vulnerable Software and Affected Versions: Citadel through webcit-932 Description: An issue was discovered that allows a meddler-in-the-middle attacker to fixate their own session during the cleartext phase before a STARTTLS command, violating the RFC2595 standard. This potentially...
CVE-2020-29547
An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...
Citadel 命令注入漏洞
Citadel is an asset management software from Citadel, Inc. in the United States. A security vulnerability exists in Citadel webcit 926, which can be exploited by an attacker to inject commands into an encrypted user session via a pipe after a POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS command,...
CVE-2020-29547
Removed by vendor...
Google Chrome 109.0.5414.74 - Code Execution via missing lib file (Ubuntu)
Exploit Title: Google Chrome 109.0.5414.74 - Code Execution via missing lib file Ubuntu Product: Google Chrome Discovered by: Rafay Baloch and Muhammad Samak Version: 109.0.5414.74 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Tested-on : Ubuntu 22.04.1 Description...
Google Chrome 109.0.5414.74 - Code Execution via missing lib file Vulnerability
Exploit Title: Google Chrome 109.0.5414.74 - Code Execution via missing lib file Ubuntu Product: Google Chrome Discovered by: Rafay Baloch and Muhammad Samak Version: 109.0.5414.74 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Tested-on : Ubuntu 22.04.1 Description...
Google Chrome 109.0.5414.74 Unsafe Library Load Vulnerability
Google Chrome version 109.0.5414.74 on Ubuntu attempts to load libnssckbi.so from a user-writable location and if missing, a replacement piece of malware can be used by an attacker to achieve code execution. Although privilege escalation is not likely as an attacker would already need access to t...
Google Chrome 109.0.5414.74 Unsafe Library Load
Vulnerability: Google Chrome code execution via missing lib file Ubuntu Product: Google Chrome Discovered by: Rafay Baloch and Muhammad Samak Version: 109.0.5414.74 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Tested-on : Ubuntu 22.04.1 Description Google chrome...
Vault staked along with "Hands of the Citadel" does not have any effect but still be locked
Lines of code Vulnerability details Impact In function stakeS1Citizen, when the S1 citizen has class Hands of Citadel, it will ignore the vault staked but still transfer the vault into Staking contract. It will effectively lock the vault for timelockDuration but does not have any effect on...
CVE-2022-1293 XSS vulnerability in Citadel
The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions...
PT-2022-13781 · Thales +1 · Citadel Macosx Desktop Client +3
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves the bypassing of embedded neutralization of Script-Related HTML Tag under certain extra conditions. No information is provided about...
Citadel 跨站脚本漏洞
Citadel is an asset management software from Citadel, Inc. in the United States. A cross-site scripting vulnerability exists in Citadel client version 7.1.1 and earlier, which stems from the embedded neutralization of a Script-Related HTML Tag, and can be bypassed under a number of additional...
Function name doesn't match the interface
Lines of code Vulnerability details Impact StakedCitadelVester contract doesn't support the IVesting interface, so the withdrawal of Citadel from the StakedCitadel contract will be impossible because the IVestingvesting.setupVestingmsg.sender, amount, block.timestamp; call will revert because the...
the governance can mint citadel tokens for themselves
Lines of code Vulnerability details the governance can call mint in citadel token and mint for themselves as much as they want and sell, which will cause the token price to drop to zero. --- The text was updated successfully, but these errors were encountered: All reactions...
Funding.getAmountOut returns zero when there is no discount set
Lines of code Vulnerability details Impact User provided asset funds will be lost, i.e. 100% to be frozen in the contract, as the system will not give away any Citadel in return. The issue is that when Funding's funding.discount is zero the getAmountOut will return zero for any given assetAmountI...
Zero tokenOut balance = rug pull
Lines of code Vulnerability details Impact The only time that the Badger Citadel contract checks that the balance of tokenOut is greater than or equal to totalTokenOutBought is in the finalize function, which happens at the end of the sale. A contract owner can start a token sale but never send...
DuckDuckGo 7.64.4 Address Bar Spoofing Vulnerability
Vulnerability: Address Bar Spoofing Vulnerability Product: DuckDuckGo Discovered by: Rafay Baloch and Muhammad Samak Version: 7.64.4 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Description DuckDuckGo browser for iOS was prone to an "Address Bar Spoofing"...
DuckDuckGo 7.64.4 Address Bar Spoofing
Vulnerability: Address Bar Spoofing Vulnerability Product: DuckDuckGo Discovered by: Rafay Baloch and Muhammad Samak Version: 7.64.4 Impact: Moderate Company: Cyber Citadel Website: https://www.cybercitadel.com Description DuckDuckGo browser for iOS was prone to an "Address Bar Spoofing"...