CVE-2007-6188

TuMusika Evolution 1.7R5 is affected by multiple directory traversal flaws enabling remote attackers to include/execute arbitrary local files via ".." in language parameters (languages_n.php, languages_f.php, languages.php in inc/) and to read local files via ".." in the uri parameter to frames/n...

TuMusika Evolution 1.7R5 Remote File Disclosure Vulnerability

No description provided by source. TuMusika Evolution 1.7R5 Remote File Disclosure Vulnerability Script : http://sourceforge.net/project/platformdownload.php?groupid=186000 /frames/nogui/scdownload.php ? $file = $GET'uri' ;---xxx $title = $GET'title' ; header'HTTP/1.1 200 OK';...

TuMusika Evolution 1.7R5 - Remote File Disclosure

TuMusika Evolution 1.7R5 - Remote File Disclosure TuMusika Evolution 1.7R5 Remote File Disclosure Vulnerability Script : http://sourceforge.net/project/platformdownload.php?groupid=186000 /frames/nogui/scdownload.php Exploit:...

TuMusika Evolution 1.7R5 - Remote File Disclosure

TuMusika Evolution 1.7R5 Remote File Disclosure Vulnerability Script : http://sourceforge.net/project/platformdownload.php?groupid=186000 /frames/nogui/scdownload.php Exploit: /Evolution1.7/frames/nogui/scdownload.php?uri=../../../../../../etc/passwd TuMusika Evolution 1.7R5 Local File Inclusion...

TuMusika Evolution 1.7R5 Remote File Disclosure Vulnerability

Exploit for unknown platform in category web applications ============================================================= TuMusika Evolution 1.7R5 Remote File Disclosure Vulnerability ============================================================= TuMusika Evolution 1.7R5 Remote File Disclosure...

Ubuntu 6.06 LTS / 6.10 : evolution vulnerability (USN-442-1)

Ulf Harnhammar of Secunia Research discovered that Evolution did not correctly handle format strings when displaying shared memos. If a remote attacker tricked a user into viewing a specially crafted shared memo, they could execute arbitrary code with user privileges. Note that Tenable Network...

Ubuntu 6.06 LTS / 6.10 / 7.04 : evolution-data-server vulnerability (USN-475-1)

Philip Van Hoof discovered that the IMAP client in Evolution did not correctly verify the SEQUENCE value. A malicious or spoofed server could exploit this to execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from...

GLSA-200711-04 : Evolution: User-assisted remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200711-04 Evolution: User-assisted remote execution of arbitrary code The imaprescan function of the file camel-imap-folder.c does not properly sanitize the 'SEQUENCE' response sent by an IMAP server before being used to index...

Evolution: User-assisted remote execution of arbitrary code

Background Evolution is the mail client of the GNOME desktop environment. Camel is the Evolution Data Server module that handles mail functions. Description The imaprescan function of the file camel-imap-folder.c does not properly sanitize the "SEQUENCE" response sent by an IMAP server before bei...

Fedora 7 : evolution-data-server-1.10.2-3.fc7 (2007-0464)

This update fixes a security flaw in Evolution's IMAP module. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

openSUSE 10 Security Update : evolution (evolution-3960)

Format string problems in the Memo Viewer of evolution could be used to potentially execute code when viewing shared memos. CVE-2007-1002 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE 10 Security Update : gtk2 (gtk2-2499)

A bug in gdk-pixbuf could crash applications such as Evolution when trying to display certain images CVE-2007-0010 Additionally a bug in the printer dialog prevent the correct display of all connected printers. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

openSUSE 10 Security Update : evolution-data-server (evolution-data-server-3825)

A malicious IMAP server could execute code within evolution by sending a malformed response to a SEQUENCE command. CVE-2007-3257 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

CVE-2002-2249

PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to 1 backend.php, 2 screen.php, or 3 admin/modules/comment.php...

CVE-2002-2249

CVE-2002-2249 affects News Evolution 2.0 and describes a PHP remote file inclusion vulnerability. The issue allows an attacker to execute arbitrary PHP commands by supplying a crafted neurl parameter to one of three scripts: backend.php, screen.php, or admin/modules/comment.php. The documents do ...

SUSE-SA:2007:042: evolution,evolution-data-server

The remote host is missing the patch for the advisory SUSE-SA:2007:042 evolution,evolution-data-server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This plugin text was extracted from SuSE Security Advisory SUSE-SA:2007:042 if ! definedfunc"bnrandom" exit0;...

Debian DSA-1325-1 : evolution - several vulnerabilities

Several remote vulnerabilities have been discovered in Evolution, a groupware suite with mail client and organizer. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-1002 Ulf Harnhammar discovered that a format string vulnerability in the handling of...

GLSA-200707-03 : Evolution: User-assisted remote execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200707-03 Evolution: User-assisted remote execution of arbitrary code The imaprescan function of the file camel-imap-folder.c does not properly sanitize the 'SEQUENCE' response sent by an IMAP server before being used to index...

Evolution: User-assisted remote execution of arbitrary code

Background Evolution is the mail client of the GNOME desktop environment. Camel is the Evolution Data Server module that handles mail functions. Description The imaprescan function of the file camel-imap-folder.c does not properly sanitize the "SEQUENCE" response sent by an IMAP server before bei...

[SECURITY] [DSA 1325-1] New evolution packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1325-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 29th, 2007 http://www.debian.org/security/faq -...