Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

97 matches found

NVD
NVDadded 2023/05/29 7:15 p.m.7 views

CVE-2020-29547

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...

5.9CVSS5.7AI score0.00753EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2023/05/29 7:15 p.m.26 views

CVE-2020-29547

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...

5.9CVSS6.2AI score0.00753EPSS
Exploits0References3
OSV
OSVadded 2023/05/29 7:15 p.m.2 views

UBUNTU-CVE-2020-29547

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...

5.9CVSS5.8AI score0.00753EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2023/05/29 7:15 p.m.23 views

CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

3.7CVSS5.9AI score0.00665EPSS
Exploits1References3
Prion
Prionadded 2023/05/29 7:15 p.m.16 views

Command injection

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

2.6CVSS4.2AI score0.00665EPSS
Exploits1References3Affected Software1
Prion
Prionadded 2023/05/29 7:15 p.m.15 views

Design/Logic Flaw

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...

2.6CVSS5.7AI score0.00753EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2023/05/29 12:0 a.m.14 views

CVE-2020-29547

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...

5.7AI score0.00753EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2023/05/29 12:0 a.m.4 views

PT-2023-12330 · Citadel · Citadel

Name of the Vulnerable Software and Affected Versions: Citadel through webcit-932 Description: An issue was discovered that allows a meddler-in-the-middle attacker to fixate their own session during the cleartext phase before a STARTTLS command, violating the RFC2595 standard. This potentially...

3.7CVSS6.6AI score0.00665EPSS
Exploits1References9
CVE
CVEadded 2023/05/29 12:0 a.m.48 views

CVE-2021-37845

CVE-2021-37845 affects Citadel (webcit-932). A MITM attacker can fixate a session in the cleartext phase before STARTTLS, violating RFC2595, potentially causing a victim’s e‑mail messages to be stored in the attacker’s IMAP mailbox, depending on the victim client behavior. The available documents...

3.7CVSS4.3AI score0.00665EPSS
Exploits1References3Affected Software1
CNNVD
CNNVDadded 2023/05/29 12:0 a.m.4 views

Citadel 命令注入漏洞

Citadel is an asset management software from Citadel, Inc. in the United States. A security vulnerability exists in Citadel webcit 926, which can be exploited by an attacker to inject commands into an encrypted user session via a pipe after a POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS command,...

5.9CVSS6.1AI score0.00753EPSS
Exploits0References3
CVE
CVEadded 2023/05/29 12:0 a.m.48 views

CVE-2020-29547

Citadel through webcit-926 (CVE-2020-29547) is affected. The vulnerability lets Meddler-in-the-middle attackers inject cleartext commands into an encrypted user session after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS, potentially leading to credential disclosure. Connected sources corroborate th...

5.9CVSS5.7AI score0.00753EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2023/05/29 12:0 a.m.3 views

Citadel 安全漏洞

Citadel is an asset management software from Citadel, Inc. in the United States. A security vulnerability exists in Citadel webcit 932, which originates from a vulnerability that allows an attacker to store a victim's email message in the attacker's IMAP mailbox, which can be exploited by an...

3.7CVSS5.2AI score0.00665EPSS
Exploits1References4
Cvelist
Cvelistadded 2023/05/29 12:0 a.m.17 views

CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

4.5AI score0.00665EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2023/05/29 12:0 a.m.13 views

CVE-2020-29547

Removed by vendor...

5.9CVSS5.8AI score0.00753EPSS
Exploits0
Debian CVE
Debian CVEadded 2023/05/29 12:0 a.m.23 views

CVE-2021-37845

Removed by vendor...

3.7CVSS4.8AI score0.00665EPSS
Exploits1
Check Point Advisories
Check Point Advisoriesadded 2020/11/23 12:0 a.m.2 views

Citadel WebCit Cross Site Scripting (CVE-2020-27739)

A cross-site scripting vulnerability exists in Citadel WebCit. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

7.5CVSS4.9AI score0.01814EPSS
Exploits1
Packet Storm
Packet Stormadded 2020/10/30 12:0 a.m.690 views

Citadel WebCit Session Hijacking

Exploit Title: Citadel WebCit 926 - Session Hijacking Exploit Exploit Author: Simone Quatrini Version: 926 !/usr/bin/env python3 import argparse import requests import time import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning...

0.4AI score
Exploits0
Exploit DB
Exploit DBadded 2020/10/30 12:0 a.m.600 views

Citadel WebCit < 926 - Session Hijacking Exploit

Exploit Title: Citadel WebCit 926 - Session Hijacking Exploit Exploit Author: Simone Quatrini Version: 926 !/usr/bin/env python3 import argparse import requests import time import sys from requests.packages.urllib3.exceptions import InsecureRequestWarning...

7.4AI score
Exploits0
CNVD
CNVDadded 2020/10/29 12:0 a.m.4 views

Unspecified Vulnerability in Citadel WebCit

WebCit is the Citadel Servlet engine. A security vulnerability exists in Citadel WebCit 926 and earlier versions. A remote authentication attacker can exploit this vulnerability to read someone's email via the msgconfirmmove template...

6.5CVSS7.1AI score0.01136EPSS
Exploits1References1
CNVD
CNVDadded 2020/10/29 12:0 a.m.1 views

Citadel WebCit Cross-Site Scripting Vulnerability

WebCit is the Citadel Servlet engine. A cross-site scripting vulnerability exists in Citadel WebCit 926 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via multiple pages and parameters...

6.1CVSS6AI score0.00831EPSS
Exploits1References1
Rows per page
Query Builder