97 matches found
CVE-2020-27739
CVE-2020-27739 describes a weak session‑management vulnerability in Citadel WebCit up to version 926, where unauthenticated remote attackers can hijack a recently logged‑in user’s session. The description clearly states the affected component is WebCit (the Citadel Servlet engine) and the impact ...
CVE-2020-27739
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...
CVE-2020-27739
Removed by vendor...
CVE-2020-27742
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...
CVE-2020-27742
CVE-2020-27742 affects Citadel WebCit (through version 926) and is an Insecure Direct Object Reference vulnerability that lets an authenticated remote attacker read someone else’s emails via the msg_confirm_move template. The vulnerability is documented across multiple sources (NVD entry and Red ...
CVE-2020-27742
Removed by vendor...
CVE-2020-27741
Multiple cross-site scripting XSS vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...
CVE-2020-27741
CVE-2020-27741 concerns multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit up to version 926, which allow remote attackers to inject arbitrary web script or HTML via various pages and parameters. The provided documents state the existence of these XSS flaws but do not detail af...
CVE-2020-27741
Removed by vendor...
CVE-2020-27740
CVE-2020-27740 affects Citadel WebCit up to version 926. The vulnerability lets unauthenticated remote attackers enumerate valid users on the platform, as described in the CVE entry. Public details in the initial document indicate reporting to the vendor in a public thread; no explicit exploit co...
CVE-2020-27740
Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread...
CVE-2020-27740
Removed by vendor...
Citadel WebCit 7.02/7.10 showuser who Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/24913/info Citadel WebCit is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied input dat...
Debian Security Advisory DSA 1752-1 (webcit)
The remote host is missing an update to webcit announced via advisory DSA 1752-1. OpenVAS Vulnerability Test $Id: deb17521.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1752-1 webcit Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...
Debian: Security Advisory (DSA-1752-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2009-0364
Format string vulnerability in the minicalendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2009-0364
Format string vulnerability in the minicalendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors...
WebCit Mini_Calendar组件格式串漏洞
BUGTRAQ ID: 34206 CVECAN ID: CVE-2009-0364 WebCit是Citadel邮件和协作组件所使用的基于WEB的用户界面。 webcit模块calendarview.c文件的embeddableminicalendar函数中存在格式串漏洞,远程攻击者可以通过向服务器提交特制的URL请求导致注入并执行任意指令。 Citadel/UX webcit 7.39 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1752-1)以及相应补丁: DSA-1752-1:New webcit packages fix...
CVE-2009-0364
Format string vulnerability in the minicalendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2009-0364
CVE-2009-0364 is a format-string vulnerability in the WebCit mini_calendar component of Citadel.org WebCit, affecting WebCit 7.22 and other versions prior to 7.39. The issue allows remote attackers to execute arbitrary code via unspecified vectors. Public sources confirm this as a remote code exe...