deposit()ing when there is no discount results in zero xCitadel bought

Lines of code Vulnerability details The amount of citadel bought when there is no discount is always zero. If the user doesn't specify, or specifies zero as the minCitadelOut, then the user will get no xCitadel and will still have to pay the full price. Proof of Concept If funding.discount is equ...

WebCit Mini_Calendar组件格式串漏洞

BUGTRAQ ID: 34206 CVECAN ID: CVE-2009-0364 WebCit是Citadel邮件和协作组件所使用的基于WEB的用户界面。 webcit模块calendarview.c文件的embeddableminicalendar函数中存在格式串漏洞，远程攻击者可以通过向服务器提交特制的URL请求导致注入并执行任意指令。 Citadel/UX webcit 7.39 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1752-1）以及相应补丁: DSA-1752-1：New webcit packages fix...