CVE-2018-3815

The "XML Interface to Messaging, Scheduling, and Signaling" XIMSS protocol implementation in CommuniGate Pro CGP 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email...

Input validation

The "XML Interface to Messaging, Scheduling, and Signaling" XIMSS protocol implementation in CommuniGate Pro CGP 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email...

CVE-2018-3815

The "XML Interface to Messaging, Scheduling, and Signaling" XIMSS protocol implementation in CommuniGate Pro CGP 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email...

CVE-2018-3815

CVE-2018-3815 concerns CommuniGate Pro (CGP) 6.2 where the XML Interface to Messaging, Scheduling, and Signaling (XIMSS) protocol lacks validation, enabling email spoofing. An authenticated attacker can send a message from any source address by issuing an HTTP POST to the /Session URI and interch...

CommuniGatePro 6.2 Missing XIMSS Tag Validation

Exploit Title: CommuniGatePro 6.2 - Missing XIMSS tags validation Date: 02/01/2018 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.stalker.com/ Software Link: http://www.stalker.com/ paid product Version: 6.2.x tags by tags and vice versa, ending up...

Current Versions Release History

Current Versions Release History 5.1c2 30-Jun-06 Valid Core License Keys: issued between 01-Jun-2004 and 31-Oct-2004, or on or after 01-Jun-2005. Admin: Lawful Intercept for Signals is implemented. WSSP: now all string prefixes HTML, JAVASCRIPT, etc. support numeric data. XIMSS: the Signal...