Lucene search
+L
CitadelWebcit

9 matches found

CVE
CVE
added 2020/10/28 6:44 p.m.61 views

CVE-2020-27739

CVE-2020-27739 describes a weak session‑management vulnerability in Citadel WebCit up to version 926, where unauthenticated remote attackers can hijack a recently logged‑in user’s session. The description clearly states the affected component is WebCit (the Citadel Servlet engine) and the impact ...

9.8CVSS9.4AI score0.01814EPSS
CVE
CVE
added 2023/05/29 12:0 a.m.59 views

CVE-2021-37845

CVE-2021-37845 affects Citadel (webcit-932). A MITM attacker can fixate a session in the cleartext phase before STARTTLS, violating RFC2595, potentially causing a victim’s e‑mail messages to be stored in the attacker’s IMAP mailbox, depending on the victim client behavior. The available documents...

3.7CVSS4.3AI score0.00665EPSS
CVE
CVE
added 2009/03/24 7:0 p.m.57 views

CVE-2009-0364

CVE-2009-0364 is a format-string vulnerability in the WebCit mini_calendar component of Citadel.org WebCit, affecting WebCit 7.22 and other versions prior to 7.39. The issue allows remote attackers to execute arbitrary code via unspecified vectors. Public sources confirm this as a remote code exe...

7.5CVSS7.6AI score0.02594EPSS
CVE
CVE
added 2023/05/29 12:0 a.m.53 views

CVE-2020-29547

Citadel through webcit-926 (CVE-2020-29547) is affected. The vulnerability lets Meddler-in-the-middle attackers inject cleartext commands into an encrypted user session after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS, potentially leading to credential disclosure. Connected sources corroborate th...

5.9CVSS5.7AI score0.00753EPSS
CVE
CVE
added 2020/10/28 6:44 p.m.49 views

CVE-2020-27740

CVE-2020-27740 affects Citadel WebCit up to version 926. The vulnerability lets unauthenticated remote attackers enumerate valid users on the platform, as described in the CVE entry. Public details in the initial document indicate reporting to the vendor in a public thread; no explicit exploit co...

5.3CVSS5.4AI score0.01277EPSS
CVE
CVE
added 2007/07/17 1:0 a.m.46 views

CVE-2007-3821

CVE-2007-3821 describes a cross-site request forgery (CSRF) vulnerability in Webcit prior to 7.11. The issue allows remote attackers to modify configurations and perform actions as arbitrary users via unspecified vectors. The affected product is Webcit; the root cause is CSRF that enables unautho...

7.5CVSS7AI score0.02744EPSS
CVE
CVE
added 2020/10/28 6:44 p.m.46 views

CVE-2020-27742

CVE-2020-27742 affects Citadel WebCit (through version 926) and is an Insecure Direct Object Reference vulnerability that lets an authenticated remote attacker read someone else’s emails via the msg_confirm_move template. The vulnerability is documented across multiple sources (NVD entry and Red ...

6.5CVSS6.3AI score0.01136EPSS
CVE
CVE
added 2007/07/17 1:0 a.m.45 views

CVE-2007-3822

CVE-2007-3822 affects Webcit before 7.11 with multiple cross-site scripting (XSS) vulnerabilities. An attacker can inject arbitrary script/HTML via (1) the who parameter to showuser and other vectors such as calendar mode, bulletin board mode, room names, and uploaded file names. The provided doc...

2.6CVSS5.7AI score0.02478EPSS
CVE
CVE
added 2020/10/28 6:44 p.m.43 views

CVE-2020-27741

CVE-2020-27741 concerns multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit up to version 926, which allow remote attackers to inject arbitrary web script or HTML via various pages and parameters. The provided documents state the existence of these XSS flaws but do not detail af...

6.1CVSS6.1AI score0.00831EPSS