9 matches found
CVE-2020-27739
CVE-2020-27739 describes a weak session‑management vulnerability in Citadel WebCit up to version 926, where unauthenticated remote attackers can hijack a recently logged‑in user’s session. The description clearly states the affected component is WebCit (the Citadel Servlet engine) and the impact ...
CVE-2021-37845
CVE-2021-37845 affects Citadel (webcit-932). A MITM attacker can fixate a session in the cleartext phase before STARTTLS, violating RFC2595, potentially causing a victim’s e‑mail messages to be stored in the attacker’s IMAP mailbox, depending on the victim client behavior. The available documents...
CVE-2009-0364
CVE-2009-0364 is a format-string vulnerability in the WebCit mini_calendar component of Citadel.org WebCit, affecting WebCit 7.22 and other versions prior to 7.39. The issue allows remote attackers to execute arbitrary code via unspecified vectors. Public sources confirm this as a remote code exe...
CVE-2020-29547
Citadel through webcit-926 (CVE-2020-29547) is affected. The vulnerability lets Meddler-in-the-middle attackers inject cleartext commands into an encrypted user session after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS, potentially leading to credential disclosure. Connected sources corroborate th...
CVE-2020-27740
CVE-2020-27740 affects Citadel WebCit up to version 926. The vulnerability lets unauthenticated remote attackers enumerate valid users on the platform, as described in the CVE entry. Public details in the initial document indicate reporting to the vendor in a public thread; no explicit exploit co...
CVE-2007-3821
CVE-2007-3821 describes a cross-site request forgery (CSRF) vulnerability in Webcit prior to 7.11. The issue allows remote attackers to modify configurations and perform actions as arbitrary users via unspecified vectors. The affected product is Webcit; the root cause is CSRF that enables unautho...
CVE-2020-27742
CVE-2020-27742 affects Citadel WebCit (through version 926) and is an Insecure Direct Object Reference vulnerability that lets an authenticated remote attacker read someone else’s emails via the msg_confirm_move template. The vulnerability is documented across multiple sources (NVD entry and Red ...
CVE-2007-3822
CVE-2007-3822 affects Webcit before 7.11 with multiple cross-site scripting (XSS) vulnerabilities. An attacker can inject arbitrary script/HTML via (1) the who parameter to showuser and other vectors such as calendar mode, bulletin board mode, room names, and uploaded file names. The provided doc...
CVE-2020-27741
CVE-2020-27741 concerns multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit up to version 926, which allow remote attackers to inject arbitrary web script or HTML via various pages and parameters. The provided documents state the existence of these XSS flaws but do not detail af...