9 matches found
CVE-1999-0865
CVE-1999-0865 affects CommuniGate Pro
CVE-2007-2718
CVE-2007-2718 describes a cross-site scripting (XSS) vulnerability in the WebMail component of Stalker CommuniGate Pro 5.1.8 and earlier when accessed via Microsoft Internet Explorer . The issue allows a remote attacker to inject arbitrary web script or HTML through crafted STYLE tags . The vulne...
CVE-2018-3815
CVE-2018-3815 concerns CommuniGate Pro (CGP) 6.2 where the XML Interface to Messaging, Scheduling, and Signaling (XIMSS) protocol lacks validation, enabling email spoofing. An authenticated attacker can send a message from any source address by issuing an HTTP POST to the /Session URI and interch...
CVE-2006-0468
CVE-2006-0468 affects CommuniGate Pro Core Server prior to 5.0.7. The vulnerability arises in the LDAP component, where handling of LDAP messages with negative BER lengths can crash the LDAP server and may allow remote code execution on the affected host, as demonstrated by the ProtoVer LDAP test...
CVE-2000-0634
The CVE-2000-0634 entry concerns the web administration interface of CommuniGate Pro 3.2.5 and earlier, where an attacker can read arbitrary files via a directory traversal (.. path) vector. The underlying issue is a dot-dot traversal vulnerability in the web admin interface that permits reading ...
CVE-2003-1481
CommuniGate Pro versions 3.1–4.0.6 are affected by a flaw where the session ID is exposed in the Referer header of an image request. This enables remote attackers to hijack mail sessions by sending an email containing an IMG tag referencing a malicious URL that captures the Referer. Impact is use...
CVE-2002-2375
The CVE-2002-2375 entry concerns CommuniGate Pro (verified: 4.0b4 and potentially earlier) with a directory traversal flaw in the WebUser component. The underlying issue allows remote attackers to enumerate the WebUser directory and its parent by using URL path components “..” or “.”. Impact is d...
CVE-2000-1002
The CVE-2000-1002 vulnerability affects the POP3 daemon in Stalker CommuniGate Pro 3.3.2 where authentication error handling reveals whether a username exists by returning different messages for invalid usernames versus invalid passwords. This information leakage enables remote attackers to enume...
CVE-2005-1007
CVE-2005-1007 is a vulnerability in the LISTS module of CommuniGate Pro prior to version 4.3c3, where remote attackers can cause a denial of service (server crash) by sending malformed multipart messages. The issue is tied to the LISTS functionality and enables a network-based DoS condition as de...