Vulnerabilities
Vulnerable Software
Citadel:  Security Vulnerabilities
Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.027
Published
2007-07-17
Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names.
CVSS Score
2.6
EPSS Score
0.025
Published
2007-07-17
Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server.
CVSS Score
10.0
EPSS Score
0.117
Published
2005-01-10
Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username.
CVSS Score
5.0
EPSS Score
0.049
Published
2004-07-30
Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages.
CVSS Score
2.1
EPSS Score
0.004
Published
2004-04-12
Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server.
CVSS Score
10.0
EPSS Score
0.056
Published
2002-07-26


Contact Us

Shodan ® - All rights reserved