Vulnerabilities > Citadel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-17 | CVE-2007-3822 | Cross-Site Scripting vulnerability in Citadel Webcit 7.10 Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room names, and (5) uploaded file names. | 2.6 |
| 2007-07-17 | CVE-2007-3821 | Input Validation vulnerability in Citadel Webcit 7.10 Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 allows remote attackers to modify configurations and perform other actions as arbitrary users via unspecified vectors. | 7.5 |
| 2005-01-10 | CVE-2004-1192 | Remote Security vulnerability in Citadel/UX Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server. | 10.0 |
| 2004-07-30 | CVE-2004-1705 | Buffer Overflow vulnerability in Citadel/UX Username Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username. | 5.0 |
| 2004-04-12 | CVE-2004-1933 | Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages. | 2.1 |
| 2002-07-26 | CVE-2002-0432 | Buffer Overflow vulnerability in Citadel UX 5.90 Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server. | 10.0 |