Citadel : Security Vulnerabilities, CVEs, (Code Execution)
Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
7.5
EPSS Score
4.24%
Published
2009-03-26
Updated
2009-04-02
Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote attackers to execute arbitrary code via a long RCPT TO command, which is not properly handled by the makeuserkey function. NOTE: some of these details were obtained from third party information.
Max CVSS
7.5
EPSS Score
23.27%
Published
2008-01-23
Updated
2017-09-29
Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server.
Max CVSS
10.0
EPSS Score
8.36%
Published
2005-01-10
Updated
2017-07-11
Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server.
Max CVSS
10.0
EPSS Score
2.83%
Published
2002-07-26
Updated
2008-09-05
4 vulnerabilities found