VYPR

Evolution

by Evolution

CVEs (12)

  • CVE-2006-4678Sep 11, 2006
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php.

  • CVE-2023-43340Oct 19, 2023
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and cmspasswordconfim parameters

  • CVE-2022-4869Jan 5, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information…

  • CVE-2009-3721May 26, 2021
    risk 0.00cvss epss 0.02

    Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially…

  • CVE-2019-3890Aug 1, 2019
    risk 0.00cvss epss 0.01

    It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

  • CVE-2009-0547Feb 12, 2009
    risk 0.00cvss epss 0.02

    Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than…

  • CVE-2008-1109Jun 4, 2008
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).

  • CVE-2008-1108Jun 4, 2008
    risk 0.00cvss epss 0.06

    Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.

  • CVE-2008-0072Mar 6, 2008
    risk 0.00cvss epss 0.05

    Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.

  • CVE-2005-2550Aug 12, 2005
    risk 0.00cvss epss 0.04

    Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.

  • CVE-2005-2549Aug 12, 2005
    risk 0.00cvss epss 0.04

    Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.

  • CVE-2003-0296Jun 16, 2003
    risk 0.00cvss epss 0.02

    The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.