EcartisCVEs & Vulnerabilities

8 CVEs affecting Ecartis products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

ecartis 22
CVE-2006-0332MEDIUM

Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files.

21 Jan 2006
6.4
CVSS
CVE-2004-0913MEDIUM

Unknown vulnerability in ecartis 0.x before 0.129a+1.0.0-snap20020514-1.3 and 1.x before 1.0.0+cvs.20030911-8 allows attackers in the same domain to gain administrator privileges and modify configuration.

31 Dec 2004
4.6
CVSS
CVE-2003-0781CRITICAL

Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords.

4 May 2004
10.0
CVSS
CVE-2003-0782CRITICAL

Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.

4 May 2004
10.0
CVSS
CVE-2003-0162HIGH

Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page.

2 Apr 2003
7.5
CVSS
CVE-2002-0467CRITICAL

Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c.

12 Aug 2002
10.0
CVSS
CVE-2002-0469HIGH

Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.

12 Aug 2002
7.2
CVSS
CVE-2002-0468MEDIUMpoc

Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.

12 Aug 2002
4.6
CVSS
← PrevPage 1 / 1Next →