Vulnerabilities
Vulnerable Software
Gnu:  Security Vulnerabilities
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
CVSS Score
6.4
EPSS Score
0.022
Published
2005-11-18
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).
CVSS Score
5.0
EPSS Score
0.027
Published
2005-11-16
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
CVSS Score
4.3
EPSS Score
0.014
Published
2005-11-01
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
CVSS Score
4.3
EPSS Score
0.018
Published
2005-11-01
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.
CVSS Score
5.0
EPSS Score
0.03
Published
2005-10-30
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
CVSS Score
2.1
EPSS Score
0.004
Published
2005-10-05
The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.
CVSS Score
2.1
EPSS Score
0.004
Published
2005-10-05
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVSS Score
1.2
EPSS Score
0.005
Published
2005-09-21
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
CVSS Score
7.5
EPSS Score
0.146
Published
2005-09-13
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
CVSS Score
10.0
EPSS Score
0.04
Published
2005-08-10


Contact Us

Shodan ® - All rights reserved