Linux: >> Linux Kernel >> 2.5.36 Security Vulnerabilities
cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
CVSS Score
2.1
EPSS Score
0.005
Published
2004-05-26
Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator.
CVSS Score
9.3
EPSS Score
0.013
Published
2003-12-31
Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.
CVSS Score
7.5
EPSS Score
0.068
Published
2003-12-31
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
CVSS Score
4.3
EPSS Score
0.003
Published
2003-12-31
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
CVSS Score
5.0
EPSS Score
0.002
Published
2003-12-31
Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos.
CVSS Score
4.8
EPSS Score
0.001
Published
2003-12-31
Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.
CVSS Score
5.0
EPSS Score
0.024
Published
2003-12-31
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
CVSS Score
5.0
EPSS Score
0.003
Published
2003-12-31
Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors.
CVSS Score
5.0
EPSS Score
0.039
Published
2003-12-31
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVSS Score
4.3
EPSS Score
0.006
Published
2003-12-31