5 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions. Una vulnerabilidad de tipo UNIX Symbolic Link (Symlink) Following en el empaquetado de gnump3d en openSUSE Leap versión 15.1, permite a atacantes locales escalar desde un usuario gnump3d a root. Este problema afecta a: gnump3d versión 3.0-lp151.2.1 y versiones anteriores, de openSUSE Leap versión 15.1. • https://bugzilla.suse.com/show_bug.cgi?id=1154229 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0

Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". • http://secunia.com/advisories/17646 http://secunia.com/advisories/17647 http://secunia.com/advisories/17656 http://www.debian.org/security/2005/dsa-901 http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml http://www.gnu.org/software/gnump3d/ChangeLog http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.securityfocus.com/bid/15496 http://www.vupen.com/english/advisories/2005/2489 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 1.9EPSS: 0%CPEs: 8EXPL: 0

GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. • http://secunia.com/advisories/17646 http://secunia.com/advisories/17647 http://secunia.com/advisories/17656 http://www.debian.org/security/2005/dsa-901 http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml http://www.gnu.org/software/gnump3d/ChangeLog http://www.gnu.org/software/gnump3d/attacks.html#temporary-files http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.securityfocus.com/bid/15497 http://www.vupen.com/english/advisories/2005/24 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0

Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. • http://secunia.com/advisories/17351 http://secunia.com/advisories/17355 http://secunia.com/advisories/17449 http://secunia.com/advisories/17831 http://securitytracker.com/id?1015118 http://www.debian.org/security/2005/dsa-877 http://www.gnu.org/software/gnump3d/ChangeLog http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.securityfocus.com/bid/15341 •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 1

Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. • http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html http://secunia.com/advisories/17351 http://secunia.com/advisories/17559 http://securityreason.com/securityalert/127 http://securitytracker.com/id?1015118 http://www.debian.org/security/2005/dsa-877 http://www.novell.com/linux/security/advisories/2005_27_sr.html http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.osvdb.org/20360 http://www.securityfocus.com/bid/15228 http:// •