CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1CVE-2001-0406 – Samba 2.0.x - Insecure TMP File Symbolic Link
https://notcve.org/view.php?id=CVE-2001-0406
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient. • https://www.exploit-db.com/exploits/20776 http://archives.neohapsis.com/archives/bugtraq/2001-04/0305.html http://archives.neohapsis.com/archives/bugtraq/2001-04/0319.html http://archives.neohapsis.com/archives/bugtraq/2001-04/0326.html http://archives.neohapsis.com/archives/freebsd/2001-04/0608.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000395 http://www.caldera.com/support/security/advisories/CSSA-2001-015.0.txt http://www.debian.org/security/2001/dsa-048 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 4CVE-2000-0935 – Samba 2.0.7 - SWAT Symlink
https://notcve.org/view.php?id=CVE-2000-0935
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. • https://www.exploit-db.com/exploits/20339 https://www.exploit-db.com/exploits/20338 http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html http://www.securityfocus.com/bid/1872 https://exchange.xforce.ibmcloud.com/vulnerabilities/5443 •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 3CVE-2000-0936 – Samba 2.0.7 - SWAT Logfile Permissions
https://notcve.org/view.php?id=CVE-2000-0936
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. • https://www.exploit-db.com/exploits/20341 http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html http://www.securityfocus.com/bid/1874 https://exchange.xforce.ibmcloud.com/vulnerabilities/5445 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 3CVE-2000-0937 – Samba 2.0.7 - SWAT Logging Failure
https://notcve.org/view.php?id=CVE-2000-0937
Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks. • https://www.exploit-db.com/exploits/20340 http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html http://www.securityfocus.com/bid/1873 https://exchange.xforce.ibmcloud.com/vulnerabilities/5442 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2000-0938
https://notcve.org/view.php?id=CVE-2000-0938
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. • http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html https://exchange.xforce.ibmcloud.com/vulnerabilities/5442 •