CVE-2019-3697 – Local privilege escalation from user gnump3d to root
https://notcve.org/view.php?id=CVE-2019-3697
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions. Una vulnerabilidad de tipo UNIX Symbolic Link (Symlink) Following en el empaquetado de gnump3d en openSUSE Leap versión 15.1, permite a atacantes locales escalar desde un usuario gnump3d a root. Este problema afecta a: gnump3d versión 3.0-lp151.2.1 y versiones anteriores, de openSUSE Leap versión 15.1. • https://bugzilla.suse.com/show_bug.cgi?id=1154229 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2007-6130
https://notcve.org/view.php?id=CVE-2007-6130
gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. gnump3d 2.9final no aplica protección de contraseña en sus plugins, lo cual podría permitir a atacantes remotos evitar restricciones de acceso impuestas. • http://secunia.com/advisories/27848 http://secunia.com/advisories/27965 http://www.gnu.org/software/gnump3d/ChangeLog http://www.novell.com/linux/security/advisories/2007_25_sr.html http://www.securityfocus.com/bid/26618 http://www.vupen.com/english/advisories/2007/4039 https://bugs.gentoo.org/show_bug.cgi?id=193132 • CWE-287: Improper Authentication •
CVE-2005-3355
https://notcve.org/view.php?id=CVE-2005-3355
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". • http://secunia.com/advisories/17646 http://secunia.com/advisories/17647 http://secunia.com/advisories/17656 http://www.debian.org/security/2005/dsa-901 http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml http://www.gnu.org/software/gnump3d/ChangeLog http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.securityfocus.com/bid/15496 http://www.vupen.com/english/advisories/2005/2489 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2005-3349
https://notcve.org/view.php?id=CVE-2005-3349
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. • http://secunia.com/advisories/17646 http://secunia.com/advisories/17647 http://secunia.com/advisories/17656 http://www.debian.org/security/2005/dsa-901 http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml http://www.gnu.org/software/gnump3d/ChangeLog http://www.gnu.org/software/gnump3d/attacks.html#temporary-files http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.securityfocus.com/bid/15497 http://www.vupen.com/english/advisories/2005/24 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2005-3424
https://notcve.org/view.php?id=CVE-2005-3424
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. • http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html http://secunia.com/advisories/17351 http://www.debian.org/security/2005/dsa-877 http://www.gnu.org/software/gnump3d/ChangeLog http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.osvdb.org/20359 http://www.securityfocus.com/bid/15226 http://www.vupen.com/english/advisories/2005/2242 •