CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-3697 – Local privilege escalation from user gnump3d to root
https://notcve.org/view.php?id=CVE-2019-3697
24 Jan 2020 — UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions. Una vulnerabilidad de tipo UNIX Symbolic Link (Symlink) Following en el empaquetado de gnump3d en openSUSE Leap versión 15.1, permite a atacantes locales escalar desde un usuario gnump3d a root. Este problema afecta a: gnump3d versión 3.0-lp151.2.1 y version... • https://bugzilla.suse.com/show_bug.cgi?id=1154229 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6130
https://notcve.org/view.php?id=CVE-2007-6130
26 Nov 2007 — gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. gnump3d 2.9final no aplica protección de contraseña en sus plugins, lo cual podría permitir a atacantes remotos evitar restricciones de acceso impuestas. • http://secunia.com/advisories/27848 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2005-3349
https://notcve.org/view.php?id=CVE-2005-3349
18 Nov 2005 — GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. • http://secunia.com/advisories/17646 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2005-3355
https://notcve.org/view.php?id=CVE-2005-3355
18 Nov 2005 — Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". • http://secunia.com/advisories/17646 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2005-3424
https://notcve.org/view.php?id=CVE-2005-3424
01 Nov 2005 — Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. • http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2005-3425
https://notcve.org/view.php?id=CVE-2005-3425
01 Nov 2005 — Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. • http://secunia.com/advisories/17351 •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1CVE-2005-3123
https://notcve.org/view.php?id=CVE-2005-3123
30 Oct 2005 — Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. • http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html •