| OSVDB ID | Disclosure Date | Title |
|---|
|
20359
Description:
GNUMP3d contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate URLs before returning them in a 404 error page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-10-28
|
GNUMP3d Error Page XSS
|
|
20939
Description:
(Description Provided by CVE) : GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
|
2005-11-17
|
GNUMP3d index.lok Symlink Arbitrary File Overwrite
|
|
20938
Description:
Unknown / Incomplete
|
2003-10-16
|
GNUMP3d Search Plugin Unspecified XSS
|
|
20360
Description:
GNUMP3d contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../).
|
2005-10-28
|
GNUMP3d Server Traversal Arbitrary File Access
|
|
42414
Description:
(Description Provided by CVE) : gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
|
2007-10-17
|
GNUMP3d Un-passworded Plugins Authentication Weakness
|
|
20723
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
|
2005-10-28
|
GNUMP3d Unspecified XSS
|
|
25518
Description:
(Description Provided by CVE) : GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors.
|
2006-05-12
|
GNUnet Empty UDP Datagram Remote DoS
|
|
33501
Description:
(Description Provided by CVE) : GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.
|
2007-03-05
|
GnuPG / GPGME Unsigned OpenPGP Message Weakness
|
|
30720
Description:
(Description Provided by CVE) : Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.
|
2006-11-27
|
GnuPG ask_outfile_name Function Prompt Construction Overflow
|
|
1699
Description:
GnuPG contains a flaw that may allow a malicious user to modify the contents of a file without being detected. The issue is triggered when a file is signed with a detached signature. If the detached signature is replaced with clearsigned text, GnuPG will still report a successfully verified signature. It is possible that the flaw may allow false positives in the verification mechanism, resulting in a loss of integrity.
|
2000-12-20
|
GnuPG Detached Signature Verification False-Positive
|
|
2869
Description:
GnuPG has a serious flaw that compromises any ElGamal key used for signing or encrypting material. When GnuPG creates ElGamal sign+encrypt keys (type 20), it does so in a cryptographically weak way. This can be exploited to compromise the private key.
|
2003-11-27
|
GnuPG ElGamal Encrypt+Sign Private Key Disclosure
|
|
23790
Description:
Gnu Privacy Guard contains a flaw that may allow a malicious user to inject unsigned data into a signed message. The issue is triggered when unsigned PGP packets are prepended or appended to legitimately signed packet streams. It is possible that the flaw may allow injected data to appear signed resulting in a loss of integrity.
|
2006-03-09
|
GnuPG gpg Unsigned Data Injection Detection Failure
|
|
4904
Description:
This vulnerability exists only when the gpgkeys_hkp utility, which is used for key retrieval from a keyserver when the HKP interface is enabled. The flaw lies within the source file gpgkeys_hkp.c where the fprintf() function is used to print the PGP key block to the client.
|
2003-12-03
|
GnuPG gpgkeys_hkp Remote Format String
|
|
23221
Description:
(Description Provided by CVE) : gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
|
2006-02-15
|
GnuPG gpgv Detached Signature Verification Failure
|
|
2899
Description:
GnuPG contains a flaw that may allow a malicious user to cause a denial of service or execute arbitrary code. The issue is triggered when the external HKP interface is enabled and crafted data is sent. GnuPG's external HTTP Keyserver Protocol (HKP) interface contains a format string flaw in keyserver/gpgkeys_hkp.c that could allow a compromised key server to execute remote commands on a client machine requesting information. The external HKP interface is not enabled by default in 1.2 stable branch, but is enabled by default on the 1.3 devel branch. It is possible that the flaw may allow this execution of remote code, resulting in a loss of integrity.
|
2003-12-03
|
GnuPG HTTP Keyserver Protocol Interface Format String
|
|
43932
Description:
(Description Provided by CVE) : GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."
|
2008-03-26
|
GnuPG Key Import ID Deduplication Memory Corruption
|
|
43514
Description:
Unknown / Incomplete
|
2007-01-15
|
GnuPG Multiple Unspecified Issues
|
|
4947
Description:
GnuPG versions prior to 1.2.2 handle trust relationships of multiple userids bound to a single key incorrectly. If a key has more than one userid, all userids assume the validity of the most valid userid, rather than applying the relevant trust path to each userid individually.
|
2003-05-03
|
GnuPG Multiple Userid Key Validity
|
|
1608
Description:
GnuPG contains a flaw that may allow a malicious attacker to modify documents in a signed message without changing the apparent signatures. The issue is triggered when a message with multiple cleartext signatures and multiple attached documents is created. GnuPG does not compare each signature for each document in the message, but instead flags each document as good or bad depending on the first document in the file. It is possible that this flaw may allow an attacker to surreptitiously modify any document but the first, resulting in a loss of integrity.
|
2000-10-11
|
GnuPG Multiply Signed Message Document Modification
|
|
31832
Description:
(Description Provided by CVE) : A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
|
2006-12-06
|
GnuPG OpenPGP Packet Decryption Overflow
|
|
26770
Description:
(Description Provided by CVE) : parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.
|
2006-05-31
|
GnuPG parse-packet.c Large Packet Length DoS
|
|
27664
Description:
(Description Provided by CVE) : Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
|
2006-07-21
|
GnuPG parse_comment Function Crafted Message Overflow DoS
|
|
1702
Description:
GnuPG contains a flaw that may allow a malicious user to compromise the web of trust. The issue is triggered when the user retrieves keys from a public keyserver. GnuPG will import private keys as well as public ones, and will not warn the user about the import of private keys. An attacker can upload a private key to the keyserver as well as a public one, with malicious intent. Since private keys are implicitly trusted, it is possible that the flaw may allow a change in the trust relationships of the web of trust, resulting in a loss of integrity.
|
2000-12-20
|
GnuPG Private Key Silent Import
|
|
4905
Description:
GnuPG contains a flaw that may allow a malicious user to overwrite group root writeable files. The issue is triggered when GnuPG has the setgid bit set. It is possible that the flaw may allow improper overwriting of files, resulting in a loss of integrity and/or availability.
|
2003-07-19
|
GnuPG setgid Root Group File Overwrite
|
|
1845
Description:
GnuPG contains a flaw that may allow a malicious user to execute arbitrary code in the context of a user decrypting a given file. The issue is triggered when the attacker sends the victim a GPG message with a crafted filename, exploiting a format string vulnerability in the tty_printf() function. It is possible that the flaw may allow execution of code in the context of the target user, resulting in a loss of integrity.
|
2001-05-29
|
GnuPG tty_printf() Format String
|
|
55973
Description:
Unknown / Incomplete
|
2009-03-03
|
GnuPG Unspecified Issue
|
|
60139
Description:
(Description Provided by CVE) : Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors.
|
2002-12-06
|
Gnuplot French Documentation Patch Unspecified Local Overflow
|
|
9202
Description:
(Description Provided by CVE) : Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags.
|
2001-08-30
|
gnut Gnutella Client File Name XSS
|
|
45382
Description:
(Description Provided by CVE) : The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
|
2008-05-19
|
GnuTLS gnutls-serv libgnutls lib/ext_server_name.c _gnutls_server_name_recv_params Function Session Resumption Data Remote Overflow
|
|
45383
Description:
(Description Provided by CVE) : The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
|
2008-05-19
|
GnuTLS gnutls-serv libgnutls lib/gnutls_kx.c _gnutls_recv_client_kx_message Function TLS Message Handling Remote DoS
|
