[CLOSE] OSVDB ID : 11621 - Disclosed: 2001-06-26

Description:

(Description Provided by CVE) : gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.

[CLOSE] OSVDB ID : 11622 - Disclosed: 2004-06-25

Description:

GNATS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to a format string condition in the logging functions. With a specially formatted request that is passed to $SYSLOG, a remote attacker could execute command with the privilege of the GNATS process.

[CLOSE] OSVDB ID : 36224 - Disclosed: 2007-05-19

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.

[CLOSE] OSVDB ID : 29865 - Disclosed: 2006-07-24

Description:

(Description Provided by CVE) : Format string vulnerability in the flush_output function in ConsoleStreambuf.cpp in Game Network Engine (GNE) 0.70 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute code via format string specifiers in unspecified vectors involving output to the gout console.

[CLOSE] OSVDB ID : 50780 - Disclosed: 2008-12-16

Description:

Gnews Publisher contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the authors.asp script not properly sanitizing user-supplied input to the authorID parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 31919 - Disclosed: 2006-11-20

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter.

[CLOSE] OSVDB ID : 6684 - Disclosed: 2003-06-11

Description:

An overflow exists in Gnocatan. Gnocatan fails to check boundary, resulting in a buffer overflow. With a specially crafted request, an attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 10853 - Disclosed: 2004-10-16

Description:

Gnofract 4d contains a flaw related to a .fct file that may allow an attacker to insert and execute arbitrary Python code. No further details have been provided.

[CLOSE] OSVDB ID : 6553 - Disclosed: 2003-05-26

Description:

A remote overflow exists in Gnome Batalla Naval gbnserver. The issue is due to a boundary error in gbnserver. By sending an overly long string, an attacker can cause a buffer overflow and crash the server or execute arbitrary code with game server user privileges, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 31771 - Disclosed: 2006-06-01

Description:

(Description Provided by CVE) : Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.

[CLOSE] OSVDB ID : 72551 - Disclosed: 2011-03-28

Description:

(Description Provided by CVE) : GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.

[CLOSE] OSVDB ID : 26269 - Disclosed: 2006-06-08

Description:

(Description Provided by CVE) : GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.

[CLOSE] OSVDB ID : 66643 - Disclosed: 2009-02-15

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 39560 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

[CLOSE] OSVDB ID : 30848 - Disclosed: 2006-12-14

Description:

Gnome Display Manager contains a flaw that may allow a malicious user to to gain escalated privileges. The issue is is caused due to a format string error within the 'gdm_chooser_add_host()' function in gdm2/gui/gdmchooser.c. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 73035 - Disclosed: 2011-05-30

Description:

(Description Provided by CVE) : GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type.

[CLOSE] OSVDB ID : 57657 - Disclosed: 2009-09-02

Description:

(Description Provided by CVE) : The Red Hat build script for the GNOME Display Manager (GDM) before 2.16.0-56 on Red Hat Enterprise Linux (RHEL) 5 omits TCP Wrapper support, which might allow remote attackers to bypass intended access restrictions via XDMCP connections, a different vulnerability than CVE-2007-5079.

[CLOSE] OSVDB ID : 72550 - Disclosed: 2010-01-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 1547 - Disclosed: 2000-09-11

Description:

(Description Provided by CVE) : Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.

[CLOSE] OSVDB ID : 18690 - Disclosed: 2005-08-10

Description:

(Description Provided by CVE) : Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.

[CLOSE] OSVDB ID : 13160 - Disclosed: 2005-01-25

Description:

A remote overflow exists in Evolution. Evolution contains a flaw in the camel-lock-helper application resulting in an integer overflow. With a specially crafted request, a malicious, local user or POP3 server can execute arbitrary code with the privileges of the camel-lock-helper application resulting in a loss of integrity.

[CLOSE] OSVDB ID : 23586 - Disclosed: 2006-03-02

Description:

(Description Provided by CVE) : GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.

[CLOSE] OSVDB ID : 12648 - Disclosed: 2003-03-13

Description:

(Description Provided by CVE) : GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.

[CLOSE] OSVDB ID : 18688 - Disclosed: 2005-08-10

Description:

Evolution contains a flaw that may allow a malicious user to execute arbitrary code. The issue is related to an unspecified format string flaw in the display of LDAP contact data. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 22923 - Disclosed: 2006-01-30

Description:

(Description Provided by CVE) : The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.

[CLOSE] OSVDB ID : 18689 - Disclosed: 2005-08-10

Description:

Evolution contains a flaw that may allow a malicious user to execute arbitrary code. The issue is due to an unspecified format string flaw related to the display of task list data from remote servers. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 18687 - Disclosed: 2005-08-10

Description:

(Description Provided by CVE) : Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.

[CLOSE] OSVDB ID : 16809 - Disclosed: 2005-05-20

Description:

gedit contains a flaw that may allow a local denial of service. The issue is triggered due to the handling of binary files with format string specifiers in the filename. With a specially crafted filename, a malicious user can cause the application to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 4667 - Disclosed: 2004-03-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 18693 - Disclosed: 2005-08-10

Description:

(Description Provided by CVE) : xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.