[CLOSE] OSVDB ID : 38255 - Disclosed: 2007-05-08

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.

[CLOSE] OSVDB ID : 38252 - Disclosed: 2007-05-08

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.

[CLOSE] OSVDB ID : 38256 - Disclosed: 2007-05-08

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.

[CLOSE] OSVDB ID : 13270 - Disclosed: 2005-01-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 5323 - Disclosed: 2004-04-08

Description:

(Description Provided by CVE) : gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.

[CLOSE] OSVDB ID : 53000 - Disclosed: 2009-01-26

Description:

(Description Provided by CVE) : Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

[CLOSE] OSVDB ID : 1030 - Disclosed: 1999-08-02

Description:

(Description Provided by CVE) : The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.

[CLOSE] OSVDB ID : 42835 - Disclosed: 2007-12-24

Description:

(Description Provided by CVE) : The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 20940 - Disclosed: 2005-11-17

Description:

(Description Provided by CVE) : Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".

[CLOSE] OSVDB ID : 20359 - Disclosed: 2005-10-28

Description:

GNUMP3d contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate URLs before returning them in a 404 error page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20939 - Disclosed: 2005-11-17

Description:

(Description Provided by CVE) : GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.

[CLOSE] OSVDB ID : 20938 - Disclosed: 2003-10-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 20360 - Disclosed: 2005-10-28

Description:

GNUMP3d contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../).

[CLOSE] OSVDB ID : 42414 - Disclosed: 2007-10-17

Description:

(Description Provided by CVE) : gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.

[CLOSE] OSVDB ID : 20723 - Disclosed: 2005-10-28

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.

[CLOSE] OSVDB ID : 25518 - Disclosed: 2006-05-12

Description:

(Description Provided by CVE) : GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors.

[CLOSE] OSVDB ID : 33501 - Disclosed: 2007-03-05

Description:

(Description Provided by CVE) : GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection.

[CLOSE] OSVDB ID : 30720 - Disclosed: 2006-11-27

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.

[CLOSE] OSVDB ID : 1699 - Disclosed: 2000-12-20

Description:

GnuPG contains a flaw that may allow a malicious user to modify the contents of a file without being detected. The issue is triggered when a file is signed with a detached signature. If the detached signature is replaced with clearsigned text, GnuPG will still report a successfully verified signature. It is possible that the flaw may allow false positives in the verification mechanism, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 2869 - Disclosed: 2003-11-27

Description:

GnuPG has a serious flaw that compromises any ElGamal key used for signing or encrypting material. When GnuPG creates ElGamal sign+encrypt keys (type 20), it does so in a cryptographically weak way. This can be exploited to compromise the private key.

[CLOSE] OSVDB ID : 23790 - Disclosed: 2006-03-09

Description:

Gnu Privacy Guard contains a flaw that may allow a malicious user to inject unsigned data into a signed message. The issue is triggered when unsigned PGP packets are prepended or appended to legitimately signed packet streams. It is possible that the flaw may allow injected data to appear signed resulting in a loss of integrity.

[CLOSE] OSVDB ID : 4904 - Disclosed: 2003-12-03

Description:

This vulnerability exists only when the gpgkeys_hkp utility, which is used for key retrieval from a keyserver when the HKP interface is enabled. The flaw lies within the source file gpgkeys_hkp.c where the fprintf() function is used to print the PGP key block to the client.

[CLOSE] OSVDB ID : 66624 - Disclosed: 2010-07-23

Description:

(Description Provided by CVE) : Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.

[CLOSE] OSVDB ID : 23221 - Disclosed: 2006-02-15

Description:

(Description Provided by CVE) : gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".

[CLOSE] OSVDB ID : 2899 - Disclosed: 2003-12-03

Description:

GnuPG contains a flaw that may allow a malicious user to cause a denial of service or execute arbitrary code. The issue is triggered when the external HKP interface is enabled and crafted data is sent. GnuPG's external HTTP Keyserver Protocol (HKP) interface contains a format string flaw in keyserver/gpgkeys_hkp.c that could allow a compromised key server to execute remote commands on a client machine requesting information. The external HKP interface is not enabled by default in 1.2 stable branch, but is enabled by default on the 1.3 devel branch. It is possible that the flaw may allow this execution of remote code, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 43932 - Disclosed: 2008-03-26

Description:

(Description Provided by CVE) : GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."

[CLOSE] OSVDB ID : 43514 - Disclosed: 2007-01-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4947 - Disclosed: 2003-05-03

Description:

GnuPG versions prior to 1.2.2 handle trust relationships of multiple userids bound to a single key incorrectly. If a key has more than one userid, all userids assume the validity of the most valid userid, rather than applying the relevant trust path to each userid individually.

[CLOSE] OSVDB ID : 1608 - Disclosed: 2000-10-11

Description:

GnuPG contains a flaw that may allow a malicious attacker to modify documents in a signed message without changing the apparent signatures. The issue is triggered when a message with multiple cleartext signatures and multiple attached documents is created. GnuPG does not compare each signature for each document in the message, but instead flags each document as good or bad depending on the first document in the file. It is possible that this flaw may allow an attacker to surreptitiously modify any document but the first, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 31832 - Disclosed: 2006-12-06

Description:

(Description Provided by CVE) : A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.