CVE-2006-6680
- EPSS 0.04%
- Veröffentlicht 21.12.2006 19:28:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file.
CVE-2006-6681
- EPSS 0.91%
- Veröffentlicht 21.12.2006 19:28:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack.
CVE-2006-6639
- EPSS 0.06%
- Veröffentlicht 19.12.2006 20:28:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line.
CVE-2002-2219
- EPSS 8.81%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remote attackers to read the last line of the shadow file via a long user (userid) field.
CVE-2002-2220
- EPSS 0.05%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors.
CVE-2002-2221
- EPSS 0.06%
- Veröffentlicht 31.12.2002 05:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639.