CVE-2019-3697
- EPSS 0.52%
- Veröffentlicht 24.01.2020 12:15:11
- Zuletzt bearbeitet 21.11.2024 04:42:21
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versio...
- EPSS 1.49%
- Veröffentlicht 26.11.2007 22:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:27
gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
CVE-2005-3349
- EPSS 0.37%
- Veröffentlicht 18.11.2005 22:03:00
- Zuletzt bearbeitet 16.06.2026 22:16:46
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
CVE-2005-3355
- EPSS 2.23%
- Veröffentlicht 18.11.2005 22:03:00
- Zuletzt bearbeitet 16.06.2026 22:16:47
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
CVE-2005-3424
- EPSS 1.44%
- Veröffentlicht 01.11.2005 22:02:00
- Zuletzt bearbeitet 16.06.2026 22:16:56
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
CVE-2005-3425
- EPSS 1.75%
- Veröffentlicht 01.11.2005 22:02:00
- Zuletzt bearbeitet 16.06.2026 22:16:56
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
- EPSS 2.98%
- Veröffentlicht 30.10.2005 20:02:00
- Zuletzt bearbeitet 16.06.2026 22:16:17
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.