Search criteria

21 vulnerabilities found for gnump3d by gnu

FKIE_CVE-2019-3697

Vulnerability from fkie_nvd - Published: 2020-01-24 12:15 - Updated: 2024-11-21 04:42
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions.
References
meissner@suse.dehttps://bugzilla.suse.com/show_bug.cgi?id=1154229Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=1154229Exploit, Issue Tracking, Vendor Advisory
Impacted products
Vendor Product Version
gnu gnump3d *
opensuse leap 15.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E3DD163-B967-45F2-A8DD-18A6F27370EA",
              "versionEndIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo UNIX Symbolic Link (Symlink) Following en el empaquetado de gnump3d en openSUSE Leap versi\u00f3n 15.1, permite a atacantes locales escalar desde un usuario gnump3d a root. Este problema afecta a: gnump3d versi\u00f3n 3.0-lp151.2.1 y versiones anteriores, de openSUSE Leap versi\u00f3n 15.1."
    }
  ],
  "id": "CVE-2019-3697",
  "lastModified": "2024-11-21T04:42:21.287",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.2,
        "source": "meissner@suse.de",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-24T12:15:11.427",
  "references": [
    {
      "source": "meissner@suse.de",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154229"
    }
  ],
  "sourceIdentifier": "meissner@suse.de",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "meissner@suse.de",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2007-6130

Vulnerability from fkie_nvd - Published: 2007-11-26 22:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
References
cve@mitre.orghttp://secunia.com/advisories/27848
cve@mitre.orghttp://secunia.com/advisories/27965
cve@mitre.orghttp://www.gnu.org/software/gnump3d/ChangeLog
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2007_25_sr.html
cve@mitre.orghttp://www.securityfocus.com/bid/26618
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/4039
cve@mitre.orghttps://bugs.gentoo.org/show_bug.cgi?id=193132
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27848
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27965
af854a3a-2127-422b-91ae-364da2661108http://www.gnu.org/software/gnump3d/ChangeLog
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_25_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26618
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/4039
af854a3a-2127-422b-91ae-364da2661108https://bugs.gentoo.org/show_bug.cgi?id=193132
Impacted products
Vendor Product Version
gnu gnump3d 2.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9:final:*:*:*:*:*:*",
              "matchCriteriaId": "8443C32D-EC3D-42EC-BA83-701848E62595",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions."
    },
    {
      "lang": "es",
      "value": "gnump3d 2.9final no aplica protecci\u00f3n de contrase\u00f1a en sus plugins, lo cual podr\u00eda permitir a atacantes remotos evitar restricciones de acceso impuestas."
    }
  ],
  "id": "CVE-2007-6130",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-26T22:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27848"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27965"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26618"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4039"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=193132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26618"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.gentoo.org/show_bug.cgi?id=193132"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2005-3355

Vulnerability from fkie_nvd - Published: 2005-11-18 22:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
References
secalert@redhat.comhttp://secunia.com/advisories/17646Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/17647Patch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/17656Patch, Vendor Advisory
secalert@redhat.comhttp://www.debian.org/security/2005/dsa-901Patch
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200511-16.xmlPatch
secalert@redhat.comhttp://www.gnu.org/software/gnump3d/ChangeLog
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2005_28_sr.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/15496Patch
secalert@redhat.comhttp://www.vupen.com/english/advisories/2005/2489Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17646Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17647Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17656Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-901Patch
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200511-16.xmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.gnu.org/software/gnump3d/ChangeLog
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_28_sr.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15496Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/2489Vendor Advisory
Impacted products
Vendor Product Version
gnu gnump3d 2.9
gnu gnump3d 2.9.1
gnu gnump3d 2.9.2
gnu gnump3d 2.9.3
gnu gnump3d 2.9.4
gnu gnump3d 2.9.5
gnu gnump3d 2.9.6
gnu gnump3d 2.9.7
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B30C1E-E26C-4208-96E0-10B46FF4D0D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30ED7127-4906-4C95-8180-57E7276FD760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9841DC70-40C0-4BC9-A541-76ED29D17825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0215148C-BC39-43D9-992B-60AF00250234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "967F0E62-2613-49B5-8607-BE28491574AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9BF88B-E1F1-4E90-87F1-D6C186EECE89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "53064746-D281-4E47-B147-8AC75C7B4DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "291414E2-7280-4542-8891-F560436603F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via \"CGI parameters, and cookie values\"."
    }
  ],
  "id": "CVE-2005-3355",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-18T22:03:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17646"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17647"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17656"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2005/dsa-901"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15496"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2005/2489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2005/dsa-901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15496"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2005/2489"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2005-3349

Vulnerability from fkie_nvd - Published: 2005-11-18 22:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
References
security@debian.orghttp://secunia.com/advisories/17646Patch, Vendor Advisory
security@debian.orghttp://secunia.com/advisories/17647Patch, Vendor Advisory
security@debian.orghttp://secunia.com/advisories/17656Patch, Vendor Advisory
security@debian.orghttp://www.debian.org/security/2005/dsa-901Patch
security@debian.orghttp://www.gentoo.org/security/en/glsa/glsa-200511-16.xmlPatch
security@debian.orghttp://www.gnu.org/software/gnump3d/ChangeLogPatch
security@debian.orghttp://www.gnu.org/software/gnump3d/attacks.html#temporary-files
security@debian.orghttp://www.novell.com/linux/security/advisories/2005_28_sr.htmlPatch, Vendor Advisory
security@debian.orghttp://www.securityfocus.com/bid/15497Patch
security@debian.orghttp://www.vupen.com/english/advisories/2005/2489Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17646Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17647Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17656Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-901Patch
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200511-16.xmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.gnu.org/software/gnump3d/ChangeLogPatch
af854a3a-2127-422b-91ae-364da2661108http://www.gnu.org/software/gnump3d/attacks.html#temporary-files
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_28_sr.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15497Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/2489Vendor Advisory
Impacted products
Vendor Product Version
gnu gnump3d *
gnu gnump3d 2.9
gnu gnump3d 2.9.1
gnu gnump3d 2.9.2
gnu gnump3d 2.9.3
gnu gnump3d 2.9.4
gnu gnump3d 2.9.5
gnu gnump3d 2.9.6
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D8CF159-A4B3-493E-957F-C9B856ACE404",
              "versionEndIncluding": "2.9.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B30C1E-E26C-4208-96E0-10B46FF4D0D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30ED7127-4906-4C95-8180-57E7276FD760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9841DC70-40C0-4BC9-A541-76ED29D17825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0215148C-BC39-43D9-992B-60AF00250234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "967F0E62-2613-49B5-8607-BE28491574AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9BF88B-E1F1-4E90-87F1-D6C186EECE89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "53064746-D281-4E47-B147-8AC75C7B4DC0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file."
    }
  ],
  "id": "CVE-2005-3349",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-18T22:03:00.000",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17646"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17647"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17656"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2005/dsa-901"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15497"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2005/2489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2005/dsa-901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2005/2489"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2005-3425

Vulnerability from fkie_nvd - Published: 2005-11-01 22:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
References
cve@mitre.orghttp://secunia.com/advisories/17351
cve@mitre.orghttp://secunia.com/advisories/17355
cve@mitre.orghttp://secunia.com/advisories/17449
cve@mitre.orghttp://secunia.com/advisories/17831
cve@mitre.orghttp://securitytracker.com/id?1015118
cve@mitre.orghttp://www.debian.org/security/2005/dsa-877Patch, Vendor Advisory
cve@mitre.orghttp://www.gnu.org/software/gnump3d/ChangeLog
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2005_28_sr.html
cve@mitre.orghttp://www.securityfocus.com/bid/15341
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17351
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17355
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17449
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17831
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015118
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-877Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gnu.org/software/gnump3d/ChangeLog
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_28_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15341
Impacted products
Vendor Product Version
gnu gnump3d 2.0
gnu gnump3d 2.1
gnu gnump3d 2.2
gnu gnump3d 2.3
gnu gnump3d 2.4
gnu gnump3d 2.5
gnu gnump3d 2.5b
gnu gnump3d 2.6
gnu gnump3d 2.7
gnu gnump3d 2.8
gnu gnump3d 2.9
gnu gnump3d 2.9.1
gnu gnump3d 2.9.2
gnu gnump3d 2.9.3
gnu gnump3d 2.9.4
gnu gnump3d 2.9.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA61808-36A9-4A80-B664-0A7B5F6A3052",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36B49901-3341-41CD-A731-553BC379DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9262694-51F5-4B95-830A-272737ECC2BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B492A11B-7E67-45B9-8C6C-2EDAC714DF49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11F283A-83C6-420F-8F68-8E3C45998770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B68CD0-E227-4C59-9FF6-8A5E39133752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7F23C56-CA91-46E2-828C-453924C71991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A11DA871-1105-4C94-80F4-5DF94E870DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1305B46-A74E-4946-8BED-14C3671140D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "818D5BB6-56A8-4A01-BCA8-2FC2F5089A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B30C1E-E26C-4208-96E0-10B46FF4D0D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30ED7127-4906-4C95-8180-57E7276FD760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9841DC70-40C0-4BC9-A541-76ED29D17825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0215148C-BC39-43D9-992B-60AF00250234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "967F0E62-2613-49B5-8607-BE28491574AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9BF88B-E1F1-4E90-87F1-D6C186EECE89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424."
    }
  ],
  "id": "CVE-2005-3425",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-01T22:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17351"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17355"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17449"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17831"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1015118"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2005/dsa-877"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17355"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17831"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2005/dsa-877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15341"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2005-3424

Vulnerability from fkie_nvd - Published: 2005-11-01 22:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
References
cve@mitre.orghttp://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.htmlPatch
cve@mitre.orghttp://secunia.com/advisories/17351Patch, Vendor Advisory
cve@mitre.orghttp://www.debian.org/security/2005/dsa-877Patch, Vendor Advisory
cve@mitre.orghttp://www.gnu.org/software/gnump3d/ChangeLog
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2005_28_sr.html
cve@mitre.orghttp://www.osvdb.org/20359Patch
cve@mitre.orghttp://www.securityfocus.com/bid/15226
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/2242
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17351Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-877Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gnu.org/software/gnump3d/ChangeLog
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_28_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/20359Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15226
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/2242
Impacted products
Vendor Product Version
gnu gnump3d 2.0
gnu gnump3d 2.1
gnu gnump3d 2.2
gnu gnump3d 2.3
gnu gnump3d 2.4
gnu gnump3d 2.5
gnu gnump3d 2.5b
gnu gnump3d 2.6
gnu gnump3d 2.7
gnu gnump3d 2.8
gnu gnump3d 2.9
gnu gnump3d 2.9.1
gnu gnump3d 2.9.2
gnu gnump3d 2.9.3
gnu gnump3d 2.9.4
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DA61808-36A9-4A80-B664-0A7B5F6A3052",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36B49901-3341-41CD-A731-553BC379DCA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9262694-51F5-4B95-830A-272737ECC2BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B492A11B-7E67-45B9-8C6C-2EDAC714DF49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11F283A-83C6-420F-8F68-8E3C45998770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "57B68CD0-E227-4C59-9FF6-8A5E39133752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7F23C56-CA91-46E2-828C-453924C71991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A11DA871-1105-4C94-80F4-5DF94E870DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1305B46-A74E-4946-8BED-14C3671140D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "818D5BB6-56A8-4A01-BCA8-2FC2F5089A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B30C1E-E26C-4208-96E0-10B46FF4D0D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30ED7127-4906-4C95-8180-57E7276FD760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9841DC70-40C0-4BC9-A541-76ED29D17825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0215148C-BC39-43D9-992B-60AF00250234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "967F0E62-2613-49B5-8607-BE28491574AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425."
    }
  ],
  "id": "CVE-2005-3424",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-01T22:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17351"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2005/dsa-877"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/20359"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15226"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2005/dsa-877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/20359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2242"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2005-3123

Vulnerability from fkie_nvd - Published: 2005-10-30 20:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.
References
security@debian.orghttp://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.htmlPatch
security@debian.orghttp://secunia.com/advisories/17351Exploit, Patch, Vendor Advisory
security@debian.orghttp://secunia.com/advisories/17559Vendor Advisory
security@debian.orghttp://securityreason.com/securityalert/127
security@debian.orghttp://securitytracker.com/id?1015118
security@debian.orghttp://www.debian.org/security/2005/dsa-877Patch, Vendor Advisory
security@debian.orghttp://www.novell.com/linux/security/advisories/2005_27_sr.html
security@debian.orghttp://www.novell.com/linux/security/advisories/2005_28_sr.html
security@debian.orghttp://www.osvdb.org/20360
security@debian.orghttp://www.securityfocus.com/bid/15228Patch
security@debian.orghttp://www.vupen.com/english/advisories/2005/2242
af854a3a-2127-422b-91ae-364da2661108http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17351Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17559Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/127
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015118
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-877Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_27_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_28_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/20360
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/15228Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/2242
Impacted products
Vendor Product Version
gnu gnump3d 2.9
gnu gnump3d 2.9.1
gnu gnump3d 2.9.2
gnu gnump3d 2.9.3
gnu gnump3d 2.9.4
gnu gnump3d 2.9.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9B30C1E-E26C-4208-96E0-10B46FF4D0D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30ED7127-4906-4C95-8180-57E7276FD760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9841DC70-40C0-4BC9-A541-76ED29D17825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0215148C-BC39-43D9-992B-60AF00250234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "967F0E62-2613-49B5-8607-BE28491574AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnump3d:2.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B9BF88B-E1F1-4E90-87F1-D6C186EECE89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as \"/.//..//////././\", which is collapsed into \"/.././\" after \"..\" and \"//\" sequences are removed."
    }
  ],
  "id": "CVE-2005-3123",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-10-30T20:02:00.000",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17351"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17559"
    },
    {
      "source": "security@debian.org",
      "url": "http://securityreason.com/securityalert/127"
    },
    {
      "source": "security@debian.org",
      "url": "http://securitytracker.com/id?1015118"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2005/dsa-877"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.osvdb.org/20360"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15228"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.vupen.com/english/advisories/2005/2242"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17559"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2005/dsa-877"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20360"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2242"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2019-3697 (GCVE-0-2019-3697)

Vulnerability from cvelistv5 – Published: 2020-01-24 12:10 – Updated: 2024-09-17 01:31
VLAI?
Title
Local privilege escalation from user gnump3d to root
Summary
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions.
Severity ?
7.7 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
openSUSE Leap 15.1 Affected: gnump3d , ≤ 3.0-lp151.2.1 (custom)
Create a notification for this product.
Credits
Johannes Segitz of SUSE
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:17.970Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154229"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Leap 15.1",
          "vendor": "openSUSE",
          "versions": [
            {
              "lessThanOrEqual": "3.0-lp151.2.1",
              "status": "affected",
              "version": "gnump3d",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Johannes Segitz of SUSE"
        }
      ],
      "datePublic": "2020-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-20T15:45:08",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154229"
        }
      ],
      "source": {
        "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154229",
        "defect": [
          "1154229"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Local privilege escalation from user gnump3d to root",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "DATE_PUBLIC": "2020-01-24T00:00:00.000Z",
          "ID": "CVE-2019-3697",
          "STATE": "PUBLIC",
          "TITLE": "Local privilege escalation from user gnump3d to root"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Leap 15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "gnump3d",
                            "version_value": "3.0-lp151.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "openSUSE"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Johannes Segitz of SUSE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1154229",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154229"
            }
          ]
        },
        "source": {
          "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154229",
          "defect": [
            "1154229"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2019-3697",
    "datePublished": "2020-01-24T12:10:11.878267Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T01:31:57.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-6130 (GCVE-0-2007-6130)

Vulnerability from cvelistv5 – Published: 2007-11-26 22:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/27965 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/26618 vdb-entryx_refsource_BID
https://bugs.gentoo.org/show_bug.cgi?id=193132 x_refsource_CONFIRM
http://secunia.com/advisories/27848 third-party-advisoryx_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://www.vupen.com/english/advisories/2007/4039 vdb-entryx_refsource_VUPEN
http://www.gnu.org/software/gnump3d/ChangeLog x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:26.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27965",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27965"
          },
          {
            "name": "26618",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26618"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/show_bug.cgi?id=193132"
          },
          {
            "name": "27848",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27848"
          },
          {
            "name": "SUSE-SR:2007:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
          },
          {
            "name": "ADV-2007-4039",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4039"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-12-01T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27965",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27965"
        },
        {
          "name": "26618",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26618"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.gentoo.org/show_bug.cgi?id=193132"
        },
        {
          "name": "27848",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27848"
        },
        {
          "name": "SUSE-SR:2007:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
        },
        {
          "name": "ADV-2007-4039",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4039"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6130",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27965",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27965"
            },
            {
              "name": "26618",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26618"
            },
            {
              "name": "https://bugs.gentoo.org/show_bug.cgi?id=193132",
              "refsource": "CONFIRM",
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=193132"
            },
            {
              "name": "27848",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27848"
            },
            {
              "name": "SUSE-SR:2007:025",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
            },
            {
              "name": "ADV-2007-4039",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4039"
            },
            {
              "name": "http://www.gnu.org/software/gnump3d/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6130",
    "datePublished": "2007-11-26T22:00:00",
    "dateReserved": "2007-11-26T00:00:00",
    "dateUpdated": "2024-08-07T15:54:26.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3355 (GCVE-0-2005-3355)

Vulnerability from cvelistv5 – Published: 2005-11-18 22:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/17647 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/2489 vdb-entryx_refsource_VUPEN
http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
http://www.gnu.org/software/gnump3d/ChangeLog x_refsource_CONFIRM
http://www.securityfocus.com/bid/15496 vdb-entryx_refsource_BID
http://secunia.com/advisories/17646 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/17656 third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-901 vendor-advisoryx_refsource_DEBIAN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:10:08.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
          },
          {
            "name": "17647",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17647"
          },
          {
            "name": "ADV-2005-2489",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2489"
          },
          {
            "name": "GLSA-200511-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
          },
          {
            "name": "15496",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15496"
          },
          {
            "name": "17646",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17646"
          },
          {
            "name": "17656",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17656"
          },
          {
            "name": "DSA-901",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-901"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via \"CGI parameters, and cookie values\"."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-24T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
        },
        {
          "name": "17647",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17647"
        },
        {
          "name": "ADV-2005-2489",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2489"
        },
        {
          "name": "GLSA-200511-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
        },
        {
          "name": "15496",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15496"
        },
        {
          "name": "17646",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17646"
        },
        {
          "name": "17656",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17656"
        },
        {
          "name": "DSA-901",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-901"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2005-3355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via \"CGI parameters, and cookie values\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:028",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "17647",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17647"
            },
            {
              "name": "ADV-2005-2489",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2489"
            },
            {
              "name": "GLSA-200511-16",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
            },
            {
              "name": "http://www.gnu.org/software/gnump3d/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
            },
            {
              "name": "15496",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15496"
            },
            {
              "name": "17646",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17646"
            },
            {
              "name": "17656",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17656"
            },
            {
              "name": "DSA-901",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-901"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2005-3355",
    "datePublished": "2005-11-18T22:00:00",
    "dateReserved": "2005-10-27T00:00:00",
    "dateUpdated": "2024-08-07T23:10:08.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3349 (GCVE-0-2005-3349)

Vulnerability from cvelistv5 – Published: 2005-11-18 22:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/15497 vdb-entryx_refsource_BID
http://secunia.com/advisories/17647 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/2489 vdb-entryx_refsource_VUPEN
http://www.gnu.org/software/gnump3d/attacks.html#… x_refsource_MISC
http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
http://www.gnu.org/software/gnump3d/ChangeLog x_refsource_CONFIRM
http://secunia.com/advisories/17646 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/17656 third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-901 vendor-advisoryx_refsource_DEBIAN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:10:07.773Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
          },
          {
            "name": "15497",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15497"
          },
          {
            "name": "17647",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17647"
          },
          {
            "name": "ADV-2005-2489",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2489"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files"
          },
          {
            "name": "GLSA-200511-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
          },
          {
            "name": "17646",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17646"
          },
          {
            "name": "17656",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17656"
          },
          {
            "name": "DSA-901",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-901"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-24T10:00:00",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
        },
        {
          "name": "15497",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15497"
        },
        {
          "name": "17647",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17647"
        },
        {
          "name": "ADV-2005-2489",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2489"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files"
        },
        {
          "name": "GLSA-200511-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
        },
        {
          "name": "17646",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17646"
        },
        {
          "name": "17656",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17656"
        },
        {
          "name": "DSA-901",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-901"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2005-3349",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:028",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "15497",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15497"
            },
            {
              "name": "17647",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17647"
            },
            {
              "name": "ADV-2005-2489",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2489"
            },
            {
              "name": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files",
              "refsource": "MISC",
              "url": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files"
            },
            {
              "name": "GLSA-200511-16",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
            },
            {
              "name": "http://www.gnu.org/software/gnump3d/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
            },
            {
              "name": "17646",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17646"
            },
            {
              "name": "17656",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17656"
            },
            {
              "name": "DSA-901",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-901"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2005-3349",
    "datePublished": "2005-11-18T22:00:00",
    "dateReserved": "2005-10-27T00:00:00",
    "dateUpdated": "2024-08-07T23:10:07.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3424 (GCVE-0-2005-3424)

Vulnerability from cvelistv5 – Published: 2005-11-01 22:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://www.osvdb.org/20359 vdb-entryx_refsource_OSVDB
http://www.gnu.org/software/gnump3d/ChangeLog x_refsource_CONFIRM
http://lists.gnu.org/archive/html/gnump3d-users/2… mailing-listx_refsource_MLIST
http://www.vupen.com/english/advisories/2005/2242 vdb-entryx_refsource_VUPEN
http://www.debian.org/security/2005/dsa-877 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/15226 vdb-entryx_refsource_BID
http://secunia.com/advisories/17351 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:10:08.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
          },
          {
            "name": "20359",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20359"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
          },
          {
            "name": "[Gnump3d-users] 20051028 New release - security fixes.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
          },
          {
            "name": "ADV-2005-2242",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2242"
          },
          {
            "name": "DSA-877",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-877"
          },
          {
            "name": "15226",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15226"
          },
          {
            "name": "17351",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-18T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
        },
        {
          "name": "20359",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20359"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
        },
        {
          "name": "[Gnump3d-users] 20051028 New release - security fixes.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
        },
        {
          "name": "ADV-2005-2242",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2242"
        },
        {
          "name": "DSA-877",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-877"
        },
        {
          "name": "15226",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15226"
        },
        {
          "name": "17351",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17351"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3424",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:028",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "20359",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20359"
            },
            {
              "name": "http://www.gnu.org/software/gnump3d/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
            },
            {
              "name": "[Gnump3d-users] 20051028 New release - security fixes.",
              "refsource": "MLIST",
              "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
            },
            {
              "name": "ADV-2005-2242",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2242"
            },
            {
              "name": "DSA-877",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-877"
            },
            {
              "name": "15226",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15226"
            },
            {
              "name": "17351",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17351"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3424",
    "datePublished": "2005-11-01T22:00:00",
    "dateReserved": "2005-11-01T00:00:00",
    "dateUpdated": "2024-08-07T23:10:08.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3425 (GCVE-0-2005-3425)

Vulnerability from cvelistv5 – Published: 2005-11-01 22:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://securitytracker.com/id?1015118 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/17831 third-party-advisoryx_refsource_SECUNIA
http://www.gnu.org/software/gnump3d/ChangeLog x_refsource_CONFIRM
http://secunia.com/advisories/17449 third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-877 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/15341 vdb-entryx_refsource_BID
http://secunia.com/advisories/17351 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/17355 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:10:08.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
          },
          {
            "name": "1015118",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015118"
          },
          {
            "name": "17831",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17831"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
          },
          {
            "name": "17449",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17449"
          },
          {
            "name": "DSA-877",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-877"
          },
          {
            "name": "15341",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15341"
          },
          {
            "name": "17351",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17351"
          },
          {
            "name": "17355",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17355"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-12-08T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
        },
        {
          "name": "1015118",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015118"
        },
        {
          "name": "17831",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17831"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
        },
        {
          "name": "17449",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17449"
        },
        {
          "name": "DSA-877",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-877"
        },
        {
          "name": "15341",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15341"
        },
        {
          "name": "17351",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17351"
        },
        {
          "name": "17355",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17355"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3425",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:028",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "1015118",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015118"
            },
            {
              "name": "17831",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17831"
            },
            {
              "name": "http://www.gnu.org/software/gnump3d/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
            },
            {
              "name": "17449",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17449"
            },
            {
              "name": "DSA-877",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-877"
            },
            {
              "name": "15341",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15341"
            },
            {
              "name": "17351",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17351"
            },
            {
              "name": "17355",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17355"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3425",
    "datePublished": "2005-11-01T22:00:00",
    "dateReserved": "2005-11-01T00:00:00",
    "dateUpdated": "2024-08-07T23:10:08.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3123 (GCVE-0-2005-3123)

Vulnerability from cvelistv5 – Published: 2005-10-30 20:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://www.osvdb.org/20360 vdb-entryx_refsource_OSVDB
http://securityreason.com/securityalert/127 third-party-advisoryx_refsource_SREASON
http://securitytracker.com/id?1015118 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/17559 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/15228 vdb-entryx_refsource_BID
http://lists.gnu.org/archive/html/gnump3d-users/2… mailing-listx_refsource_MLIST
http://www.vupen.com/english/advisories/2005/2242 vdb-entryx_refsource_VUPEN
http://www.debian.org/security/2005/dsa-877 vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/17351 third-party-advisoryx_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:01:57.835Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
          },
          {
            "name": "20360",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20360"
          },
          {
            "name": "127",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/127"
          },
          {
            "name": "1015118",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015118"
          },
          {
            "name": "17559",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17559"
          },
          {
            "name": "15228",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15228"
          },
          {
            "name": "[Gnump3d-users] 20051028 New release - security fixes.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
          },
          {
            "name": "ADV-2005-2242",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2242"
          },
          {
            "name": "DSA-877",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-877"
          },
          {
            "name": "17351",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17351"
          },
          {
            "name": "SUSE-SR:2005:027",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as \"/.//..//////././\", which is collapsed into \"/.././\" after \"..\" and \"//\" sequences are removed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-04T10:00:00",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
        },
        {
          "name": "20360",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20360"
        },
        {
          "name": "127",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/127"
        },
        {
          "name": "1015118",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015118"
        },
        {
          "name": "17559",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17559"
        },
        {
          "name": "15228",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15228"
        },
        {
          "name": "[Gnump3d-users] 20051028 New release - security fixes.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
        },
        {
          "name": "ADV-2005-2242",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2242"
        },
        {
          "name": "DSA-877",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-877"
        },
        {
          "name": "17351",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17351"
        },
        {
          "name": "SUSE-SR:2005:027",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2005-3123",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as \"/.//..//////././\", which is collapsed into \"/.././\" after \"..\" and \"//\" sequences are removed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:028",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "20360",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20360"
            },
            {
              "name": "127",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/127"
            },
            {
              "name": "1015118",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015118"
            },
            {
              "name": "17559",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17559"
            },
            {
              "name": "15228",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15228"
            },
            {
              "name": "[Gnump3d-users] 20051028 New release - security fixes.",
              "refsource": "MLIST",
              "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
            },
            {
              "name": "ADV-2005-2242",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2242"
            },
            {
              "name": "DSA-877",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-877"
            },
            {
              "name": "17351",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17351"
            },
            {
              "name": "SUSE-SR:2005:027",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2005-3123",
    "datePublished": "2005-10-30T20:00:00",
    "dateReserved": "2005-10-03T00:00:00",
    "dateUpdated": "2024-08-07T23:01:57.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-3697 (GCVE-0-2019-3697)

Vulnerability from nvd – Published: 2020-01-24 12:10 – Updated: 2024-09-17 01:31
VLAI?
Title
Local privilege escalation from user gnump3d to root
Summary
UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions.
Severity ?
7.7 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
openSUSE Leap 15.1 Affected: gnump3d , ≤ 3.0-lp151.2.1 (custom)
Create a notification for this product.
Credits
Johannes Segitz of SUSE
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:19:17.970Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154229"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Leap 15.1",
          "vendor": "openSUSE",
          "versions": [
            {
              "lessThanOrEqual": "3.0-lp151.2.1",
              "status": "affected",
              "version": "gnump3d",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Johannes Segitz of SUSE"
        }
      ],
      "datePublic": "2020-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-20T15:45:08",
        "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
        "shortName": "suse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154229"
        }
      ],
      "source": {
        "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154229",
        "defect": [
          "1154229"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Local privilege escalation from user gnump3d to root",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "DATE_PUBLIC": "2020-01-24T00:00:00.000Z",
          "ID": "CVE-2019-3697",
          "STATE": "PUBLIC",
          "TITLE": "Local privilege escalation from user gnump3d to root"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Leap 15.1",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "gnump3d",
                            "version_value": "3.0-lp151.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "openSUSE"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Johannes Segitz of SUSE"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1154229",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154229"
            }
          ]
        },
        "source": {
          "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154229",
          "defect": [
            "1154229"
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
    "assignerShortName": "suse",
    "cveId": "CVE-2019-3697",
    "datePublished": "2020-01-24T12:10:11.878267Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-17T01:31:57.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-6130 (GCVE-0-2007-6130)

Vulnerability from nvd – Published: 2007-11-26 22:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/27965 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/26618 vdb-entryx_refsource_BID
https://bugs.gentoo.org/show_bug.cgi?id=193132 x_refsource_CONFIRM
http://secunia.com/advisories/27848 third-party-advisoryx_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://www.vupen.com/english/advisories/2007/4039 vdb-entryx_refsource_VUPEN
http://www.gnu.org/software/gnump3d/ChangeLog x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:26.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27965",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27965"
          },
          {
            "name": "26618",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26618"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/show_bug.cgi?id=193132"
          },
          {
            "name": "27848",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27848"
          },
          {
            "name": "SUSE-SR:2007:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
          },
          {
            "name": "ADV-2007-4039",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4039"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-12-01T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27965",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27965"
        },
        {
          "name": "26618",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26618"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.gentoo.org/show_bug.cgi?id=193132"
        },
        {
          "name": "27848",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27848"
        },
        {
          "name": "SUSE-SR:2007:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
        },
        {
          "name": "ADV-2007-4039",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4039"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6130",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27965",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27965"
            },
            {
              "name": "26618",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26618"
            },
            {
              "name": "https://bugs.gentoo.org/show_bug.cgi?id=193132",
              "refsource": "CONFIRM",
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=193132"
            },
            {
              "name": "27848",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27848"
            },
            {
              "name": "SUSE-SR:2007:025",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html"
            },
            {
              "name": "ADV-2007-4039",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4039"
            },
            {
              "name": "http://www.gnu.org/software/gnump3d/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6130",
    "datePublished": "2007-11-26T22:00:00",
    "dateReserved": "2007-11-26T00:00:00",
    "dateUpdated": "2024-08-07T15:54:26.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3355 (GCVE-0-2005-3355)

Vulnerability from nvd – Published: 2005-11-18 22:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/17647 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/2489 vdb-entryx_refsource_VUPEN
http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
http://www.gnu.org/software/gnump3d/ChangeLog x_refsource_CONFIRM
http://www.securityfocus.com/bid/15496 vdb-entryx_refsource_BID
http://secunia.com/advisories/17646 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/17656 third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-901 vendor-advisoryx_refsource_DEBIAN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:10:08.605Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
          },
          {
            "name": "17647",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17647"
          },
          {
            "name": "ADV-2005-2489",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2489"
          },
          {
            "name": "GLSA-200511-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
          },
          {
            "name": "15496",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15496"
          },
          {
            "name": "17646",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17646"
          },
          {
            "name": "17656",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17656"
          },
          {
            "name": "DSA-901",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-901"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via \"CGI parameters, and cookie values\"."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-24T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
        },
        {
          "name": "17647",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17647"
        },
        {
          "name": "ADV-2005-2489",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2489"
        },
        {
          "name": "GLSA-200511-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
        },
        {
          "name": "15496",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15496"
        },
        {
          "name": "17646",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17646"
        },
        {
          "name": "17656",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17656"
        },
        {
          "name": "DSA-901",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-901"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2005-3355",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via \"CGI parameters, and cookie values\"."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:028",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "17647",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17647"
            },
            {
              "name": "ADV-2005-2489",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2489"
            },
            {
              "name": "GLSA-200511-16",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
            },
            {
              "name": "http://www.gnu.org/software/gnump3d/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
            },
            {
              "name": "15496",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15496"
            },
            {
              "name": "17646",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17646"
            },
            {
              "name": "17656",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17656"
            },
            {
              "name": "DSA-901",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-901"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2005-3355",
    "datePublished": "2005-11-18T22:00:00",
    "dateReserved": "2005-10-27T00:00:00",
    "dateUpdated": "2024-08-07T23:10:08.605Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3349 (GCVE-0-2005-3349)

Vulnerability from nvd – Published: 2005-11-18 22:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/15497 vdb-entryx_refsource_BID
http://secunia.com/advisories/17647 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2005/2489 vdb-entryx_refsource_VUPEN
http://www.gnu.org/software/gnump3d/attacks.html#… x_refsource_MISC
http://www.gentoo.org/security/en/glsa/glsa-20051… vendor-advisoryx_refsource_GENTOO
http://www.gnu.org/software/gnump3d/ChangeLog x_refsource_CONFIRM
http://secunia.com/advisories/17646 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/17656 third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-901 vendor-advisoryx_refsource_DEBIAN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:10:07.773Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
          },
          {
            "name": "15497",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15497"
          },
          {
            "name": "17647",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17647"
          },
          {
            "name": "ADV-2005-2489",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2489"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files"
          },
          {
            "name": "GLSA-200511-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
          },
          {
            "name": "17646",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17646"
          },
          {
            "name": "17656",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17656"
          },
          {
            "name": "DSA-901",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-901"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-24T10:00:00",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
        },
        {
          "name": "15497",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15497"
        },
        {
          "name": "17647",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17647"
        },
        {
          "name": "ADV-2005-2489",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2489"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files"
        },
        {
          "name": "GLSA-200511-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
        },
        {
          "name": "17646",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17646"
        },
        {
          "name": "17656",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17656"
        },
        {
          "name": "DSA-901",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-901"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2005-3349",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:028",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "15497",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15497"
            },
            {
              "name": "17647",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17647"
            },
            {
              "name": "ADV-2005-2489",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2489"
            },
            {
              "name": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files",
              "refsource": "MISC",
              "url": "http://www.gnu.org/software/gnump3d/attacks.html#temporary-files"
            },
            {
              "name": "GLSA-200511-16",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200511-16.xml"
            },
            {
              "name": "http://www.gnu.org/software/gnump3d/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
            },
            {
              "name": "17646",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17646"
            },
            {
              "name": "17656",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17656"
            },
            {
              "name": "DSA-901",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-901"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2005-3349",
    "datePublished": "2005-11-18T22:00:00",
    "dateReserved": "2005-10-27T00:00:00",
    "dateUpdated": "2024-08-07T23:10:07.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3424 (GCVE-0-2005-3424)

Vulnerability from nvd – Published: 2005-11-01 22:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://www.osvdb.org/20359 vdb-entryx_refsource_OSVDB
http://www.gnu.org/software/gnump3d/ChangeLog x_refsource_CONFIRM
http://lists.gnu.org/archive/html/gnump3d-users/2… mailing-listx_refsource_MLIST
http://www.vupen.com/english/advisories/2005/2242 vdb-entryx_refsource_VUPEN
http://www.debian.org/security/2005/dsa-877 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/15226 vdb-entryx_refsource_BID
http://secunia.com/advisories/17351 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:10:08.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
          },
          {
            "name": "20359",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20359"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
          },
          {
            "name": "[Gnump3d-users] 20051028 New release - security fixes.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
          },
          {
            "name": "ADV-2005-2242",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2242"
          },
          {
            "name": "DSA-877",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-877"
          },
          {
            "name": "15226",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15226"
          },
          {
            "name": "17351",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-18T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
        },
        {
          "name": "20359",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20359"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
        },
        {
          "name": "[Gnump3d-users] 20051028 New release - security fixes.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
        },
        {
          "name": "ADV-2005-2242",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2242"
        },
        {
          "name": "DSA-877",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-877"
        },
        {
          "name": "15226",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15226"
        },
        {
          "name": "17351",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17351"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3424",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:028",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "20359",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20359"
            },
            {
              "name": "http://www.gnu.org/software/gnump3d/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
            },
            {
              "name": "[Gnump3d-users] 20051028 New release - security fixes.",
              "refsource": "MLIST",
              "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
            },
            {
              "name": "ADV-2005-2242",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2242"
            },
            {
              "name": "DSA-877",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-877"
            },
            {
              "name": "15226",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15226"
            },
            {
              "name": "17351",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17351"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3424",
    "datePublished": "2005-11-01T22:00:00",
    "dateReserved": "2005-11-01T00:00:00",
    "dateUpdated": "2024-08-07T23:10:08.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3425 (GCVE-0-2005-3425)

Vulnerability from nvd – Published: 2005-11-01 22:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://securitytracker.com/id?1015118 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/17831 third-party-advisoryx_refsource_SECUNIA
http://www.gnu.org/software/gnump3d/ChangeLog x_refsource_CONFIRM
http://secunia.com/advisories/17449 third-party-advisoryx_refsource_SECUNIA
http://www.debian.org/security/2005/dsa-877 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/15341 vdb-entryx_refsource_BID
http://secunia.com/advisories/17351 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/17355 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:10:08.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
          },
          {
            "name": "1015118",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015118"
          },
          {
            "name": "17831",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17831"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
          },
          {
            "name": "17449",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17449"
          },
          {
            "name": "DSA-877",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-877"
          },
          {
            "name": "15341",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15341"
          },
          {
            "name": "17351",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17351"
          },
          {
            "name": "17355",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17355"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-12-08T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
        },
        {
          "name": "1015118",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015118"
        },
        {
          "name": "17831",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17831"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
        },
        {
          "name": "17449",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17449"
        },
        {
          "name": "DSA-877",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-877"
        },
        {
          "name": "15341",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15341"
        },
        {
          "name": "17351",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17351"
        },
        {
          "name": "17355",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17355"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3425",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:028",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "1015118",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015118"
            },
            {
              "name": "17831",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17831"
            },
            {
              "name": "http://www.gnu.org/software/gnump3d/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://www.gnu.org/software/gnump3d/ChangeLog"
            },
            {
              "name": "17449",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17449"
            },
            {
              "name": "DSA-877",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-877"
            },
            {
              "name": "15341",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15341"
            },
            {
              "name": "17351",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17351"
            },
            {
              "name": "17355",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17355"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3425",
    "datePublished": "2005-11-01T22:00:00",
    "dateReserved": "2005-11-01T00:00:00",
    "dateUpdated": "2024-08-07T23:10:08.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3123 (GCVE-0-2005-3123)

Vulnerability from nvd – Published: 2005-10-30 20:00 – Updated: 2024-08-07 23:01
VLAI?
Summary
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
http://www.osvdb.org/20360 vdb-entryx_refsource_OSVDB
http://securityreason.com/securityalert/127 third-party-advisoryx_refsource_SREASON
http://securitytracker.com/id?1015118 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/17559 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/15228 vdb-entryx_refsource_BID
http://lists.gnu.org/archive/html/gnump3d-users/2… mailing-listx_refsource_MLIST
http://www.vupen.com/english/advisories/2005/2242 vdb-entryx_refsource_VUPEN
http://www.debian.org/security/2005/dsa-877 vendor-advisoryx_refsource_DEBIAN
http://secunia.com/advisories/17351 third-party-advisoryx_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:01:57.835Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2005:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
          },
          {
            "name": "20360",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20360"
          },
          {
            "name": "127",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/127"
          },
          {
            "name": "1015118",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015118"
          },
          {
            "name": "17559",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17559"
          },
          {
            "name": "15228",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15228"
          },
          {
            "name": "[Gnump3d-users] 20051028 New release - security fixes.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
          },
          {
            "name": "ADV-2005-2242",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2242"
          },
          {
            "name": "DSA-877",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-877"
          },
          {
            "name": "17351",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17351"
          },
          {
            "name": "SUSE-SR:2005:027",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-10-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as \"/.//..//////././\", which is collapsed into \"/.././\" after \"..\" and \"//\" sequences are removed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-04T10:00:00",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "SUSE-SR:2005:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
        },
        {
          "name": "20360",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20360"
        },
        {
          "name": "127",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/127"
        },
        {
          "name": "1015118",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015118"
        },
        {
          "name": "17559",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17559"
        },
        {
          "name": "15228",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15228"
        },
        {
          "name": "[Gnump3d-users] 20051028 New release - security fixes.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
        },
        {
          "name": "ADV-2005-2242",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2242"
        },
        {
          "name": "DSA-877",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-877"
        },
        {
          "name": "17351",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17351"
        },
        {
          "name": "SUSE-SR:2005:027",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2005-3123",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as \"/.//..//////././\", which is collapsed into \"/.././\" after \"..\" and \"//\" sequences are removed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2005:028",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
            },
            {
              "name": "20360",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20360"
            },
            {
              "name": "127",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/127"
            },
            {
              "name": "1015118",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015118"
            },
            {
              "name": "17559",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17559"
            },
            {
              "name": "15228",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15228"
            },
            {
              "name": "[Gnump3d-users] 20051028 New release - security fixes.",
              "refsource": "MLIST",
              "url": "http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html"
            },
            {
              "name": "ADV-2005-2242",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2242"
            },
            {
              "name": "DSA-877",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-877"
            },
            {
              "name": "17351",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17351"
            },
            {
              "name": "SUSE-SR:2005:027",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2005-3123",
    "datePublished": "2005-10-30T20:00:00",
    "dateReserved": "2005-10-03T00:00:00",
    "dateUpdated": "2024-08-07T23:01:57.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}