(SWAT): XSS flaw in Change Password page

Cross-site scripting XSS vulnerability in the chgpasswd function in web/swat.c in the Samba Web Administration Tool SWAT in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program aka the user field...

CVE-2011-2694

Cross-site scripting XSS vulnerability in the chgpasswd function in web/swat.c in the Samba Web Administration Tool SWAT in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program aka the user field...

Mandrake Linux Security Advisory : passwd (MDKSA-2004:045)

Steve Grubb found some problems in the passwd program. Passwords given to passwd via stdin are one character shorter than they are supposed to be. He also discovered that pam may not have been sufficiently initialized to ensure safe and proper operation. A few small memory leaks have been fixed a...

Sun Solaris 2.5.1 PAM / unix_scheme - 'passwd' Local Privilege Escalation

/ source: https://www.securityfocus.com/bid/201/info There is a buffer overflow condition on arguments in Pluggable Authentication Modules PAM and unixscheme 5.4 and 5.3. Therefore, an unauthorized user could exploit this vulnerability via the passwd program to gain root access. Under SunOS 5.5.1...