46 matches found
EUVD-2002-2199
Malware in sbrugna...
EUVD-2006-6668
Malware in sbrugna...
EUVD-2002-2198
Malware in sbrugna...
EUVD-2006-6664
Malware in sbrugna...
EUVD-2006-6663
Malware in sbrugna...
EUVD-2002-2200
Malware in sbrugna...
EUVD-2006-6622
Malware in sbrugna...
CVE-2002-2220
Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors...
CVE-2006-6685
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allows local users to cause a denial of service application crash and possibly execute arbitrary code via a long REMOTEADDR environment variable. NOTE: The provenance of this information is unknown; the details are obtained solely...
CVE-2006-6683
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM...
CVE-2006-6639
Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing 1 the cp program, 2 the mail program, or 3 the program specified in the postchange configuration line...
CHETCPASSWD System Shadow File Disclosure - Ver2 (CVE-2002-2219)
An information disclosure vulnerability has been reported in CHETCPASSWD. The vulnerability may potentially cause the tail end of the local shadow file to be disclosed to a remote attacker...
CHETCPASSWD 1.12 Shadow File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6472/info CHETCPASSWD is prone to a vulnerability that may potentially cause the tail end of the local shadow file to be disclosed to a remote attacker. It is possible to exploit this issue by sending an overly long strin...
CVE-2006-6683
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM...
CVE-2006-6679
Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header...
CVE-2006-6680
Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file...
CVE-2006-6685
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allows local users to cause a denial of service application crash and possibly execute arbitrary code via a long REMOTEADDR environment variable. NOTE: The provenance of this information is unknown; the details are obtained solely...
CVE-2006-6682
Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system...
CVE-2006-6684
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained...
CVE-2006-6680
CVE-2006-6680 affects chetcpasswd before 2.3.1. The issue arises from not documenting the need for 0400 permissions on /etc/chetcpasswd.allow, potentially permitting local users to read the file and obtain sensitive information. Evidence across sources (NVD/Red Hat entries) confirms the file path...