Vulnerabilities > GNU > Gnump3D > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-11-26 | CVE-2007-6130 | Improper Authentication vulnerability in GNU Gnump3D 2.9 gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions. | 5.0 |
2005-11-18 | CVE-2005-3355 | Path Traversal vulnerability in GNU Gnump3D Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". | 6.4 |
2005-11-01 | CVE-2005-3425 | Cross-Site Scripting vulnerability in GNU gnump3d Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. network gnu | 4.3 |
2005-11-01 | CVE-2005-3424 | Cross-Site Scripting vulnerability in GNU gnump3d Error Page Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. network gnu | 4.3 |
2005-10-30 | CVE-2005-3123 | Directory Traversal vulnerability in GNU gnump3d Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. | 5.0 |