Vulnerabilities > Trustix > High

DATE CVE VULNERABILITY TITLE RISK
2004-08-18 CVE-2004-0432 ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
network
low complexity
proftpd-project gentoo trustix
7.5
2004-06-01 CVE-2004-2044 PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. 7.5
2004-03-03 CVE-2004-0077 Local Privilege Escalation vulnerability in Linux Kernel do_mremap Function VMA Limit
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
local
low complexity
redhat linux netwosix trustix
7.2
2001-07-18 CVE-2001-1030 Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
network
low complexity
caldera immunix mandrakesoft squid redhat trustix
7.5
2000-12-11 CVE-2000-1009 dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
local
low complexity
redhat trustix
7.2
2000-11-14 CVE-2000-0867 Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
local
low complexity
debian mandrakesoft redhat slackware trustix
7.2