High

DATE	CVE	VULNERABILITY TITLE	RISK
2004-08-18	CVE-2004-0432	ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions. network low complexity proftpd-project gentoo trustix	7.5
2004-06-01	CVE-2004-2044	PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. network low complexity francisco-burzi oscommerce paul-laudanski trustix	7.5
2004-03-03	CVE-2004-0077	Local Privilege Escalation vulnerability in Linux Kernel do_mremap Function VMA Limit The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. local low complexity redhat linux netwosix trustix	7.2
2001-07-18	CVE-2001-1030	Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. network low complexity caldera immunix mandrakesoft squid redhat trustix	7.5
2000-12-11	CVE-2000-1009	dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program. local low complexity redhat trustix	7.2
2000-11-14	CVE-2000-0867	Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. local low complexity debian mandrakesoft redhat slackware trustix	7.2