OpenPKG 1.2

CPE Details

OpenPKG 1.2
openpkg
openpkg
1.2
2007-08-23
19h16 +00:00
2009-06-03
17h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*

Informations

Vendor

openpkg

Product

openpkg

Version

1.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2002-0985 2004-09-01 02h00 +00:00 Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
7.5
CVE-2004-0413 2004-06-23 02h00 +00:00 libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.
10
CVE-2004-0414 2004-06-11 02h00 +00:00 CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
10
CVE-2004-0416 2004-06-11 02h00 +00:00 Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
10
CVE-2004-0417 2004-06-11 02h00 +00:00 Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
5
CVE-2004-0418 2004-06-11 02h00 +00:00 serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
10
CVE-2004-0333 2004-03-18 04h00 +00:00 Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
10
CVE-2003-0615 2003-08-01 02h00 +00:00 Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
4.3
CVE-2003-0190 2003-05-01 22h00 +00:00 OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
5
CVE-2003-0147 2003-03-18 04h00 +00:00 OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
5