orso software vulnerabilities
vulnerabilities.aspcode.net
Searching orso software vulnerabilities
Buffer overflow in Pedro Lineu Orso chetcpasswd
chetcpasswd
|
overflow
|
Buffer
|
before
|
Pedro
|
Lineu
|
Orso
|
Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors.
Untrusted search path vulnerability in Pedro Li
vulnerability
|
chetcpasswd
|
Untrusted
|
search
|
Lineu
|
Pedro
|
path
|
Orso
|
Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639.
Pedro Lineu Orso chetcpasswd before 2.4 relies
X-Forwarded-For
|
unauthorized
|
chetcpasswd
|
verifying
|
attackers
|
spoofing
|
client's
|
address
|
access
|
remote
|
allows
|
status
|
header
|
relies
|
before
|
Pedro
|
Lineu
|
which
|
HTTP
|
Orso
|
gain
|
ACL
|
Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.
Pedro Lineu Orso chetcpasswd before 2.3.1 does
chetcpasswd
|
before
|
Pedro
|
Lineu
|
Orso
|
Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file.
Pedro Lineu Orso chetcpasswd 2.3.3 does not hav
chetcpasswd
|
Lineu
|
Pedro
|
Orso
|
Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack.
Pedro Lineu Orso chetcpasswd 2.3.3 provides a d
chetcpasswd
|
Lineu
|
Pedro
|
Orso
|
Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier
chetcpasswd
|
Lineu
|
Pedro
|
Orso
|
Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.
Heap-based buffer overflow in Pedro Lineu Orso
chetcpasswd
|
Heap-based
|
attackers
|
overflow
|
service
|
allows
|
denial
|
remote
|
buffer
|
before
|
Pedro
|
cause
|
Lineu
|
Orso
|
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Heap-based buffer overflow in Pedro Lineu Orso
chetcpasswd
|
Heap-based
|
overflow
|
buffer
|
Lineu
|
Pedro
|
Orso
|
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long REMOTE_ADDR environment variable. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Software vulnerabilities results 1 to 10 of 10
Page:
1