Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pedro lineu orso chetcpasswd vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-6683
Pedro Lineu Orso chetcpasswd 2.4.1 and previous versions verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote malicious users to bypass intended restrictions implemented through PAM.
Pedro Lineu Orso Chetcpasswd
Pedro Lineu Orso Chetcpasswd 2.1
Pedro Lineu Orso Chetcpasswd 2.3.1
Pedro Lineu Orso Chetcpasswd 2.3.3
Pedro Lineu Orso Chetcpasswd 1.12
Pedro Lineu Orso Chetcpasswd 2.2.1
NA
CVE-2006-6684
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd prior to 2.4 allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; ...
Pedro Lineu Orso Chetcpasswd 2.3.1
Pedro Lineu Orso Chetcpasswd
NA
CVE-2006-6685
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long REMOTE_ADDR environment variable. NOTE: The provenance of this information is unknown; the details a...
Pedro Lineu Orso Chetcpasswd 2.3.3
NA
CVE-2002-2221
Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and previous versions allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639.
Chetcpasswd Chetcpasswd 2.3.1
Chetcpasswd Chetcpasswd 2.3.3
Chetcpasswd Chetcpasswd 2.4.1
NA
CVE-2002-2220
Buffer overflow in Pedro Lineu Orso chetcpasswd prior to 1.12, when configured for access from 0.0.0.0, allows local users to gain privileges via unspecified vectors.
Chetcpasswd Chetcpasswd 1.12
NA
CVE-2002-2219
chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd prior to 2.1 allows remote malicious users to read the last line of the shadow file via a long user (userid) field.
Chetcpasswd Chetcpasswd 2.1
1 EDB exploit
NA
CVE-2006-6681
Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote malicious users to determine passwords via a dictionary attack.
Chetcpasswd Chetcpasswd 2.3.3
NA
CVE-2006-6680
Pedro Lineu Orso chetcpasswd prior to 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file.
Chetcpasswd Chetcpasswd 2.2.1
7.5
CVSSv3
CVE-2006-6679
Pedro Lineu Orso chetcpasswd prior to 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote malicious users to gain unauthorized access by spoofing this header.
Chetcpasswd Project Chetcpasswd
NA
CVE-2006-6682
Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote malicious users to determine valid usernames on the system.
Chetcpasswd Project Chetcpasswd 2.3.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started