Search Results (Refine Search)
- CPE Product Version: cpe:/a:openpkg:openpkg:1.2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2003-0615 |
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. Published: August 27, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2003-0190 |
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. Published: May 12, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2003-0147 |
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). Published: March 31, 2003; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-0985 |
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. Published: September 24, 2002; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |