Openpkg

openpkg

Vendor: Openpkg • 27 CVEs

CVEs (27)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2004-0594 6Avaya DebianHp+3 more 6Converged Communications Server Debian LinuxHp Ux+3 more Apr 16, 2026 Jul 27, 2004 N/A· v4 N/A· v3 5.1 MEDIUM· v2 The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_l...Show more The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.Show less
CVE-2004-1997 2Kolab Openpkg 2Kolab Groupware Server Openpkg Apr 16, 2026 May 5, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.
CVE-2003-0615 3Cgi.pm DebianOpenpkg 3Cgi.pm Debian LinuxOpenpkg Apr 16, 2026 Aug 27, 2003 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
CVE-2003-0190 3Openbsd OpenpkgSiemens 4Openpkg OpensshScalance X204rna Ecc Firmware+1 more Apr 16, 2026 May 12, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
CVE-2003-0147 3Openpkg OpensslStunnel 3Openpkg OpensslStunnel Apr 16, 2026 Mar 31, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgo...Show more OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).Show less
CVE-2002-0985 2Openpkg Php 2Openpkg Php Apr 16, 2026 Sep 24, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(),...Show more Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.Show less
CVE-2002-0083 9Conectiva EngardelinuxImmunix+6 more 11Immunix LinuxLinux+8 more Apr 16, 2026 Mar 15, 2002 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

Previous 12