Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.
Max CVSS
4.3
EPSS Score
0.62%
Published
2007-05-22
Updated
2017-07-29
gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-07-11
Updated
2016-10-18
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.
Max CVSS
10.0
EPSS Score
2.69%
Published
2004-12-06
Updated
2017-07-11
3 vulnerabilities found