MidnightBSD

Advisories for changepassword

CVE-2004-1263 HIGH

changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
changepassword changepassword 0.5
changepassword changepassword 0.6
changepassword changepassword 0.2
changepassword changepassword 0.1
changepassword changepassword 0.6.1
changepassword changepassword 0.7
changepassword changepassword 0.8
changepassword changepassword 0.4
changepassword changepassword 0.3