MidnightBSD

Advisories for critical_path

CVE-2001-1314 HIGH

Buffer overflows in Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
critical_path injoin_directory_server 2.0
critical_path livecontent_directory 8a3
critical_path injoin_directory_server 3.0
critical_path injoin_directory_server 4.0
critical_path injoin_directory_server 2.1
critical_path injoin_directory_server 3.1
CVE-2001-1315 HIGH

Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
critical_path injoin_directory_server 2.0
critical_path livecontent_directory 8a3
critical_path injoin_directory_server 3.0
critical_path injoin_directory_server 4.0
critical_path injoin_directory_server 2.1
critical_path injoin_directory_server 3.1
CVE-2002-0786 MEDIUM

iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
critical_path injoin_directory_server 4.0
CVE-2002-0787 HIGH

Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
critical_path injoin_directory_server 4.0