MidnightBSD

Advisories for geeos_team

CVE-2004-2518 MEDIUM

Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trailing null byte ("%00") to a URL or (2) an invalid LANGUAGE parameter to web.tmpl, which reveals the full installation path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
geeos_team gattaca_server_2003 1.1.10.0
CVE-2004-2519 MEDIUM

Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
geeos_team gattaca_server_2003 1.1.10.0
CVE-2004-2521 MEDIUM

Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
geeos_team gattaca_server_2003 1.1.10.0
CVE-2004-2522 MEDIUM

Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server 2003 1.1.10.0 allows remote attackers to inject arbitrary web script or HTML via the (1) template or (2) language parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
geeos_team gattaca_server_2003 1.1.10.0