MidnightBSD

Advisories for sandbox

CVE-2005-2449 LOW

Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sandbox sandbox 1.2.5
sandbox sandbox 1.2.1
sandbox sandbox 1.2.2
sandbox sandbox 1.2.5_r2
sandbox sandbox 1.2
sandbox sandbox 1.2.4
sandbox sandbox 1.2.5_r1
sandbox sandbox 1.2.9
sandbox sandbox 1.2.10
sandbox sandbox 1.2.7
sandbox sandbox 1.2.1_r3
sandbox sandbox 1.2.3
sandbox sandbox 1.2.8
sandbox sandbox 1.2.6
CVE-2008-5694 HIGH

PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sandbox sandbox 1.4.1