MidnightBSD

Advisories for sawmill

CVE-2000-0588 MEDIUM

SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
sawmill sawmill 5.0.21
CVE-2000-0589 HIGH

SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
sawmill sawmill 5.0.21
CVE-2002-0265 MEDIUM

Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permissions, which allows local users to gain privileges by modifying the file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sawmill sawmill 6.2.6
sawmill sawmill 6.2.2
sawmill sawmill 6.2
sawmill sawmill 6.2.9
sawmill sawmill 6.2.3
sawmill sawmill 6.2.8
sawmill sawmill 6.2.11
sawmill sawmill 6.2.14
sawmill sawmill 6.2.1
sawmill sawmill 6.2.10
sawmill sawmill 6.2.5
sawmill sawmill 6.2.7
sawmill sawmill 6.2.12
sawmill sawmill 6.2.13
sawmill sawmill 6.2.4
sawmill sawmill 6.2.8a
CVE-2005-1900 HIGH

Sawmill before 7.1.6 allows remote attackers to bypass authentication and (1) gain administrative privileges or (2) add a license.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sawmill sawmill 7.1.1b
sawmill sawmill 7.1.3
sawmill sawmill 7.1.1
sawmill sawmill 7.1.5
sawmill sawmill *
sawmill sawmill 7.1.4
sawmill sawmill 7.1.2
CVE-2005-1901 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the username in the Add User window or (2) the license key in the Licensing page.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sawmill sawmill 7.1.1b
sawmill sawmill 7.1.3
sawmill sawmill 7.1.1
sawmill sawmill 7.1.5
sawmill sawmill *
sawmill sawmill 7.1.4
sawmill sawmill 7.1.2
CVE-2005-2950 MEDIUM

Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sawmill sawmill 7.1.3
sawmill sawmill 7.1.1
sawmill sawmill 7.0.8
sawmill sawmill 7.1.7
sawmill sawmill 7.0.0
sawmill sawmill 7.0.4
sawmill sawmill 7.0.10h
sawmill sawmill 7.0.10
sawmill sawmill 7.0.10k
sawmill sawmill 7.1
sawmill sawmill 7.0.5
sawmill sawmill 7.0.10b
sawmill sawmill 7.0.10d
sawmill sawmill 7.1.6
sawmill sawmill 7.0.2
sawmill sawmill 7.0.7
sawmill sawmill 7.0.10e
sawmill sawmill 7.1.9
sawmill sawmill 7.0.6
sawmill sawmill 7.0.10j
sawmill sawmill 7.1.4
sawmill sawmill 7.1.2
sawmill sawmill 7.1.10
sawmill sawmill 7.1.13
sawmill sawmill 7.0.10c
sawmill sawmill 7.0.10i
sawmill sawmill 7.0.10f
sawmill sawmill 7.1.5
sawmill sawmill 7.0.9
sawmill sawmill 7.0.10g
sawmill sawmill 7.1.12
sawmill sawmill 7.0.3
sawmill sawmill 7.1.11
sawmill sawmill 7.0.1
sawmill sawmill 7.0.10a
sawmill sawmill 7.1.14
sawmill sawmill 7.1.8
CVE-2010-1079 MEDIUM

Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sawmill sawmill 6.2.9
sawmill sawmill 7.1.1
sawmill sawmill 7.0.8
sawmill sawmill 7.1.7
sawmill sawmill 6.2.8
sawmill sawmill 6.2.11
sawmill sawmill 7.0.10h
sawmill sawmill 7.0.10
sawmill sawmill 6.2.14
sawmill sawmill 6.2.7
sawmill sawmill 7.0.5
sawmill sawmill 7.0.10b
sawmill sawmill 7.1.6
sawmill sawmill 7.0.2
sawmill sawmill 7.0.7
sawmill sawmill 7.1.9
sawmill sawmill 7.2.3
sawmill sawmill *
sawmill sawmill 7.1.4
sawmill sawmill 7.1.2
sawmill sawmill 7.1.10
sawmill sawmill 6.2.6
sawmill sawmill 6.2.2
sawmill sawmill 7.0.10c
sawmill sawmill 7.0.10f
sawmill sawmill 7.2.12
sawmill sawmill 7.1.5
sawmill sawmill 7.2.5
sawmill sawmill 7.2.2
sawmill sawmill 5.0.21
sawmill sawmill 7.1.12
sawmill sawmill 7.2.1
sawmill sawmill 6.2.12
sawmill sawmill 7.2
sawmill sawmill 7.0.10a
sawmill sawmill 6.2.13
sawmill sawmill 7.1.8
sawmill sawmill 7.2.9
sawmill sawmill 7.1.3
sawmill sawmill 6.2
sawmill sawmill 7.2.6
sawmill sawmill 6.2.3
sawmill sawmill 7.0.0
sawmill sawmill 7.0.4
sawmill sawmill 7.2.13
sawmill sawmill 7.2.15
sawmill sawmill 7.0.10k
sawmill sawmill 7.1
sawmill sawmill 7.2.8
sawmill sawmill 7.2.10
sawmill sawmill 7.0.10d
sawmill sawmill 7.2.11
sawmill sawmill 7.0.10e
sawmill sawmill 7.0.6
sawmill sawmill 6.2.8a
sawmill sawmill 7.0.10j
sawmill sawmill 7.2.4
sawmill sawmill 7.1.1b
sawmill sawmill 7.1.13
sawmill sawmill 7.0.10i
sawmill sawmill 7.2.7
sawmill sawmill 7.0.9
sawmill sawmill 7.0.10g
sawmill sawmill 6.2.1
sawmill sawmill 6.2.10
sawmill sawmill 7.2.14
sawmill sawmill 6.2.5
sawmill sawmill 7.0.3
sawmill sawmill 7.1.11
sawmill sawmill 7.0.1
sawmill sawmill 7.1.14
sawmill sawmill 6.2.4
sawmill sawmill 7.2.16
CVE-2013-4947 HIGH

Unspecified vulnerability in the update and build database page in Sawmill before 8.6.3 allows remote attackers to have unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sawmill sawmill 8.5
sawmill sawmill 8.0.1
sawmill sawmill 8.0.3
sawmill sawmill 8.0.4
sawmill sawmill 8.0.8
sawmill sawmill 8.0.9
sawmill sawmill 8.1.0
sawmill sawmill 8.0.6
sawmill sawmill 8.5.4
sawmill sawmill 8.5.3
sawmill sawmill 8.1.7
sawmill sawmill 8.5.1
sawmill sawmill 8.1.4
sawmill sawmill 8.5.2
sawmill sawmill 8.0.0
sawmill sawmill 8.5.0
sawmill sawmill 8.0.2
sawmill sawmill *
sawmill sawmill 8.6.1
sawmill sawmill 8.5.7
sawmill sawmill 8.0.5
sawmill sawmill 8.1.6
sawmill sawmill 8.1.8
sawmill sawmill 8.1.3
sawmill sawmill 8.0.7
sawmill sawmill 8.5.8
sawmill sawmill 8.5.9
sawmill sawmill 8.1.9
sawmill sawmill 8.1.2
sawmill sawmill 8.5.6
sawmill sawmill 8.1.1
sawmill sawmill 8.1.5
sawmill sawmill 8.1.10
sawmill sawmill 8.5.5
sawmill sawmill 8.6.0
CVE-2017-5496 MEDIUM

Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
sawmill sawmill 8.7.9