RSS   Vulnerabilities for 'Gnucash'   RSS

2010-11-05
 
CVE-2010-3999

CWE-DesignError
 

 
gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

 
2007-02-19
 
CVE-2007-0007

 

 
gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.

 


Copyright 2024, cxsecurity.com

 

Back to Top