CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN : Security Vulnerabilities Published In 2005 (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4795 +Priv 2005-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the multi-language environment library (libmle) in Solaris 7 and 8, as shipped with the Japanese locale, allows local users to gain privileges via unknown attack vectors.
2 CVE-2005-4552 +Priv 2005-12-28 2013-08-22
7.2
Admin Local Low Not required Complete Complete Complete
The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges.
3 CVE-2005-3269 119 DoS Overflow +Priv 2005-10-20 2011-05-19
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges.
4 CVE-2005-2530 +Priv 2005-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."
5 CVE-2005-2529 +Priv 2005-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives."
6 CVE-2005-2072 264 +Priv 2005-06-29 2011-10-11
7.2
Admin Local Low Not required Complete Complete Complete
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
7 CVE-2005-1974 +Priv 2005-06-16 2011-05-19
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used in multiple products and platforms including (1) HP-UX and (2) APC PowerChute, allows applications to assign permissions to themselves and gain privileges.
8 CVE-2005-1973 +Priv 2005-06-16 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges.
9 CVE-2005-1887 +Priv 2005-06-09 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges.
10 CVE-2005-1124 +Priv 2005-05-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API.
11 CVE-2005-0836 +Priv 2005-05-02 2010-05-29
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.
12 CVE-2005-0816 Overflow +Priv 2005-05-02 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.
13 CVE-2005-0418 +Priv 2005-05-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836.
14 CVE-2005-0358 +Priv 2005-08-23 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
15 CVE-2005-0357 +Priv Bypass 2005-08-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
Total number of vulnerabilities : 15   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.