CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3751 CVE-2005-2407 Exec Code 2005-08-01 2010-08-18
2.6
None Remote High Not required None Partial None
A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".
3752 CVE-2005-2353 2005-08-05 2018-10-03
2.1
None Local Low Not required None Partial None
run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
3753 CVE-2005-2343 DoS 2005-12-31 2008-09-05
2.6
None Remote High Not required None None Partial
Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed.
3754 CVE-2005-2311 2005-07-19 2008-09-05
2.1
None Local Low Not required None Partial None
SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files.
3755 CVE-2005-2302 2005-07-19 2016-10-17
2.1
None Local Low Not required None None Partial
PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.
3756 CVE-2005-2300 2005-07-19 2016-10-17
2.1
None Local Low Not required None Partial None
Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file.
3757 CVE-2005-2294 2005-07-18 2017-07-10
2.1
None Local Low Not required Partial None None
Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.
3758 CVE-2005-2293 +Info 2005-07-18 2017-07-10
2.1
None Local Low Not required Partial None None
Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
3759 CVE-2005-2292 +Info 2005-07-18 2017-07-10
2.1
None Local Low Not required Partial None None
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
3760 CVE-2005-2283 DoS 2005-07-18 2008-09-05
2.1
None Local Low Not required None None Partial
WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file.
3761 CVE-2005-2274 2005-07-13 2008-09-05
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
3762 CVE-2005-2273 2005-07-13 2008-09-05
2.6
None Remote High Not required None Partial None
Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
3763 CVE-2005-2272 2005-07-13 2017-07-10
2.6
None Remote High Not required None Partial None
Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
3764 CVE-2005-2271 2005-07-13 2008-09-05
2.6
None Remote High Not required None Partial None
iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
3765 CVE-2005-2268 2005-07-13 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
3766 CVE-2005-2240 2005-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file.
3767 CVE-2005-2238 DoS 2005-07-12 2008-09-05
2.1
None Local Low Not required None None Partial
ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.
3768 CVE-2005-2231 2005-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
3769 CVE-2005-2230 2005-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files.
3770 CVE-2005-2196 2005-07-19 2008-09-05
2.1
None Local Low Not required None Partial None
The Apple AirPort card uses a default WEP key when not connected to a known or trusted network, which can cause it to automatically connect to a malicious network.
3771 CVE-2005-2180 2005-07-11 2016-10-17
2.1
None Local Low Not required None Partial None
gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files.
3772 CVE-2005-2174 2005-07-08 2008-09-05
2.6
None Remote High Not required Partial None None
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.
3773 CVE-2005-2144 Bypass 2005-07-05 2008-09-05
2.1
None Local Low Not required None Partial None
Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file.
3774 CVE-2005-2142 Dir. Trav. 2005-07-05 2008-09-05
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command.
3775 CVE-2005-2134 DoS 2005-07-05 2008-09-10
2.1
None Local Low Not required None None Partial
The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error.
3776 CVE-2005-2133 2005-07-05 2008-09-10
2.1
None Local Low Not required None Partial None
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1915. Reason: This candidate is a duplicate of CVE-2005-1915. Notes: All CVE users should reference CVE-2005-1915 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
3777 CVE-2005-2132 DoS 2005-08-03 2016-10-17
2.1
None Local Low Not required None None Partial
RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests.
3778 CVE-2005-2126 2005-10-21 2018-10-12
2.6
None Remote High Not required None Partial None
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.
3779 CVE-2005-2104 +Info 2005-10-07 2017-10-10
2.1
None Local Low Not required Partial None None
sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory.
3780 CVE-2005-2100 DoS 2005-10-25 2017-10-10
2.1
None Local Low Not required None None Partial
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).
3781 CVE-2005-2097 DoS 2005-08-16 2018-10-19
2.1
None Local Low Not required None None Partial
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
3782 CVE-2005-2078 DoS 2005-06-29 2008-09-05
2.1
None Local Low Not required None None Partial
BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument.
3783 CVE-2005-2076 2005-06-29 2008-09-05
2.1
None Local Low Not required Partial None None
HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen.
3784 CVE-2005-2073 2005-06-29 2008-09-05
2.1
None Local Low Not required None Partial None
Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents.
3785 CVE-2005-2056 DoS 2005-06-29 2008-11-15
2.6
None Remote High Not required None None Partial
The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.
3786 CVE-2005-2032 2005-06-16 2018-10-30
2.1
None Local Low Not required None Partial None
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.
3787 CVE-2005-1981 DoS 2005-08-10 2019-04-30
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
3788 CVE-2005-1944 2005-06-09 2016-10-17
2.1
None Local Low Not required None None Partial
xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp.
3789 CVE-2005-1937 2005-06-14 2017-10-10
2.6
None Remote High Not required None Partial None
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
3790 CVE-2005-1932 +Info 2005-07-05 2008-09-05
2.1
None Local Low Not required None Partial None
Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php.
3791 CVE-2005-1923 DoS 2005-07-05 2008-09-05
2.6
None Remote High Not required None None Partial
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
3792 CVE-2005-1918 22 Dir. Trav. 2005-12-31 2018-10-19
2.6
None Remote High Not required None Partial None
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
3793 CVE-2005-1917 2005-07-05 2008-09-05
2.1
None Local Low Not required None Partial None
kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file.
3794 CVE-2005-1916 2005-07-06 2016-10-17
2.1
None Local Low Not required None Partial None
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3795 CVE-2005-1915 2005-09-02 2008-09-05
2.1
None Local Low Not required None Partial None
The log4sh_readProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames.
3796 CVE-2005-1914 2005-07-18 2008-09-05
2.1
None Local Low Not required None Partial None
CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.
3797 CVE-2005-1913 DoS 2005-09-14 2017-07-10
2.1
None Local Low Not required None None Partial
The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a denial of service (kernel panic) via a non group-leader thread executing a different program than was pending in itimer, which causes the signal to be delivered to the old group-leader task, which does not exist.
3798 CVE-2005-1903 Exec Code Overflow 2005-06-02 2017-07-10
2.1
None Local Low Not required None None Partial
Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to execute arbitrary code via a long CREATE command.
3799 CVE-2005-1880 2005-06-06 2008-09-05
2.1
None Local Low Not required None Partial None
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
3800 CVE-2005-1879 2005-06-09 2008-09-05
2.1
None Local Low Not required None Partial None
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
Total number of vulnerabilities : 4610   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 (This Page)77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.