CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6101 CVE-2005-0619 +Priv 2005-02-28 2017-10-19
2.1
None Local Low Not required Partial None None
Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges.
6102 CVE-2005-0596 DoS 2005-05-02 2008-09-05
2.1
None Local Low Not required None None Partial
PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.
6103 CVE-2005-0593 2005-03-04 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.
6104 CVE-2005-0591 2005-05-02 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."
6105 CVE-2005-0587 2005-03-25 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
6106 CVE-2005-0586 2005-05-02 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
6107 CVE-2005-0585 2005-03-25 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
6108 CVE-2005-0584 2005-05-02 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
6109 CVE-2005-0580 2005-02-25 2008-09-05
2.1
None Local Low Not required Partial None None
cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file.
6110 CVE-2005-0578 2005-05-02 2017-10-11
2.1
None Local Low Not required None None Partial
Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.
6111 CVE-2005-0550 DoS Overflow 2005-05-02 2018-10-12
2.1
None Local Low Not required None None Partial
Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
6112 CVE-2005-0532 Overflow 2005-05-02 2016-10-18
2.1
None Local Low Not required None None Partial
The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types.
6113 CVE-2005-0531 Overflow 2005-05-02 2017-10-11
2.1
None Local Low Not required None Partial None
The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments.
6114 CVE-2005-0530 2005-05-02 2017-10-19
2.1
None Local Low Not required Partial None None
Signedness error in the copy_from_read_buf function in n_tty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument.
6115 CVE-2005-0529 Overflow 2005-05-02 2017-10-11
2.1
None Local Low Not required Partial None None
Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context.
6116 CVE-2005-0521 +Priv 2005-02-23 2008-09-05
2.1
None Local Low Not required Partial None None
SendLink 1.5 stores sensitive information, possibly including passwords, in plaintext in the data.eat file, which allows local users to gain privileges.
6117 CVE-2005-0518 +Priv 2005-02-23 2008-09-05
2.1
None Local Low Not required Partial None None
eXeem 0.21 stores sensitive information such as passwords in plaintext in the Exeem registry key, which allows local users to gain privileges via the proxy_user and proxy_password values.
6118 CVE-2005-0517 +Priv 2005-02-23 2008-09-05
2.1
None Local Low Not required Partial None None
PeerFTP_5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges.
6119 CVE-2005-0515 2005-05-18 2008-09-05
2.1
None Local Low Not required None Partial None
Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files.
6120 CVE-2005-0510 DoS 2005-03-14 2008-09-05
2.1
None Local Low Not required None None Partial
The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty.
6121 CVE-2005-0492 20 DoS 2005-05-02 2017-07-11
2.6
None Remote High Not required None None Partial
Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node.
6122 CVE-2005-0465 2005-05-02 2008-09-05
2.1
None Local Low Not required None Partial None
gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option.
6123 CVE-2005-0464 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does not drop privileges when opening description files while in debug mode, which allows local users to read a line from arbitrary files via the -d and -D options, which prints the line as a formatting error.
6124 CVE-2005-0422 +Priv 2005-04-27 2017-07-11
2.1
None Local Low Not required Partial None None
DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges.
6125 CVE-2005-0421 +Priv 2005-04-27 2017-07-11
2.1
None Local Low Not required Partial None None
DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges.
6126 CVE-2005-0406 +Info 2005-02-14 2008-09-10
2.1
None Local Low Not required Partial None None
A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.
6127 CVE-2005-0402 Exec Code 2005-05-02 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.
6128 CVE-2005-0400 +Info 2005-05-02 2018-10-03
2.1
None Local Low Not required Partial None None
The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.
6129 CVE-2005-0396 DoS 2005-05-02 2018-10-19
2.1
None Local Low Not required None None Partial
Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process."
6130 CVE-2005-0387 2005-05-02 2008-09-05
2.1
None Local Low Not required None Partial None
remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
6131 CVE-2005-0365 2005-05-02 2017-10-11
2.1
None Local Low Not required None Partial None
The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
6132 CVE-2005-0348 Dir. Trav. 2005-05-02 2017-07-11
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. (dot dot) in the FILENAME tag.
6133 CVE-2005-0346 2005-05-02 2017-07-11
2.1
None Local Low Not required Partial None None
SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) in cleartext in memory of the IreIKE.exe process, which allows local users to gain sensitive information if they have access to that process.
6134 CVE-2005-0342 +Priv 2005-05-02 2017-07-11
2.1
None Local Low Not required None Partial None
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.
6135 CVE-2005-0331 Dir. Trav. 2005-05-02 2017-07-11
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.
6136 CVE-2005-0330 DoS Exec Code Overflow 2005-05-02 2017-07-11
2.1
None Local Low Not required None None Partial
Buffer overflow in Painkiller 1.35 and earlier, and possibly other versions before 1.61, allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long cd-key hash.
6137 CVE-2005-0329 Dir. Trav. 2005-05-02 2017-07-11
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences.
6138 CVE-2005-0321 2005-05-02 2017-07-11
2.1
None Local Low Not required Partial None None
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path.
6139 CVE-2005-0318 2005-01-28 2016-10-18
2.1
None Local Low Not required None Partial None
useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.
6140 CVE-2005-0312 DoS 2005-01-27 2017-07-11
2.1
None Local Low Not required None None Partial
WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability.
6141 CVE-2005-0261 2005-02-10 2017-07-11
2.1
None Local Low Not required Partial None None
lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.
6142 CVE-2005-0232 2005-05-02 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."
6143 CVE-2005-0231 Bypass 2005-02-07 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
6144 CVE-2005-0225 2005-05-02 2017-07-11
2.1
None Local Low Not required None Partial None
firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack.
6145 CVE-2005-0207 DoS 2005-05-02 2017-10-11
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
6146 CVE-2005-0204 2005-05-02 2017-10-11
2.1
None Local Low Not required None Partial None
Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction.
6147 CVE-2005-0201 2005-06-29 2018-10-03
2.1
None Local Low Not required Partial None None
D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.
6148 CVE-2005-0192 Dir. Trav. 2004-10-06 2017-12-12
2.6
None Remote High Not required Partial None None
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
6149 CVE-2005-0190 Dir. Trav. Bypass 2004-09-29 2017-11-16
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
6150 CVE-2005-0184 Dir. Trav. 2005-05-02 2017-07-11
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.