CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6701 CVE-2001-0169 2001-03-26 2017-10-10
2.1
None Local Low Not required None Partial None
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
6702 CVE-2001-0156 2001-06-02 2017-10-10
2.1
None Local Low Not required None Partial None
VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems.
6703 CVE-2001-0152 2001-05-03 2018-10-12
2.1
None Local Low Not required Partial None None
The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.
6704 CVE-2001-0135 2001-03-12 2016-10-18
2.1
None Local Low Not required None Partial None
The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs.
6705 CVE-2001-0105 2001-02-12 2017-10-10
2.1
None Local Low Not required None Partial None
Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group.
6706 CVE-2001-0092 2001-02-16 2018-10-12
2.6
None Remote High Not required Partial None None
A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability.
6707 CVE-2001-0091 2001-02-16 2018-10-12
2.6
None Remote High Not required Partial None None
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.
6708 CVE-2001-0089 2001-02-16 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.
6709 CVE-2001-0079 2001-02-12 2008-09-05
2.1
None Local Low Not required None Partial None
Support Tools Manager (STM) A.22.00 for HP-UX allows local users to overwrite arbitrary files via a symlink attack on the tool_stat.txt log file.
6710 CVE-2001-0078 2001-02-12 2017-10-10
2.1
None Local Low Not required Partial None None
in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS.
6711 CVE-2001-0073 Overflow 2001-02-12 2008-09-05
2.1
None Local Low Not required None Partial None
Buffer overflow in the find_default_type function in libsecure in NSA Security-enhanced Linux, which may allow attackers to modify critical data in memory.
6712 CVE-2001-0071 2001-02-12 2017-10-10
2.1
None Local Low Not required None Partial None
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
6713 CVE-2001-0069 2001-02-12 2017-10-10
2.1
None Local Low Not required None Partial None
dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack.
6714 CVE-2001-0068 2001-02-12 2017-12-19
2.6
None Remote High Not required Partial None None
Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter.
6715 CVE-2001-0067 2001-02-12 2017-12-19
2.1
None Local Low Not required Partial None None
The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set.
6716 CVE-2001-0062 DoS 2001-02-12 2017-10-10
2.1
None Local Low Not required None None Partial
procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang.
6717 CVE-2001-0052 DoS 2001-02-16 2017-12-19
2.1
None Local Low Not required None None Partial
IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query.
6718 CVE-2001-0040 2001-02-16 2017-10-10
2.1
None Local Low Not required None None Partial
APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.
6719 CVE-2001-0020 Dir. Trav. 2001-02-12 2017-10-10
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack.
6720 CVE-2001-0019 DoS 2001-02-12 2008-09-05
2.1
None Local Low Not required None None Partial
Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands.
6721 CVE-2001-0006 DoS 2001-02-12 2018-10-12
2.1
None Local Low Not required None None Partial
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
6722 CVE-2000-1247 16 2011-10-05 2017-08-29
2.1
None Local Low Not required Partial None None
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
6723 CVE-2000-1198 DoS 2001-08-31 2016-10-18
2.1
None Local Low Not required None None Partial
qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.
6724 CVE-2000-1197 DoS 2001-08-31 2016-10-18
2.1
None Local Low Not required None None Partial
POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
6725 CVE-2000-1190 2001-08-31 2016-10-18
2.1
None Local Low Not required None Partial None
imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.
6726 CVE-2000-1178 2001-01-09 2018-05-03
2.1
None Local Low Not required None Partial None
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
6727 CVE-2000-1146 DoS 2001-01-09 2017-10-10
2.1
None Local Low Not required None None Partial
Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.
6728 CVE-2000-1144 2001-01-09 2017-10-10
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.
6729 CVE-2000-1143 2001-01-09 2017-10-10
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.
6730 CVE-2000-1142 Exec Code 2001-01-09 2017-10-10
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system.
6731 CVE-2000-1141 2001-01-09 2017-10-10
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.
6732 CVE-2000-1140 2001-01-09 2017-10-10
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem.
6733 CVE-2000-1083 DoS Exec Code 2001-01-09 2018-10-12
2.1
None Local Low Not required None None Partial
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
6734 CVE-2000-1018 2000-12-11 2017-10-10
2.1
None Local Low Not required Partial None None
shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file.
6735 CVE-2000-1003 DoS 2000-12-11 2017-10-10
2.6
None Remote High Not required None None Partial
NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.
6736 CVE-2000-0972 2000-12-19 2017-10-10
2.1
None Local Low Not required Partial None None
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
6737 CVE-2000-0936 2000-12-19 2017-10-10
2.1
None Local Low Not required Partial None None
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.
6738 CVE-2000-0928 2000-12-19 2017-10-10
2.1
None Local Low Not required Partial None None
WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares.
6739 CVE-2000-0892 +Info 2001-07-21 2017-10-10
2.6
None Remote High Not required Partial None None
Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.
6740 CVE-2000-0881 2000-11-14 2017-12-19
2.1
None Local Low Not required Partial None None
The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files.
6741 CVE-2000-0879 2000-11-14 2017-12-19
2.1
None Local Low Not required None None Partial
LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services.
6742 CVE-2000-0873 2000-11-14 2017-10-10
2.1
None Local Low Not required None Partial None
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.
6743 CVE-2000-0866 DoS 2000-11-14 2017-12-19
2.1
None Local Low Not required None None Partial
Interbase 6 SuperServer for Linux allows an attacker to cause a denial of service via a query containing 0 bytes.
6744 CVE-2000-0849 DoS 2000-11-14 2018-10-12
2.6
None Remote High Not required None None Partial
Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.
6745 CVE-2000-0829 DoS 2000-11-14 2017-10-10
2.1
None Local Low Not required None None Partial
The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.
6746 CVE-2000-0816 Exec Code 2000-10-06 2017-10-10
2.1
None Local Low Not required None Partial None
Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.
6747 CVE-2000-0771 DoS 2000-10-20 2018-10-12
2.1
None Local Low Not required None None Partial
Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
6748 CVE-2000-0768 2000-10-20 2018-10-12
2.6
None Remote High Not required Partial None None
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
6749 CVE-2000-0767 2000-10-20 2018-10-12
2.6
None Remote High Not required Partial None None
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.
6750 CVE-2000-0754 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.