CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-2002-0415 Dir. Trav. 2002-08-12 2008-09-05
1.7
None Local Low Single system Partial None None
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
802 CVE-2002-0296 2002-05-31 2017-07-10
1.2
None Local High Not required None Partial None
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
803 CVE-2002-0271 2002-05-29 2016-10-17
1.2
None Local High Not required None Partial None
Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.
804 CVE-2002-0141 2002-03-25 2008-11-04
1.2
None Local High Not required None Partial None
Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file.
805 CVE-2001-1346 2001-05-18 2008-09-10
1.2
None Local High Not required None Partial None
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
806 CVE-2001-1333 2001-05-10 2008-09-05
1.2
None Local High Not required None Partial None
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
807 CVE-2001-1331 2001-05-03 2008-09-10
1.2
None Local High Not required None Partial None
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
808 CVE-2001-1301 2001-08-07 2008-09-05
1.2
None Local High Not required None Partial None
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
809 CVE-2001-1276 2001-06-21 2016-10-17
1.2
None Local High Not required None Partial None
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.
810 CVE-2001-1256 2001-06-11 2017-12-18
1.2
None Local High Not required None Partial None
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
811 CVE-2001-1146 2001-07-11 2017-10-09
1.2
None Local High Not required None Partial None
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.
812 CVE-2001-1047 DoS 2001-06-02 2017-12-18
1.2
None Local High Not required None None Partial
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
813 CVE-2001-0887 2002-01-15 2017-10-09
1.2
None Local High Not required None Partial None
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.
814 CVE-2001-0222 2001-03-26 2017-10-09
1.2
None Local High Not required None Partial None
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
815 CVE-2001-0143 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
816 CVE-2001-0142 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
817 CVE-2001-0141 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
818 CVE-2001-0140 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
819 CVE-2001-0139 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
820 CVE-2001-0138 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
821 CVE-2001-0132 2001-03-12 2008-09-05
1.2
None Local High Not required None Partial None
Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack.
822 CVE-2001-0131 2001-03-12 2017-12-18
1.2
None Local High Not required None Partial None
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
823 CVE-2001-0125 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.
824 CVE-2001-0120 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.
825 CVE-2001-0119 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.
826 CVE-2001-0118 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.
827 CVE-2001-0117 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.
828 CVE-2001-0116 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.
829 CVE-2001-0109 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file.
830 CVE-2001-0095 2001-02-12 2018-10-30
1.2
None Local High Not required None Partial None
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file.
831 CVE-2001-0036 2001-02-16 2017-10-09
1.2
None Local High Not required None Partial None
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.
832 CVE-2000-1045 DoS 2000-12-11 2017-10-09
1.2
None Local High Not required None None Partial
nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.
833 CVE-2000-0959 2000-12-19 2017-10-09
1.2
None Local High Not required None Partial None
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
834 CVE-2000-0890 2001-02-16 2018-05-02
1.2
None Local High Not required None Partial None
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.
835 CVE-2000-0723 2000-10-20 2008-09-05
1.2
None Local High Not required None None Partial
Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config.
836 CVE-2000-0718 2000-10-20 2008-09-05
1.2
None Local High Not required None Partial None
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
837 CVE-2000-0371 1999-03-01 2008-09-10
1.2
None Local High Not required None Partial None
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.
838 CVE-2000-0224 +Priv 2000-02-15 2008-09-10
1.2
None Local High Not required None Partial None
ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.
839 CVE-2000-0210 2000-02-21 2008-09-10
1.2
None Local High Not required None Partial None
The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.
840 CVE-2000-0154 2000-02-16 2008-09-10
1.2
None Local High Not required None Partial None
The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.
841 CVE-1999-1486 1998-02-25 2017-10-09
1.2
None Local High Not required None Partial None
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
842 CVE-1999-1480 1998-06-11 2008-09-05
1.2
None Local High Not required None Partial None
(1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack.
843 CVE-1999-1042 1999-12-31 2008-09-05
1.2
None Local High Not required Partial None None
Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings.
844 CVE-1999-0475 1999-04-05 2008-09-09
1.2
None Local High Not required Partial None None
A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail.
845 CVE-1999-0371 1999-02-11 2008-09-09
1.2
None Local High Not required Partial None None
Lynx allows a local user to overwrite sensitive files through /tmp symlinks.
846 CVE-1999-0078 Exec Code 1996-04-18 2018-10-30
1.9
None Local Medium Not required Partial None None
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
Total number of vulnerabilities : 845   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.