CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-2004-1865 XSS 2004-03-26 2017-07-10
1.9
None Local Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability.
802 CVE-2004-1191 2005-01-10 2017-07-10
1.2
None Local High Not required Partial None None
Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages."
803 CVE-2004-1069 DoS 2005-01-10 2017-07-10
1.2
None Local High Not required None None Partial
Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function.
804 CVE-2004-1058 2005-01-10 2018-10-03
1.2
None Local High Not required Partial None None
Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.
805 CVE-2004-0880 2005-01-27 2017-07-10
1.2
None Local High Not required None Partial None
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
806 CVE-2004-0814 DoS 2004-12-23 2017-10-10
1.2
None Local High Not required None None Partial
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.
807 CVE-2004-0404 2004-07-07 2017-07-10
1.2
None Local High Not required None Partial None
logcheck before 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary directory in /var/tmp.
808 CVE-2003-1588 255 +Info 2010-02-08 2017-08-16
1.9
None Local Medium Not required Partial None None
Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file.
809 CVE-2003-1447 310 2003-12-31 2017-07-28
1.9
None Local Medium Not required Partial None None
IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.
810 CVE-2003-1399 +Info 2003-12-31 2017-07-28
1.9
None Local Medium Not required Partial None None
eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.
811 CVE-2003-1080 2003-02-11 2018-10-30
1.2
None Local High Not required Partial None None
Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.
812 CVE-2003-1073 2003-12-31 2018-10-30
1.2
None Local High Not required None Partial None
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
813 CVE-2003-1061 DoS 2003-10-14 2018-10-30
1.2
None Local High Not required None None Partial
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
814 CVE-2003-0986 DoS 2003-12-31 2017-10-10
1.7
None Local Low Single system None None Partial
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.
815 CVE-2003-0669 DoS 2003-08-27 2018-10-30
1.2
None Local High Not required None None Partial
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
816 CVE-2003-0462 DoS 2003-08-27 2017-10-10
1.2
None Local High Not required None None Partial
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
817 CVE-2003-0438 2003-07-24 2008-09-05
1.2
None Local High Not required None Partial None
eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
818 CVE-2003-0120 2003-03-07 2008-09-05
1.2
None Local High Not required None Partial None
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.
819 CVE-2003-0086 2003-03-31 2018-10-19
1.2
None Local High Not required None Partial None
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
820 CVE-2002-2283 264 2002-12-31 2017-08-16
1.9
None Local Medium Not required Partial None None
Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users.
821 CVE-2002-2001 2002-12-31 2008-09-10
1.2
None Local High Not required None Partial None
jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
822 CVE-2002-1785 XSS 2002-12-31 2008-09-05
1.9
None Local Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.
823 CVE-2002-1674 DoS 2002-12-31 2017-07-10
1.2
None Local High Not required None None Partial
procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to.
824 CVE-2002-1563 DoS 2003-05-12 2016-10-17
1.2
None Local High Not required None None Partial
stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter.
825 CVE-2002-1508 2003-02-19 2008-09-10
1.2
None Local High Not required None Partial None
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.
826 CVE-2002-0824 2002-08-12 2016-10-17
1.2
None Local High Not required None Partial None
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.
827 CVE-2002-0760 2002-08-12 2008-09-05
1.2
None Local High Not required Partial None None
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
828 CVE-2002-0435 2002-07-26 2008-09-05
1.2
None Local High Not required None Partial None
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
829 CVE-2002-0415 Dir. Trav. 2002-08-12 2008-09-05
1.7
None Local Low Single system Partial None None
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
830 CVE-2002-0296 2002-05-31 2017-07-10
1.2
None Local High Not required None Partial None
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
831 CVE-2002-0271 2002-05-29 2016-10-17
1.2
None Local High Not required None Partial None
Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.
832 CVE-2002-0141 2002-03-25 2008-11-04
1.2
None Local High Not required None Partial None
Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file.
833 CVE-2001-1346 2001-05-18 2008-09-10
1.2
None Local High Not required None Partial None
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
834 CVE-2001-1333 2001-05-10 2008-09-05
1.2
None Local High Not required None Partial None
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
835 CVE-2001-1331 2001-05-03 2008-09-10
1.2
None Local High Not required None Partial None
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
836 CVE-2001-1301 2001-08-07 2008-09-05
1.2
None Local High Not required None Partial None
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
837 CVE-2001-1276 2001-06-21 2016-10-17
1.2
None Local High Not required None Partial None
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.
838 CVE-2001-1256 2001-06-11 2017-12-18
1.2
None Local High Not required None Partial None
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
839 CVE-2001-1146 2001-07-11 2017-10-09
1.2
None Local High Not required None Partial None
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.
840 CVE-2001-1047 DoS 2001-06-02 2017-12-18
1.2
None Local High Not required None None Partial
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
841 CVE-2001-0887 2002-01-15 2017-10-09
1.2
None Local High Not required None Partial None
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.
842 CVE-2001-0222 2001-03-26 2017-10-09
1.2
None Local High Not required None Partial None
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
843 CVE-2001-0143 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
844 CVE-2001-0142 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
845 CVE-2001-0141 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
846 CVE-2001-0140 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
847 CVE-2001-0139 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
848 CVE-2001-0138 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
849 CVE-2001-0132 2001-03-12 2008-09-05
1.2
None Local High Not required None Partial None
Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack.
850 CVE-2001-0131 2001-03-12 2017-12-18
1.2
None Local High Not required None Partial None
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
Total number of vulnerabilities : 872   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 (This Page)18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.