CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-2003-1080 2003-02-11 2018-10-30
1.2
None Local High Not required Partial None None
Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.
852 CVE-2003-1073 2003-12-31 2018-10-30
1.2
None Local High Not required None Partial None
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
853 CVE-2003-1061 DoS 2003-10-14 2018-10-30
1.2
None Local High Not required None None Partial
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
854 CVE-2003-0986 DoS 2003-12-31 2017-10-10
1.7
None Local Low Single system None None Partial
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.
855 CVE-2003-0669 DoS 2003-08-27 2018-10-30
1.2
None Local High Not required None None Partial
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
856 CVE-2003-0462 DoS 2003-08-27 2017-10-10
1.2
None Local High Not required None None Partial
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
857 CVE-2003-0438 2003-07-24 2008-09-05
1.2
None Local High Not required None Partial None
eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
858 CVE-2003-0120 2003-03-07 2008-09-05
1.2
None Local High Not required None Partial None
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.
859 CVE-2003-0086 2003-03-31 2018-10-19
1.2
None Local High Not required None Partial None
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
860 CVE-2002-2283 264 2002-12-31 2017-08-16
1.9
None Local Medium Not required Partial None None
Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users.
861 CVE-2002-2001 2002-12-31 2008-09-10
1.2
None Local High Not required None Partial None
jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
862 CVE-2002-1785 XSS 2002-12-31 2008-09-05
1.9
None Local Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.
863 CVE-2002-1674 DoS 2002-12-31 2017-07-10
1.2
None Local High Not required None None Partial
procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to.
864 CVE-2002-1563 DoS 2003-05-12 2016-10-17
1.2
None Local High Not required None None Partial
stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter.
865 CVE-2002-1508 2003-02-19 2008-09-10
1.2
None Local High Not required None Partial None
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.
866 CVE-2002-0824 2002-08-12 2016-10-17
1.2
None Local High Not required None Partial None
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.
867 CVE-2002-0760 2002-08-12 2008-09-05
1.2
None Local High Not required Partial None None
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
868 CVE-2002-0435 2002-07-26 2008-09-05
1.2
None Local High Not required None Partial None
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
869 CVE-2002-0415 Dir. Trav. 2002-08-12 2008-09-05
1.7
None Local Low Single system Partial None None
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
870 CVE-2002-0296 2002-05-31 2017-07-10
1.2
None Local High Not required None Partial None
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
871 CVE-2002-0271 2002-05-29 2016-10-17
1.2
None Local High Not required None Partial None
Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.
872 CVE-2002-0141 2002-03-25 2008-11-04
1.2
None Local High Not required None Partial None
Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file.
873 CVE-2001-1346 2001-05-18 2008-09-10
1.2
None Local High Not required None Partial None
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
874 CVE-2001-1333 2001-05-10 2008-09-05
1.2
None Local High Not required None Partial None
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
875 CVE-2001-1331 2001-05-03 2008-09-10
1.2
None Local High Not required None Partial None
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
876 CVE-2001-1301 2001-08-07 2008-09-05
1.2
None Local High Not required None Partial None
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
877 CVE-2001-1276 2001-06-21 2016-10-17
1.2
None Local High Not required None Partial None
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.
878 CVE-2001-1256 2001-06-11 2017-12-18
1.2
None Local High Not required None Partial None
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
879 CVE-2001-1146 2001-07-11 2017-10-09
1.2
None Local High Not required None Partial None
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.
880 CVE-2001-1047 DoS 2001-06-02 2017-12-18
1.2
None Local High Not required None None Partial
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
881 CVE-2001-0887 2002-01-15 2017-10-09
1.2
None Local High Not required None Partial None
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.
882 CVE-2001-0222 2001-03-26 2017-10-09
1.2
None Local High Not required None Partial None
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
883 CVE-2001-0143 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
884 CVE-2001-0142 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
885 CVE-2001-0141 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
886 CVE-2001-0140 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
887 CVE-2001-0139 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
888 CVE-2001-0138 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
889 CVE-2001-0132 2001-03-12 2008-09-05
1.2
None Local High Not required None Partial None
Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack.
890 CVE-2001-0131 2001-03-12 2017-12-18
1.2
None Local High Not required None Partial None
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
891 CVE-2001-0125 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.
892 CVE-2001-0120 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.
893 CVE-2001-0119 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.
894 CVE-2001-0118 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.
895 CVE-2001-0117 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.
896 CVE-2001-0116 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.
897 CVE-2001-0109 2001-03-12 2017-10-09
1.2
None Local High Not required None Partial None
rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file.
898 CVE-2001-0095 2001-02-12 2018-10-30
1.2
None Local High Not required None Partial None
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file.
899 CVE-2001-0036 2001-02-16 2017-10-09
1.2
None Local High Not required None Partial None
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.
900 CVE-2000-1045 DoS 2000-12-11 2017-10-09
1.2
None Local High Not required None None Partial
nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.
Total number of vulnerabilities : 914   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 (This Page)19
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.