CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15601 CVE-2000-0719 2000-10-20 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
VariCAD 7.0 is installed with world-writeable files, which allows local users to replace the VariCAD programs with a Trojan horse program.
15602 CVE-2000-0645 DoS 2000-07-21 2008-09-10
6.4
None Remote Low Not required None Partial Partial
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).
15603 CVE-2000-0571 DoS 2000-07-05 2017-10-09
6.4
None Remote Low Not required None Partial Partial
LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request.
15604 CVE-2000-0539 +Info 2000-06-22 2017-10-09
6.4
None Remote Low Not required Partial Partial None
Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.
15605 CVE-2000-0381 2000-05-05 2008-09-10
6.4
None Remote Low Not required Partial Partial None
The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter.
15606 CVE-2000-0363 +Priv 1999-10-22 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.
15607 CVE-2000-0303 2000-05-03 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack.
15608 CVE-2000-0297 Bypass 2000-04-03 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables.
15609 CVE-2000-0283 2000-04-12 2008-09-10
6.4
None Remote Low Not required Partial None Partial
The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.
15610 CVE-2000-0237 2000-03-11 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.
15611 CVE-2000-0206 +Priv 2000-03-05 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.
15612 CVE-2000-0205 2000-03-03 2008-09-10
6.4
None Remote Low Not required None Partial Partial
Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.
15613 CVE-2000-0151 Exec Code 2000-02-01 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands.
15614 CVE-2000-0092 2000-01-19 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
15615 CVE-2000-0045 2000-01-11 2008-09-10
6.4
None Remote Low Not required Partial Partial None
MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.
15616 CVE-2000-0031 +Priv 2000-10-20 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.
15617 CVE-2000-0027 +Priv 1999-12-27 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.
15618 CVE-2000-0024 Bypass 1999-12-21 2018-10-12
6.4
None Remote Low Not required Partial Partial None
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
15619 CVE-1999-1485 DoS 1999-05-31 2017-12-18
6.4
None Remote Low Not required Partial None Partial
nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP port, which allows remote attackers to view files and cause a possible denial of service by mounting the nsd virtual file system.
15620 CVE-1999-1468 +Priv 1991-10-22 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
15621 CVE-1999-1428 +Priv 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.
15622 CVE-1999-1427 +Priv 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges.
15623 CVE-1999-1426 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files.
15624 CVE-1999-1425 +Priv 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.
15625 CVE-1999-1424 1997-11-10 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.
15626 CVE-1999-1421 DoS 1998-07-20 2016-10-17
6.4
None Remote Low Not required None Partial Partial
NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names.
15627 CVE-1999-1410 +Priv 1997-05-09 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root privileges via a symlink attack on the printers temporary file.
15628 CVE-1999-1398 1997-05-07 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack.
15629 CVE-1999-1388 1994-05-13 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.
15630 CVE-1999-1361 DoS 1998-05-09 2016-10-17
6.4
None Remote Low Not required None Partial Partial
Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes the server to slow down and fill the event logs with error messages.
15631 CVE-1999-1335 1999-12-31 2017-10-09
6.4
None Remote Low Not required Partial Partial None
snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information.
15632 CVE-1999-1274 1997-12-29 2017-12-18
6.4
None Remote Low Not required Partial Partial None
iPass RoamServer 3.1 creates temporary files with world-writable permissions.
15633 CVE-1999-1167 XSS 1999-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation.
15634 CVE-1999-1162 DoS 1993-05-24 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.
15635 CVE-1999-1097 1999-05-04 2017-12-18
6.4
None Remote Low Not required Partial Partial None
Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
15636 CVE-1999-1022 +Priv 1994-10-02 2017-12-18
6.2
Admin Local High Not required Complete Complete Complete
serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via a Trojan horse ls program.
15637 CVE-1999-0965 1997-09-19 2008-09-09
6.2
Admin Local High Not required Complete Complete Complete
Race condition in xterm allows local users to modify arbitrary files via the logging option.
15638 CVE-1999-0961 +Priv 1996-09-21 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
15639 CVE-1999-0772 DoS 1999-06-01 2008-09-09
6.4
None Remote Low Not required Partial None Partial
Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301.
15640 CVE-1999-0764 1999-05-01 2008-09-09
6.4
None Remote Low Not required None Partial Partial
NetBSD allows ARP packets to overwrite static ARP entries.
15641 CVE-1999-0763 1999-05-01 2008-09-09
6.4
None Remote Low Not required None Partial Partial
NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.
15642 CVE-1999-0740 DoS 1999-08-19 2008-09-09
6.4
None Remote Low Not required Partial None Partial
Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable.
15643 CVE-1999-0718 +Priv 2001-03-12 2017-10-09
6.2
Admin Local High Not required Complete Complete Complete
IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key.
15644 CVE-1999-0700 119 Overflow 1999-07-29 2018-10-12
6.2
None Local High Not required Complete Complete Complete
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
15645 CVE-1999-0520 1999-01-01 2005-10-20
6.4
None Remote Low Not required Partial Partial None
A system-critical NETBIOS/SMB share has inappropriate access control.
15646 CVE-1999-0425 1999-03-18 2008-09-09
6.4
None Remote Low Not required None Partial Partial
talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.
15647 CVE-1999-0418 DoS 1999-03-08 2016-10-17
6.4
None Remote Low Not required Partial None Partial
Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g. spammer) uses many "RCPT TO" commands in the same connection.
15648 CVE-1999-0351 DoS 1999-02-01 2018-05-02
6.4
None Remote Low Not required Partial None Partial
FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client.
15649 CVE-1999-0350 1999-02-08 2008-09-09
6.2
Admin Local High Not required Complete Complete Complete
Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.
15650 CVE-1999-0342 1998-12-01 2008-09-09
6.2
Admin Local High Not required Complete Complete Complete
Linux PAM modules allow local users to gain root access using temporary files.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.