CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
27451 CVE-2000-1096 Exec Code 2001-01-09 2018-05-02
3.7
None Local High Not required Partial Partial Partial
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
27452 CVE-2000-1162 2001-01-09 2017-10-09
3.7
None Local High Not required Partial Partial Partial
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.
27453 CVE-2001-0317 +Priv 2001-05-03 2017-10-09
3.7
None Local High Not required Partial Partial Partial
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.
27454 CVE-2001-0627 2001-08-22 2017-10-09
3.7
User Local High Not required Partial Partial Partial
vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.
27455 CVE-2001-1085 2001-07-05 2017-10-09
3.7
User Local High Not required Partial Partial Partial
Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
27456 CVE-2001-1349 DoS +Priv 2001-05-28 2008-09-05
3.7
User Local High Not required Partial Partial Partial
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.
27457 CVE-2002-0430 Bypass 2002-08-12 2008-09-10
3.7
User Local High Not required Partial Partial Partial
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.
27458 CVE-2002-2092 +Priv 2002-12-31 2017-12-18
3.7
User Local High Not required Partial Partial Partial
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid.
27459 CVE-2003-0480 +Priv 2003-08-07 2016-10-17
3.7
User Local High Not required Partial Partial Partial
VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."
27460 CVE-2003-0924 2004-02-17 2017-10-09
3.7
User Local High Not required Partial Partial Partial
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
27461 CVE-2003-1058 DoS 2003-12-03 2018-10-30
3.7
User Local High Not required Partial Partial Partial
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.
27462 CVE-2003-1120 2003-12-31 2017-07-10
3.7
None Local High Not required Partial Partial Partial
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.
27463 CVE-2004-0217 2004-04-15 2017-07-10
3.7
User Local High Not required Partial Partial Partial
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.
27464 CVE-2004-1445 +Priv 2004-12-31 2017-07-10
3.7
User Local High Not required Partial Partial Partial
A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.
27465 CVE-2004-1465 Exec Code Overflow 2004-12-31 2017-07-10
3.7
User Local High Not required Partial Partial Partial
Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.
27466 CVE-2004-1683 +Priv 2004-09-13 2017-07-10
3.7
User Local High Not required Partial Partial Partial
A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.
27467 CVE-2004-2626 2004-12-31 2017-07-19
3.7
User Local High Not required Partial Partial Partial
GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.
27468 CVE-2004-2643 1 Dir. Trav. 2004-12-31 2017-07-19
3.7
User Local High Not required Partial Partial Partial
Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive.
27469 CVE-2005-0953 2005-05-02 2018-10-19
3.7
None Local High Not required Partial Partial Partial
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
27470 CVE-2005-0988 2005-05-02 2017-10-10
3.7
None Local High Not required Partial Partial Partial
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
27471 CVE-2005-1039 2005-05-02 2008-09-05
3.7
None Local High Not required Partial Partial Partial
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.
27472 CVE-2005-1111 2005-05-02 2017-10-10
3.7
None Local High Not required Partial Partial Partial
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
27473 CVE-2005-1727 2005-06-08 2008-09-05
3.7
None Local High Not required Partial Partial Partial
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."
27474 CVE-2005-1751 2005-05-25 2018-05-02
3.7
None Local High Not required Partial Partial Partial
Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
27475 CVE-2005-1768 DoS Exec Code Overflow 2005-07-11 2017-10-10
3.7
User Local High Not required Partial Partial Partial
Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.
27476 CVE-2005-1941 Exec Code 2005-06-08 2008-09-05
3.7
User Local High Not required Partial Partial Partial
SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.
27477 CVE-2005-1993 +Priv 2005-06-20 2018-10-19
3.7
None Local High Not required Partial Partial Partial
Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
27478 CVE-2005-2306 +Priv 2005-07-19 2008-09-05
3.7
User Local High Not required Partial Partial Partial
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.
27479 CVE-2005-4268 119 DoS Exec Code Overflow 2005-12-15 2018-10-03
3.7
User Local High Not required Partial Partial Partial
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.
27480 CVE-2005-4667 119 Exec Code Overflow 2005-12-31 2018-10-19
3.7
User Local High Not required Partial Partial Partial
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
27481 CVE-2006-1057 362 +Priv 2006-04-24 2018-10-03
3.7
User Local High Not required Partial Partial Partial
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
27482 CVE-2006-1166 2006-03-12 2017-07-19
3.7
User Local High Not required Partial Partial Partial
Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone.
27483 CVE-2006-1174 264 2006-05-28 2018-10-18
3.7
User Local High Not required Partial Partial Partial
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
27484 CVE-2006-1198 Bypass 2006-03-13 2018-10-18
3.7
User Local High Not required Partial Partial Partial
Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product's blocking functionality by decrypting the password.
27485 CVE-2006-1335 2006-03-20 2017-07-19
3.7
User Local High Not required Partial Partial Partial
gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.
27486 CVE-2006-1542 Overflow +Priv 2006-03-30 2017-10-18
3.7
User Local High Not required Partial Partial Partial
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected.
27487 CVE-2006-1830 Exec Code 2006-04-19 2017-07-19
3.7
User Local High Not required Partial Partial Partial
Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors.
27488 CVE-2006-2035 Bypass 2006-04-25 2018-10-18
3.7
User Local High Not required Partial Partial Partial
Websense, when configured to permit access to the dynamic content category, allows local users to bypass intended blocking of the Uncategorized category by appending a "/?" sequence to a URL.
27489 CVE-2006-2452 +Priv 2006-06-09 2018-10-03
3.7
User Local High Not required Partial Partial Partial
GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges.
27490 CVE-2006-4393 2006-10-03 2017-07-19
3.7
User Local High Not required Partial Partial Partial
Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.
27491 CVE-2006-4886 Bypass 2006-09-19 2018-10-17
3.7
User Local High Not required Partial Partial Partial
The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition.
27492 CVE-2007-0235 119 DoS Exec Code Overflow 2007-01-16 2017-10-10
3.7
None Local High Not required Partial Partial Partial
Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor.
27493 CVE-2007-0472 2007-02-03 2010-09-15
3.7
User Local High Not required Partial Partial Partial
Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.
27494 CVE-2007-0775 DoS Exec Code 2007-02-26 2018-10-16
3.7
User Local High Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.
27495 CVE-2007-1742 2007-04-13 2008-11-13
3.7
User Local High Not required Partial Partial Partial
suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
27496 CVE-2008-0883 59 2008-03-05 2017-08-07
3.7
None Local High Not required Partial Partial Partial
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.
27497 CVE-2008-1142 264 2008-04-07 2009-02-26
3.7
User Local High Not required Partial Partial Partial
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
27498 CVE-2008-1696 22 Dir. Trav. 2008-04-08 2017-09-28
3.7
None Local High Not required Partial Partial Partial
Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the prefixdir parameter.
27499 CVE-2008-3294 94 Exec Code 2008-07-24 2018-10-11
3.7
User Local High Not required Partial Partial Partial
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure.
27500 CVE-2008-4229 362 2008-11-25 2008-12-03
3.7
None Local High Not required Partial Partial Partial
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.
Total number of vulnerabilities : 34029   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 (This Page)551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.