CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3351 CVE-2005-2752 200 +Info 2005-11-01 2008-09-05
2.1
None Local Low Not required Partial None None
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.
3352 CVE-2005-2751 2005-11-01 2017-07-10
2.1
None Local Low Not required Partial None None
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.
3353 CVE-2005-2750 2005-11-01 2017-07-10
2.1
None Local Low Not required None Partial None
Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed.
3354 CVE-2005-2749 2005-11-01 2017-07-10
2.1
None Local Low Not required None Partial None
Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability.
3355 CVE-2005-2748 2005-10-25 2008-09-05
2.1
None Local Low Not required None Partial None
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.
3356 CVE-2005-2739 2005-11-01 2017-07-10
2.1
None Local Low Not required Partial None None
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.
3357 CVE-2005-2731 Dir. Trav. 2005-08-30 2016-10-17
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.
3358 CVE-2005-2725 2005-08-30 2017-07-10
2.1
None Local Low Not required Partial None None
The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier versions does not properly check permissions when the -t flag is specified, which allows local users to read arbitrary files.
3359 CVE-2005-2708 399 DoS 2005-10-25 2018-10-19
2.1
None Local Low Not required None None Partial
The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command.
3360 CVE-2005-2689 XSS 2005-08-24 2008-09-05
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.
3361 CVE-2005-2672 2005-08-23 2018-10-03
2.1
None Local Low Not required None Partial None
pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.
3362 CVE-2005-2664 2005-08-23 2016-10-17
2.1
None Local Low Not required Partial None None
Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory.
3363 CVE-2005-2663 2005-09-21 2017-07-10
2.1
None Local Low Not required None Partial None
masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log file.
3364 CVE-2005-2660 2005-09-30 2008-09-05
2.1
None Local Low Not required None Partial None
apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3365 CVE-2005-2656 DoS 2005-09-06 2008-09-05
2.1
None Local Low Not required None None Partial
Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities.
3366 CVE-2005-2602 2005-08-17 2008-09-05
2.6
None Remote High Not required None Partial None
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.
3367 CVE-2005-2586 +Info 2005-08-16 2016-10-17
2.1
None Local Low Not required Partial None None
Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information.
3368 CVE-2005-2554 2005-08-12 2017-07-10
2.1
None Local Low Not required Partial None None
The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.
3369 CVE-2005-2553 DoS 2005-08-12 2018-10-19
2.1
None Local Low Not required None None Partial
The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return value from another function, which allows local users to cause a denial of service (kernel crash/oops) by running a 32-bit ltrace program with the -i option on a 64-bit executable program.
3370 CVE-2005-2534 DoS 2005-08-24 2008-09-05
2.6
None Remote High Not required None None Partial
Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.
3371 CVE-2005-2533 DoS 2005-08-24 2008-09-05
2.1
None Local Low Not required None None Partial
OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses.
3372 CVE-2005-2520 2005-08-19 2008-09-05
2.1
None Local Low Not required Partial None None
The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.
3373 CVE-2005-2517 2005-08-19 2008-09-05
2.6
None Remote High Not required Partial None None
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
3374 CVE-2005-2512 2005-08-19 2008-09-05
2.1
None Local Low Not required Partial None None
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
3375 CVE-2005-2509 2005-08-19 2008-09-05
2.1
None Local Low Not required None Partial None
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
3376 CVE-2005-2499 DoS 2005-08-23 2017-10-10
2.1
None Local Low Not required None None Partial
slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure.
3377 CVE-2005-2487 DoS 2005-08-07 2017-07-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Sun McData switches and directors 4300, 4500, 6064, and 6140 before E/OS 6.0.0 may allow attackers to cause a denial of service (connectivity and array access loss) via a network broadcast storm.
3378 CVE-2005-2462 +Priv 2005-12-31 2016-10-17
2.1
None Local Low Not required Partial None None
Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges.
3379 CVE-2005-2456 DoS Exec Code Overflow 2005-08-04 2018-10-19
2.1
None Local Low Not required None None Partial
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.
3380 CVE-2005-2451 DoS Exec Code 2005-08-03 2017-10-10
2.1
None Local Low Not required None None Partial
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
3381 CVE-2005-2444 +Info 2005-08-03 2017-07-10
2.1
None Local Low Not required Partial None None
Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information.
3382 CVE-2005-2426 DoS 2005-08-03 2017-07-10
2.1
None Local Low Not required None None Partial
FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command.
3383 CVE-2005-2414 DoS 2005-08-03 2017-07-10
2.6
None Remote High Not required None None Partial
Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.
3384 CVE-2005-2407 Exec Code 2005-08-01 2010-08-18
2.6
None Remote High Not required None Partial None
A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".
3385 CVE-2005-2353 2005-08-05 2018-10-03
2.1
None Local Low Not required None Partial None
run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
3386 CVE-2005-2343 DoS 2005-12-31 2008-09-05
2.6
None Remote High Not required None None Partial
Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed.
3387 CVE-2005-2311 2005-07-19 2008-09-05
2.1
None Local Low Not required None Partial None
SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files.
3388 CVE-2005-2302 2005-07-19 2016-10-17
2.1
None Local Low Not required None None Partial
PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.
3389 CVE-2005-2300 2005-07-19 2016-10-17
2.1
None Local Low Not required None Partial None
Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file.
3390 CVE-2005-2294 2005-07-18 2017-07-10
2.1
None Local Low Not required Partial None None
Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.
3391 CVE-2005-2293 +Info 2005-07-18 2017-07-10
2.1
None Local Low Not required Partial None None
Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
3392 CVE-2005-2292 +Info 2005-07-18 2017-07-10
2.1
None Local Low Not required Partial None None
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
3393 CVE-2005-2283 DoS 2005-07-18 2008-09-05
2.1
None Local Low Not required None None Partial
WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file.
3394 CVE-2005-2274 2005-07-13 2008-09-05
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
3395 CVE-2005-2273 2005-07-13 2008-09-05
2.6
None Remote High Not required None Partial None
Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
3396 CVE-2005-2272 2005-07-13 2017-07-10
2.6
None Remote High Not required None Partial None
Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
3397 CVE-2005-2271 2005-07-13 2008-09-05
2.6
None Remote High Not required None Partial None
iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
3398 CVE-2005-2268 2005-07-13 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
3399 CVE-2005-2240 2005-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file.
3400 CVE-2005-2238 DoS 2005-07-12 2008-09-05
2.1
None Local Low Not required None None Partial
ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.
Total number of vulnerabilities : 4356   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 (This Page)69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.