CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3451 CVE-2005-3137 2005-10-05 2017-07-10
2.1
None Local Low Not required None Partial None
The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.
3452 CVE-2005-3124 2005-11-06 2008-09-05
2.1
None Local Low Not required None Partial None
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
3453 CVE-2005-3121 2005-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations.
3454 CVE-2005-3119 399 DoS 2005-10-12 2017-10-10
2.1
None Local Low Not required None None Partial
Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys.
3455 CVE-2005-3115 2005-09-30 2008-09-05
2.1
None Local Low Not required None Partial None
mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, which allows local users to overwrite arbitrary files via (1) ts.stat, (2) ts.mpg, (3) foobar, (4) blockbar, or (5) foobar[NNN].
3456 CVE-2005-3112 2005-09-30 2008-09-05
2.1
None Local Low Not required Partial None None
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords.
3457 CVE-2005-3111 2005-09-30 2017-07-10
2.1
None Local Low Not required None Partial None
The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.
3458 CVE-2005-3110 DoS 2005-09-30 2018-10-19
2.6
None Remote High Not required None None Partial
Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be modified after it has been read but before it has been locked.
3459 CVE-2005-3109 399 DoS 2005-09-30 2018-10-19
2.1
None Local Low Not required None None Partial
The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus.
3460 CVE-2005-3108 DoS +Info 2005-09-30 2017-10-10
2.1
None Local Low Not required None None Partial
mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist.
3461 CVE-2005-3107 DoS 2005-09-30 2018-08-13
2.1
None Local Low Not required None None Partial
fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state.
3462 CVE-2005-3105 DoS 2005-09-30 2018-08-13
2.1
None Local Low Not required None None Partial
The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections.
3463 CVE-2005-3104 2005-09-28 2008-09-05
2.6
None Remote High Not required None Partial None
mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.
3464 CVE-2005-3089 DoS 2005-09-28 2017-10-10
2.6
None Remote High Not required None None Partial
Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability.
3465 CVE-2005-3088 200 +Info 2005-10-27 2018-10-03
2.1
None Local Low Not required Partial None None
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
3466 CVE-2005-3071 DoS 2005-09-27 2018-10-30
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.
3467 CVE-2005-3069 2005-09-27 2008-09-05
2.1
None Local Low Not required None Partial None
xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file.
3468 CVE-2005-3055 20 DoS 2005-09-26 2018-10-19
2.1
None Local Low Not required None None Partial
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.
3469 CVE-2005-3054 2005-09-26 2018-10-03
2.1
None Local Low Not required Partial None None
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.
3470 CVE-2005-3053 DoS 2005-09-26 2018-10-19
2.1
None Local Low Not required None None Partial
The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument.
3471 CVE-2005-3044 DoS 2005-09-22 2018-10-19
2.1
None Local Low Not required None None Partial
Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems.
3472 CVE-2005-3021 2005-09-21 2017-07-10
2.1
None Local Low Not required None Partial None
image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action.
3473 CVE-2005-3012 2005-09-21 2008-09-05
2.1
None Local Low Not required Partial None None
The MasterDataCD::createImage function in masterdatacd.cpp for SimpleCDR-X 1.3.3 creates the .temp temporary directory with insecure permissions, which allows local users to read sensitive ISO images.
3474 CVE-2005-3007 2005-09-21 2017-07-10
2.6
None Remote High Not required None Partial None
Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.
3475 CVE-2005-3001 DoS 2005-09-20 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
3476 CVE-2005-2992 2005-10-13 2016-10-17
2.1
None Local Low Not required None Partial None
arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.
3477 CVE-2005-2991 2005-09-20 2016-10-17
2.1
None Local Low Not required None Partial None
ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.
3478 CVE-2005-2990 2005-09-19 2008-09-05
2.1
None Local Low Not required Partial None None
AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores sensitive information such as user passwords in log files.
3479 CVE-2005-2977 2005-11-01 2017-10-10
2.1
None Local Low Not required Partial None None
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
3480 CVE-2005-2974 DoS 2005-11-03 2018-10-19
2.6
None Remote High Not required None None Partial
libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference.
3481 CVE-2005-2973 DoS 2005-10-27 2018-10-19
2.1
None Local Low Not required None None Partial
The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).
3482 CVE-2005-2962 2005-09-30 2008-09-05
2.1
None Local Low Not required Partial None None
The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password.
3483 CVE-2005-2960 2005-10-05 2017-07-10
2.1
None Local Low Not required None Partial None
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
3484 CVE-2005-2948 Bypass 2005-09-16 2016-10-17
2.1
None Local Low Not required None Partial None
KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multiple processes at the same time, which are not all killed by KillProcess.
3485 CVE-2005-2945 2005-09-16 2016-10-17
2.1
None Local Low Not required Partial None None
arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).
3486 CVE-2005-2879 Bypass 2005-09-14 2016-10-17
2.1
None Local Low Not required Partial None None
Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwords, which allows local users to gain sensitive information and bypass USB interface protection.
3487 CVE-2005-2873 2005-09-09 2017-10-10
2.1
None Local Low Not required None None Partial
The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early, a different vulnerability than CVE-2005-2872.
3488 CVE-2005-2868 +Info 2005-09-08 2008-09-05
2.1
None Local Low Not required Partial None None
ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the pref.txt file, which allows local users to obtain sensitive information such as proxy server information and passwords.
3489 CVE-2005-2864 2005-09-08 2016-10-17
2.1
None Local Low Not required None Partial None
URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files.
3490 CVE-2005-2851 2005-09-08 2008-09-05
2.1
None Local Low Not required Partial None None
smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files.
3491 CVE-2005-2809 2005-09-07 2008-09-05
2.1
None Local Low Not required None Partial None
silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file.
3492 CVE-2005-2800 399 DoS 2005-09-06 2018-10-19
2.1
None Local Low Not required None None Partial
Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error.
3493 CVE-2005-2785 +Info 2005-09-02 2017-07-10
2.1
None Local Low Not required Partial None None
cosmoshop 8.10.78 and earlier stores passwords in plaintext in the database, which allows local users to obtain sensitive information.
3494 CVE-2005-2766 +Info 2005-09-02 2016-10-17
2.1
None Local Low Not required Partial None None
Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server.
3495 CVE-2005-2765 2005-09-01 2008-09-05
2.1
None Local Low Not required None Partial None
The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included.
3496 CVE-2005-2762 2005-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.
3497 CVE-2005-2755 DoS 2005-11-05 2018-10-19
2.6
None Remote High Not required None None Partial
Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference.
3498 CVE-2005-2752 200 +Info 2005-11-01 2008-09-05
2.1
None Local Low Not required Partial None None
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.
3499 CVE-2005-2751 2005-11-01 2017-07-10
2.1
None Local Low Not required Partial None None
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.
3500 CVE-2005-2750 2005-11-01 2017-07-10
2.1
None Local Low Not required None Partial None
Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed.
Total number of vulnerabilities : 4508   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 (This Page)71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.