CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3601 CVE-2005-0143 2005-03-23 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
3602 CVE-2005-0142 2005-05-02 2017-10-10
2.1
None Local Low Not required Partial None None
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.
3603 CVE-2005-0141 2005-05-02 2017-10-10
2.6
None Remote High Not required Partial None None
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
3604 CVE-2005-0137 DoS 2005-05-02 2017-10-10
2.1
None Local Low Not required None None Partial
Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry."
3605 CVE-2005-0136 DoS 2005-12-31 2018-10-30
2.1
None Local Low Not required None None Partial
The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761.
3606 CVE-2005-0135 DoS 2005-05-02 2017-10-10
2.1
None Local Low Not required None None Partial
The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash).
3607 CVE-2005-0124 DoS Exec Code Overflow 2005-04-14 2018-10-19
2.1
None Local Low Not required None None Partial
The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow.
3608 CVE-2005-0120 2005-05-02 2008-09-05
2.1
None Local Low Not required None Partial None
helvis 1.8h2_1 and earlier allows local users to delete arbitrary files via the elvprsv setuid program.
3609 CVE-2005-0119 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program.
3610 CVE-2005-0118 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
helvis 1.8h2_1 and earlier stores recovery files in world readable directories with world readable permissions, which allows local users to read the recovered files of other users.
3611 CVE-2005-0114 DoS 2005-02-11 2008-09-05
2.1
None Local Low Not required None None Partial
vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer.
3612 CVE-2005-0110 Bypass 2005-01-14 2016-10-17
2.6
None Remote High Not required None Partial None
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.
3613 CVE-2005-0099 2005-03-08 2008-09-05
2.1
None Local Low Not required None Partial None
The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files.
3614 CVE-2005-0092 DoS 2005-02-19 2017-10-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).
3615 CVE-2005-0090 DoS 2005-05-02 2017-10-10
2.1
None Local Low Not required None None Partial
A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).
3616 CVE-2005-0077 2005-05-02 2018-10-19
2.1
None Local Low Not required None Partial None
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
3617 CVE-2005-0072 2005-01-24 2017-07-10
2.1
None Local Low Not required Partial None None
zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.
3618 CVE-2005-0023 2005-10-05 2017-07-10
2.1
None Local Low Not required None Partial None
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
3619 CVE-2005-0018 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
3620 CVE-2005-0017 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
3621 CVE-2005-0003 DoS Exec Code 2005-04-14 2017-10-10
2.1
None Local Low Not required None None Partial
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.
3622 CVE-2004-2759 2004-12-31 2017-08-07
2.1
None Local Low Not required Partial None None
Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by accessing data within sparse files.
3623 CVE-2004-2723 255 2004-12-31 2017-07-28
2.1
None Local Low Not required Partial None None
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.
3624 CVE-2004-2722 255 2004-12-31 2017-07-28
2.1
None Local Low Not required Partial None None
** DISPUTED ** Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue.
3625 CVE-2004-2717 22 Dir. Trav. 2004-12-31 2009-04-03
2.6
None Remote High Not required Partial None None
Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters.
3626 CVE-2004-2684 2004-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\templates.
3627 CVE-2004-2683 2004-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server.
3628 CVE-2004-2658 2004-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
3629 CVE-2004-2609 Overflow +Info 2004-12-31 2017-07-19
2.1
None Local Low Not required Partial None None
The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow.
3630 CVE-2004-2607 2004-12-31 2010-04-02
2.1
None Local Low Not required Partial None None
A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer.
3631 CVE-2004-2605 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files.
3632 CVE-2004-2599 DoS Overflow 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon.
3633 CVE-2004-2591 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does not properly overwrite data in files, which allows attackers to recover the data.
3634 CVE-2004-2569 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file.
3635 CVE-2004-2555 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key.
3636 CVE-2004-2547 +Info 2004-12-31 2017-07-10
2.6
None Remote High Not required Partial None None
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
3637 CVE-2004-2544 +Info 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 exports private keys when exporting firewall certificates, which might allow attackers to obtain sensitive information.
3638 CVE-2004-2530 2004-12-31 2017-07-10
2.6
None Remote High Not required None Partial None
Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box.
3639 CVE-2004-2502 1 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a symlink attack on the imswitcher[PID] temporary file.
3640 CVE-2004-2491 2004-12-31 2017-07-10
2.6
None Remote High Not required None Partial None
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.
3641 CVE-2004-2477 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe.
3642 CVE-2004-2476 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.
3643 CVE-2004-2459 2004-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.
3644 CVE-2004-2454 +Info 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml.
3645 CVE-2004-2440 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users.
3646 CVE-2004-2436 +Priv 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.
3647 CVE-2004-2419 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Keene Digital Media Server 1.0.2 allows local users to obtain usernames and passwords by reading the dmscore.db file on the local system.
3648 CVE-2004-2414 +Info 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
3649 CVE-2004-2410 DoS 2004-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).
3650 CVE-2004-2400 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials.
Total number of vulnerabilities : 4392   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 (This Page)74 75 76 77 78 79 80 81 82 83 84 85 86 87 88
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.