CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3651 CVE-2004-2398 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
3652 CVE-2004-2395 DoS 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.
3653 CVE-2004-2394 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.
3654 CVE-2004-2365 DoS 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
3655 CVE-2004-2337 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials.
3656 CVE-2004-2331 Bypass +Info 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
3657 CVE-2004-2321 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
3658 CVE-2004-2309 Dir. Trav. 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command.
3659 CVE-2004-2302 DoS 2004-12-31 2017-02-19
2.6
None Local High Not required Partial None Partial
Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files.
3660 CVE-2004-2276 Bypass 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection.
3661 CVE-2004-2258 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab.
3662 CVE-2004-2230 DoS Overflow 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.
3663 CVE-2004-2219 2004-12-31 2017-07-10
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
3664 CVE-2004-2169 DoS 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long file request.
3665 CVE-2004-2136 2004-02-19 2016-10-17
2.1
None Local Low Not required Partial None None
dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
3666 CVE-2004-2135 2004-05-26 2016-10-17
2.1
None Local Low Not required Partial None None
cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
3667 CVE-2004-2097 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.
3668 CVE-2004-2083 2004-02-11 2017-07-10
2.6
None Remote High Not required None Partial None
Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."
3669 CVE-2004-2022 DoS Exec Code Overflow 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
3670 CVE-2004-2014 2004-12-31 2018-10-03
2.6
None Local High Not required None Partial Partial
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.
3671 CVE-2004-2011 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI.
3672 CVE-2004-1983 DoS 2004-05-02 2017-07-10
2.1
None Local Low Not required None None Partial
The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors.
3673 CVE-2004-1957 XSS 2004-04-21 2017-07-10
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php.
3674 CVE-2004-1933 Bypass 2004-04-12 2017-07-10
2.1
None Local Low Not required Partial None None
Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages.
3675 CVE-2004-1922 DoS 2004-04-11 2016-10-17
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size.
3676 CVE-2004-1909 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.
3677 CVE-2004-1907 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13".
3678 CVE-2004-1902 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.
3679 CVE-2004-1895 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.
3680 CVE-2004-1894 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log.
3681 CVE-2004-1877 2004-03-30 2017-07-10
2.6
None Remote High Not required Partial None None
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
3682 CVE-2004-1857 Dir. Trav. 2004-03-24 2017-07-10
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
3683 CVE-2004-1834 2004-03-20 2017-10-10
2.1
None Local Low Not required Partial None None
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3684 CVE-2004-1808 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.
3685 CVE-2004-1795 2004-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI.
3686 CVE-2004-1753 2004-12-31 2017-07-10
2.6
None Remote High Not required None Partial None
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
3687 CVE-2004-1748 DoS 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
NtRegmon before 6.12 allows local users to cause a denial of service (crash), while NtRegmon is running, via invalid pointers to hook functions such as ZwSetQueryValue.
3688 CVE-2004-1718 DoS 2004-08-17 2017-07-10
2.1
None Local Low Not required None None Partial
The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument.
3689 CVE-2004-1714 DoS 2004-08-11 2017-07-10
2.1
None Local Low Not required None None Partial
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
3690 CVE-2004-1713 2004-08-10 2017-07-10
2.1
None Local Low Not required None Partial None
Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files.
3691 CVE-2004-1709 2004-08-04 2017-07-10
2.1
None Local Low Not required Partial None None
Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users.
3692 CVE-2004-1689 2004-09-16 2017-07-10
2.1
None Local Low Not required Partial None None
sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.
3693 CVE-2004-1615 DoS 2004-10-18 2017-07-10
2.6
None Remote High Not required None None Partial
Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme.
3694 CVE-2004-1586 2004-12-31 2016-10-17
2.1
None Local Low Not required None Partial None
Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected.
3695 CVE-2004-1500 DoS 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message.
3696 CVE-2004-1495 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP archive.
3697 CVE-2004-1490 2004-12-31 2017-07-10
2.6
None Remote High Not required None Partial None
Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers.
3698 CVE-2004-1489 2004-12-31 2008-09-05
2.6
None Remote High Not required Partial None None
Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.
3699 CVE-2004-1453 2004-12-31 2017-10-10
2.1
None Local Low Not required Partial None None
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
3700 CVE-2004-1451 2004-12-31 2008-09-05
2.6
None Remote High Not required None Partial None
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
Total number of vulnerabilities : 4392   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 (This Page)75 76 77 78 79 80 81 82 83 84 85 86 87 88
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.