CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3701 CVE-2004-1449 2004-12-31 2008-09-05
2.6
None Remote High Not required Partial None None
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
3702 CVE-2004-1438 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3703 CVE-2004-1411 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image whose filename does not start with restricted characters.
3704 CVE-2004-1396 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.
3705 CVE-2004-1387 2004-12-31 2018-10-03
2.1
None Local Low Not required None Partial None
The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3706 CVE-2004-1382 2004-12-31 2016-10-17
2.1
None Local Low Not required None Partial None
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.
3707 CVE-2004-1377 2004-12-27 2017-07-10
2.1
None Local Low Not required None Partial None
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
3708 CVE-2004-1360 2004-02-27 2018-10-30
2.1
None Local Low Not required None Partial None
Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.
3709 CVE-2004-1356 DoS 2004-04-23 2018-10-30
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
3710 CVE-2004-1355 DoS 2004-04-26 2018-10-30
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
3711 CVE-2004-1349 2004-10-04 2018-10-30
2.1
None Local Low Not required Partial None None
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
3712 CVE-2004-1346 DoS 2004-06-19 2017-10-10
2.1
None Local Low Not required None None Partial
The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.
3713 CVE-2004-1340 +Info 2005-01-26 2017-07-10
2.1
None Local Low Not required Partial None None
Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.
3714 CVE-2004-1336 2004-12-23 2017-07-10
2.1
None Local Low Not required None Partial None
The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
3715 CVE-2004-1335 DoS 2004-12-15 2017-10-10
2.1
None Local Low Not required None None Partial
Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.
3716 CVE-2004-1334 DoS Overflow 2004-12-15 2017-07-10
2.1
None Local Low Not required None None Partial
Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow.
3717 CVE-2004-1333 DoS Overflow 2004-12-15 2018-10-03
2.1
None Local Low Not required None None Partial
Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.
3718 CVE-2004-1331 Bypass 2004-11-16 2017-07-10
2.6
None Remote High Not required None Partial None
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
3719 CVE-2004-1324 2004-12-18 2017-07-10
2.6
None Remote High Not required None Partial None
The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.
3720 CVE-2004-1323 DoS 2004-12-16 2017-07-10
2.1
None Local Low Not required None None Partial
Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions.
3721 CVE-2004-1296 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
3722 CVE-2004-1295 DoS 2005-01-10 2017-07-10
2.1
None Local Low Not required None None Partial
The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled).
3723 CVE-2004-1276 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP.
3724 CVE-2004-1270 2005-01-10 2018-10-03
2.1
None Local Low Not required None Partial None
lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.
3725 CVE-2004-1268 2005-01-10 2018-10-03
2.1
None Local Low Not required None Partial None
lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.
3726 CVE-2004-1237 DoS 2005-04-14 2017-10-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.
3727 CVE-2004-1234 DoS 2004-12-31 2017-10-10
2.1
None Local Low Not required None None Partial
load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.
3728 CVE-2004-1204 DoS Overflow 2005-01-10 2017-07-10
2.1
None Local Low Not required None None Partial
FluxBox 0.9.10 and earlier versions allows local users to cause a denial of service (application crash) by calling Xman with a long -title value, possibly triggering a buffer overflow.
3729 CVE-2004-1190 2005-01-10 2017-10-10
2.1
None Local Low Not required None Partial None
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
3730 CVE-2004-1179 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories.
3731 CVE-2004-1171 2005-01-10 2017-07-10
2.1
None Local Low Not required Partial None None
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
3732 CVE-2004-1110 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.
3733 CVE-2004-1108 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.
3734 CVE-2004-1107 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
3735 CVE-2004-1087 2004-12-02 2017-07-10
2.1
None Local Low Not required None Partial None
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user.
3736 CVE-2004-1085 2004-12-02 2017-07-10
2.1
None Local Low Not required None None Partial
Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode.
3737 CVE-2004-1081 2004-12-02 2017-07-10
2.1
None Local Low Not required Partial None None
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session.
3738 CVE-2004-1074 DoS 2005-01-10 2017-10-10
2.1
None Local Low Not required None None Partial
The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.
3739 CVE-2004-1073 2005-01-10 2017-10-10
2.1
None Local Low Not required Partial None None
The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
3740 CVE-2004-1033 Bypass 2005-03-01 2017-07-10
2.1
None Local Low Not required Partial None None
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.
3741 CVE-2004-1032 2005-03-01 2017-07-10
2.1
None Local Low Not required None Partial None
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string.
3742 CVE-2004-1030 2005-03-01 2017-07-10
2.1
None Local Low Not required Partial None None
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message.
3743 CVE-2004-1023 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.
3744 CVE-2004-1022 2005-01-10 2017-07-10
2.1
None Local Low Not required Partial None None
Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software.
3745 CVE-2004-1016 DoS 2005-01-10 2018-05-02
2.1
None Local Low Not required None None Partial
The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.
3746 CVE-2004-1000 2004-01-10 2017-07-10
2.1
None Local Low Not required None None Partial
lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.
3747 CVE-2004-0999 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
zgv 5.5.3 allows remote attackers to cause a denial of service (application crash via segmentation fault) via crafted multiple-image (animated) GIF images.
3748 CVE-2004-0996 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
3749 CVE-2004-0977 2005-02-09 2017-10-10
2.1
None Local Low Not required None Partial None
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
3750 CVE-2004-0976 2005-02-09 2017-10-10
2.1
None Local Low Not required None Partial None
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
Total number of vulnerabilities : 4392   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 (This Page)76 77 78 79 80 81 82 83 84 85 86 87 88
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.