CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3701 CVE-2005-0985 DoS 2005-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver.
3702 CVE-2005-0977 DoS 2005-05-02 2018-10-19
2.1
None Local Low Not required None None Partial
The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address.
3703 CVE-2005-0975 DoS 2005-05-02 2017-07-10
2.1
None Local Low Not required None None Partial
Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header.
3704 CVE-2005-0973 DoS 2005-05-12 2008-09-05
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 and earlier allows local users to cause a denial of service (memory exhaustion) via crafted arguments.
3705 CVE-2005-0963 2005-05-02 2017-07-10
2.1
None Local Low Not required None None Partial
An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine the first slot in the Master Boot Record (MBR) table for an active partition, which prevents the system from booting even though the MBR is not malformed. NOTE: it has been debated as to whether or not this issue poses a security vulnerability, since administrative privileges would be required, and other DoS attacks are possible with such privileges.
3706 CVE-2005-0923 DoS 2005-05-02 2008-09-05
2.1
None Local Low Not required None None Partial
The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share.
3707 CVE-2005-0916 DoS 2005-05-02 2008-09-05
2.1
None Local Low Not required None None Partial
AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with CONFIG_HUGETLB_PAGE enabled allows local users to cause a denial of service (system panic) via a process that executes the io_queue_init function but exits without running io_queue_release, which causes exit_aio and is_hugepage_only_range to fail.
3708 CVE-2005-0905 2005-05-02 2016-10-17
2.6
None Remote High Not required Partial None None
Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property.
3709 CVE-2005-0904 20 2005-05-02 2017-07-10
2.1
None Local Low Not required None None Partial
Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.
3710 CVE-2005-0903 DoS Overflow 2005-05-02 2016-10-17
2.6
None Remote High Not required None None Partial
Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data.
3711 CVE-2005-0899 2005-05-02 2016-10-17
2.1
None Local Low Not required Partial None None
AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search.
3712 CVE-2005-0866 2005-05-02 2018-10-03
2.1
None Local Low Not required None Partial None
cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
3713 CVE-2005-0852 DoS 2005-05-02 2008-09-05
2.1
None Local Low Not required None None Partial
Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
3714 CVE-2005-0824 2005-05-02 2008-09-05
2.1
None Local Low Not required None Partial None
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.
3715 CVE-2005-0822 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy.
3716 CVE-2005-0787 +Info 2005-05-02 2017-07-10
2.1
None Local Low Not required Partial None None
Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords.
3717 CVE-2005-0757 DoS 2005-05-18 2017-10-10
2.1
None Local Low Not required None None Partial
The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled.
3718 CVE-2005-0756 399 DoS 2005-06-08 2018-10-19
2.1
None Local Low Not required None None Partial
ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on the amd64 platform, which allows local users to cause a denial of service (kernel crash).
3719 CVE-2005-0736 Overflow 2005-03-09 2018-10-03
2.1
None Local Low Not required None Partial None
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
3720 CVE-2005-0719 DoS 2005-03-09 2017-07-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd.
3721 CVE-2005-0715 2005-03-21 2008-09-05
2.1
None Local Low Not required Partial None None
AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box.
3722 CVE-2005-0711 2005-05-02 2018-10-03
2.1
None Local Low Not required None Partial None
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
3723 CVE-2005-0690 +Priv 2005-03-07 2016-10-17
2.1
None Local Low Not required None Partial None
Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command.
3724 CVE-2005-0664 DoS Exec Code Overflow 2005-05-02 2018-10-03
2.6
None Remote High Not required None None Partial
Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag.
3725 CVE-2005-0652 2005-05-02 2017-07-10
2.1
None Local Low Not required Partial None None
Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files.
3726 CVE-2005-0631 2005-03-01 2017-07-10
2.1
None Local Low Not required None None Partial
delpm.php in PBLang 4.63 allows remote authenticated users to delete arbitrary PM files by modifying the "id" and "a" parameters.
3727 CVE-2005-0630 2005-03-01 2017-07-10
2.1
None Local Low Not required Partial None None
sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter.
3728 CVE-2005-0626 2005-03-08 2018-10-03
2.6
None Remote High Not required Partial None None
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
3729 CVE-2005-0625 2005-02-28 2017-07-10
2.1
None Local Low Not required Partial None None
reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd.
3730 CVE-2005-0624 2005-02-28 2017-07-10
2.1
None Local Low Not required Partial None None
reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords.
3731 CVE-2005-0620 2005-03-02 2008-09-05
2.1
None Local Low Not required Partial None None
Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information.
3732 CVE-2005-0619 +Priv 2005-02-28 2017-10-18
2.1
None Local Low Not required Partial None None
Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges.
3733 CVE-2005-0596 DoS 2005-05-02 2008-09-05
2.1
None Local Low Not required None None Partial
PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.
3734 CVE-2005-0593 2005-03-04 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site.
3735 CVE-2005-0591 2005-05-02 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."
3736 CVE-2005-0587 2005-03-25 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.
3737 CVE-2005-0586 2005-05-02 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
3738 CVE-2005-0585 2005-03-25 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
3739 CVE-2005-0584 2005-05-02 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.
3740 CVE-2005-0580 2005-02-25 2008-09-05
2.1
None Local Low Not required Partial None None
cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file.
3741 CVE-2005-0578 2005-05-02 2017-10-10
2.1
None Local Low Not required None None Partial
Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.
3742 CVE-2005-0550 DoS Overflow 2005-05-02 2018-10-12
2.1
None Local Low Not required None None Partial
Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
3743 CVE-2005-0532 Overflow 2005-05-02 2016-10-17
2.1
None Local Low Not required None None Partial
The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types.
3744 CVE-2005-0531 Overflow 2005-05-02 2017-10-10
2.1
None Local Low Not required None Partial None
The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments.
3745 CVE-2005-0530 2005-05-02 2017-10-18
2.1
None Local Low Not required Partial None None
Signedness error in the copy_from_read_buf function in n_tty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument.
3746 CVE-2005-0529 Overflow 2005-05-02 2017-10-10
2.1
None Local Low Not required Partial None None
Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context.
3747 CVE-2005-0521 +Priv 2005-02-23 2008-09-05
2.1
None Local Low Not required Partial None None
SendLink 1.5 stores sensitive information, possibly including passwords, in plaintext in the data.eat file, which allows local users to gain privileges.
3748 CVE-2005-0518 +Priv 2005-02-23 2008-09-05
2.1
None Local Low Not required Partial None None
eXeem 0.21 stores sensitive information such as passwords in plaintext in the Exeem registry key, which allows local users to gain privileges via the proxy_user and proxy_password values.
3749 CVE-2005-0517 +Priv 2005-02-23 2008-09-05
2.1
None Local Low Not required Partial None None
PeerFTP_5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges.
3750 CVE-2005-0515 2005-05-18 2008-09-05
2.1
None Local Low Not required None Partial None
Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before launching the Log Viewer export functionality, which allows local users to corrupt arbitrary files by saving log files.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 (This Page)76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.