CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3801 CVE-2004-1902 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.
3802 CVE-2004-1895 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.
3803 CVE-2004-1894 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log.
3804 CVE-2004-1877 2004-03-30 2017-07-10
2.6
None Remote High Not required Partial None None
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
3805 CVE-2004-1857 Dir. Trav. 2004-03-24 2017-07-10
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
3806 CVE-2004-1834 2004-03-20 2017-10-10
2.1
None Local Low Not required Partial None None
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3807 CVE-2004-1808 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.
3808 CVE-2004-1795 2004-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI.
3809 CVE-2004-1753 2004-12-31 2017-07-10
2.6
None Remote High Not required None Partial None
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
3810 CVE-2004-1748 DoS 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
NtRegmon before 6.12 allows local users to cause a denial of service (crash), while NtRegmon is running, via invalid pointers to hook functions such as ZwSetQueryValue.
3811 CVE-2004-1718 DoS 2004-08-17 2017-07-10
2.1
None Local Low Not required None None Partial
The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument.
3812 CVE-2004-1714 DoS 2004-08-11 2017-07-10
2.1
None Local Low Not required None None Partial
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
3813 CVE-2004-1713 2004-08-10 2017-07-10
2.1
None Local Low Not required None Partial None
Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files.
3814 CVE-2004-1709 2004-08-04 2017-07-10
2.1
None Local Low Not required Partial None None
Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users.
3815 CVE-2004-1689 2004-09-16 2017-07-10
2.1
None Local Low Not required Partial None None
sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.
3816 CVE-2004-1615 DoS 2004-10-18 2017-07-10
2.6
None Remote High Not required None None Partial
Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme.
3817 CVE-2004-1586 2004-12-31 2016-10-17
2.1
None Local Low Not required None Partial None
Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected.
3818 CVE-2004-1500 DoS 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message.
3819 CVE-2004-1495 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP archive.
3820 CVE-2004-1490 2004-12-31 2017-07-10
2.6
None Remote High Not required None Partial None
Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers.
3821 CVE-2004-1489 2004-12-31 2008-09-05
2.6
None Remote High Not required Partial None None
Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.
3822 CVE-2004-1453 2004-12-31 2017-10-10
2.1
None Local Low Not required Partial None None
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
3823 CVE-2004-1451 2004-12-31 2008-09-05
2.6
None Remote High Not required None Partial None
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
3824 CVE-2004-1449 2004-12-31 2008-09-05
2.6
None Remote High Not required Partial None None
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
3825 CVE-2004-1438 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3826 CVE-2004-1411 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image whose filename does not start with restricted characters.
3827 CVE-2004-1396 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.
3828 CVE-2004-1387 2004-12-31 2018-10-03
2.1
None Local Low Not required None Partial None
The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3829 CVE-2004-1382 2004-12-31 2016-10-17
2.1
None Local Low Not required None Partial None
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.
3830 CVE-2004-1377 2004-12-27 2017-07-10
2.1
None Local Low Not required None Partial None
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
3831 CVE-2004-1360 2004-02-27 2018-10-30
2.1
None Local Low Not required None Partial None
Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.
3832 CVE-2004-1356 DoS 2004-04-23 2018-10-30
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
3833 CVE-2004-1355 DoS 2004-04-26 2018-10-30
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
3834 CVE-2004-1349 2004-10-04 2018-10-30
2.1
None Local Low Not required Partial None None
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
3835 CVE-2004-1346 DoS 2004-06-19 2017-10-10
2.1
None Local Low Not required None None Partial
The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.
3836 CVE-2004-1340 +Info 2005-01-26 2017-07-10
2.1
None Local Low Not required Partial None None
Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.
3837 CVE-2004-1336 2004-12-23 2017-07-10
2.1
None Local Low Not required None Partial None
The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
3838 CVE-2004-1335 DoS 2004-12-15 2017-10-10
2.1
None Local Low Not required None None Partial
Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.
3839 CVE-2004-1334 DoS Overflow 2004-12-15 2017-07-10
2.1
None Local Low Not required None None Partial
Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow.
3840 CVE-2004-1333 DoS Overflow 2004-12-15 2018-10-03
2.1
None Local Low Not required None None Partial
Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.
3841 CVE-2004-1331 Bypass 2004-11-16 2017-07-10
2.6
None Remote High Not required None Partial None
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
3842 CVE-2004-1324 2004-12-18 2017-07-10
2.6
None Remote High Not required None Partial None
The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.
3843 CVE-2004-1323 DoS 2004-12-16 2017-07-10
2.1
None Local Low Not required None None Partial
Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions.
3844 CVE-2004-1296 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
3845 CVE-2004-1295 DoS 2005-01-10 2017-07-10
2.1
None Local Low Not required None None Partial
The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled).
3846 CVE-2004-1276 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP.
3847 CVE-2004-1270 2005-01-10 2018-10-03
2.1
None Local Low Not required None Partial None
lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.
3848 CVE-2004-1268 2005-01-10 2018-10-03
2.1
None Local Low Not required None Partial None
lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.
3849 CVE-2004-1237 DoS 2005-04-14 2017-10-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.
3850 CVE-2004-1234 DoS 2004-12-31 2017-10-10
2.1
None Local Low Not required None None Partial
load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.
Total number of vulnerabilities : 4508   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 (This Page)78 79 80 81 82 83 84 85 86 87 88 89 90 91
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.