CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3851 CVE-2005-2785 +Info 2005-09-02 2017-07-10
2.1
None Local Low Not required Partial None None
cosmoshop 8.10.78 and earlier stores passwords in plaintext in the database, which allows local users to obtain sensitive information.
3852 CVE-2005-2766 +Info 2005-09-02 2016-10-17
2.1
None Local Low Not required Partial None None
Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server.
3853 CVE-2005-2765 2005-09-01 2008-09-05
2.1
None Local Low Not required None Partial None
The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewall interface to monitor exceptions. NOTE: the vendor disputes this issue, saying that since administrative privileges are already required, it is not a vulnerability. CVE has not yet formally decided if such "information hiding" issues should be included.
3854 CVE-2005-2762 2005-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.
3855 CVE-2005-2755 DoS 2005-11-05 2018-10-19
2.6
None Remote High Not required None None Partial
Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference.
3856 CVE-2005-2752 200 +Info 2005-11-01 2008-09-05
2.1
None Local Low Not required Partial None None
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.
3857 CVE-2005-2751 2005-11-01 2017-07-10
2.1
None Local Low Not required Partial None None
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.
3858 CVE-2005-2750 2005-11-01 2017-07-10
2.1
None Local Low Not required None Partial None
Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed.
3859 CVE-2005-2749 2005-11-01 2017-07-10
2.1
None Local Low Not required None Partial None
Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability.
3860 CVE-2005-2748 2005-10-25 2008-09-05
2.1
None Local Low Not required None Partial None
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.
3861 CVE-2005-2739 2005-11-01 2017-07-10
2.1
None Local Low Not required Partial None None
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.
3862 CVE-2005-2731 Dir. Trav. 2005-08-30 2016-10-17
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.
3863 CVE-2005-2725 2005-08-30 2017-07-10
2.1
None Local Low Not required Partial None None
The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier versions does not properly check permissions when the -t flag is specified, which allows local users to read arbitrary files.
3864 CVE-2005-2708 399 DoS 2005-10-25 2018-10-19
2.1
None Local Low Not required None None Partial
The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command.
3865 CVE-2005-2689 XSS 2005-08-24 2008-09-05
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.
3866 CVE-2005-2672 2005-08-23 2018-10-03
2.1
None Local Low Not required None Partial None
pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.
3867 CVE-2005-2664 2005-08-23 2016-10-17
2.1
None Local Low Not required Partial None None
Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory.
3868 CVE-2005-2663 2005-09-21 2017-07-10
2.1
None Local Low Not required None Partial None
masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log file.
3869 CVE-2005-2660 2005-09-30 2008-09-05
2.1
None Local Low Not required None Partial None
apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3870 CVE-2005-2656 DoS 2005-09-06 2008-09-05
2.1
None Local Low Not required None None Partial
Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities.
3871 CVE-2005-2602 2005-08-17 2008-09-05
2.6
None Remote High Not required None Partial None
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.
3872 CVE-2005-2586 +Info 2005-08-16 2016-10-17
2.1
None Local Low Not required Partial None None
Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information.
3873 CVE-2005-2554 2005-08-12 2017-07-10
2.1
None Local Low Not required Partial None None
The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.
3874 CVE-2005-2553 DoS 2005-08-12 2018-10-19
2.1
None Local Low Not required None None Partial
The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return value from another function, which allows local users to cause a denial of service (kernel crash/oops) by running a 32-bit ltrace program with the -i option on a 64-bit executable program.
3875 CVE-2005-2534 DoS 2005-08-24 2008-09-05
2.6
None Remote High Not required None None Partial
Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.
3876 CVE-2005-2533 DoS 2005-08-24 2008-09-05
2.1
None Local Low Not required None None Partial
OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses.
3877 CVE-2005-2520 2005-08-19 2008-09-05
2.1
None Local Low Not required Partial None None
The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.
3878 CVE-2005-2517 2005-08-19 2008-09-05
2.6
None Remote High Not required Partial None None
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
3879 CVE-2005-2512 2005-08-19 2008-09-05
2.1
None Local Low Not required Partial None None
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
3880 CVE-2005-2509 2005-08-19 2008-09-05
2.1
None Local Low Not required None Partial None
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
3881 CVE-2005-2499 DoS 2005-08-23 2017-10-10
2.1
None Local Low Not required None None Partial
slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure.
3882 CVE-2005-2487 DoS 2005-08-07 2017-07-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Sun McData switches and directors 4300, 4500, 6064, and 6140 before E/OS 6.0.0 may allow attackers to cause a denial of service (connectivity and array access loss) via a network broadcast storm.
3883 CVE-2005-2462 +Priv 2005-12-31 2016-10-17
2.1
None Local Low Not required Partial None None
Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges.
3884 CVE-2005-2456 DoS Exec Code Overflow 2005-08-04 2018-10-19
2.1
None Local Low Not required None None Partial
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.
3885 CVE-2005-2451 DoS Exec Code 2005-08-03 2017-10-10
2.1
None Local Low Not required None None Partial
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
3886 CVE-2005-2444 +Info 2005-08-03 2017-07-10
2.1
None Local Low Not required Partial None None
Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information.
3887 CVE-2005-2426 DoS 2005-08-03 2017-07-10
2.1
None Local Low Not required None None Partial
FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command.
3888 CVE-2005-2414 DoS 2005-08-03 2017-07-10
2.6
None Remote High Not required None None Partial
Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.
3889 CVE-2005-2407 Exec Code 2005-08-01 2010-08-18
2.6
None Remote High Not required None Partial None
A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".
3890 CVE-2005-2353 2005-08-05 2018-10-03
2.1
None Local Low Not required None Partial None
run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
3891 CVE-2005-2343 DoS 2005-12-31 2008-09-05
2.6
None Remote High Not required None None Partial
Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed.
3892 CVE-2005-2311 2005-07-19 2008-09-05
2.1
None Local Low Not required None Partial None
SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files.
3893 CVE-2005-2302 2005-07-19 2016-10-17
2.1
None Local Low Not required None None Partial
PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.
3894 CVE-2005-2300 2005-07-19 2016-10-17
2.1
None Local Low Not required None Partial None
Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file.
3895 CVE-2005-2294 2005-07-18 2017-07-10
2.1
None Local Low Not required Partial None None
Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.
3896 CVE-2005-2293 +Info 2005-07-18 2017-07-10
2.1
None Local Low Not required Partial None None
Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
3897 CVE-2005-2292 +Info 2005-07-18 2017-07-10
2.1
None Local Low Not required Partial None None
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
3898 CVE-2005-2283 DoS 2005-07-18 2008-09-05
2.1
None Local Low Not required None None Partial
WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file.
3899 CVE-2005-2274 2005-07-13 2008-09-05
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
3900 CVE-2005-2273 2005-07-13 2008-09-05
2.6
None Remote High Not required None Partial None
Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
Total number of vulnerabilities : 4868   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 (This Page)79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.