CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3851 CVE-2000-1246 119 DoS Overflow 2010-04-05 2010-04-05
3.5
None Remote Medium Single system None None Partial
NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO command after a failed RNFR command.
3852 CVE-2000-1162 2001-01-09 2017-10-09
3.7
None Local High Not required Partial Partial Partial
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.
3853 CVE-2000-1156 2001-01-09 2017-12-18
3.6
None Local Low Not required Partial Partial None
StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.
3854 CVE-2000-1127 2001-01-09 2008-09-05
3.6
None Local Low Not required Partial Partial None
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable.
3855 CVE-2000-1096 Exec Code 2001-01-09 2018-05-02
3.7
None Local High Not required Partial Partial Partial
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
3856 CVE-2000-0880 2000-11-14 2017-12-18
3.6
None Local Low Not required None Partial Partial
LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file.
3857 CVE-2000-0802 2000-10-20 2016-10-17
3.6
None Local Low Not required Partial Partial None
The BAIR program does not properly restrict access to the Internet Explorer Internet options menu, which allows local users to obtain access to the menu by modifying the registry key that starts BAIR.
3858 CVE-2000-0799 +Priv 2000-10-20 2017-10-09
3.7
User Local High Not required Partial Partial Partial
inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.
3859 CVE-2000-0667 DoS 2000-07-27 2008-09-10
3.6
None Local Low Not required None Partial Partial
Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service.
3860 CVE-2000-0579 2000-06-21 2008-09-10
3.7
User Local High Not required Partial Partial Partial
IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited.
3861 CVE-2000-0578 2000-06-21 2008-09-10
3.7
User Local High Not required Partial Partial Partial
SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user.
3862 CVE-2000-0487 2000-06-01 2018-10-12
3.6
None Local Low Not required Partial Partial None
The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability.
3863 CVE-2000-0472 Exec Code Overflow 2000-02-06 2017-10-09
3.6
None Local Low Not required Partial Partial None
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.
3864 CVE-2000-0409 2000-05-10 2008-09-10
3.7
User Local High Not required Partial Partial Partial
Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.
3865 CVE-2000-0379 2000-05-16 2008-09-10
3.6
None Local Low Not required Partial Partial None
The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so.
3866 CVE-2000-0270 2000-04-18 2008-09-10
3.6
None Local Low Not required Partial Partial None
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.
3867 CVE-2000-0121 2000-02-01 2018-10-12
3.6
None Local Low Not required Partial Partial None
The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.
3868 CVE-2000-0090 DoS 2000-01-17 2008-09-10
3.6
None Local Low Not required None Partial Partial
VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.
3869 CVE-1999-1590 Dir. Trav. 1999-12-31 2008-09-05
3.5
None Remote Medium Single system Partial None None
Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021.
3870 CVE-1999-1530 1999-11-08 2016-10-17
3.6
None Local Low Not required Partial Partial None
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.
3871 CVE-1999-1498 1998-04-06 2008-09-05
3.6
None Local Low Not required Partial Partial None
Slackware Linux 3.4 pkgtool allows local attacker to read and write to arbitrary files via a symlink attack on the reply file.
3872 CVE-1999-1366 1999-05-15 2016-10-17
3.6
None Local Low Not required Partial Partial None
Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.
3873 CVE-1999-1300 1999-12-31 2008-09-05
3.6
None Local Low Not required Partial Partial None
Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users to read arbitrary files and modify system accounting configuration.
3874 CVE-1999-1224 1997-10-08 2017-12-18
3.6
None Local Low Not required Partial None Partial
IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
3875 CVE-1999-0885 Exec Code 1999-11-03 2008-09-09
3.6
None Local Low Not required Partial Partial None
Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL.
3876 CVE-1999-0850 1999-12-02 2008-09-09
3.6
None Local Low Not required Partial Partial None
The default permissions for Endymion MailMan allow local users to read email or modify files.
3877 CVE-1999-0828 1999-12-02 2008-09-09
3.6
None Local Low Not required Partial Partial None
UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam allow local users to read arbitrary files via the dacread permission.
3878 CVE-1999-0825 1999-12-03 2008-09-09
3.6
None Local Low Not required Partial Partial None
The default permissions for UnixWare /var/mail allow local users to read and modify other users' mail.
3879 CVE-1999-0703 1999-08-03 2008-09-09
3.6
None Local Low Not required None Partial Partial
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
3880 CVE-1999-0401 1999-01-01 2008-09-09
3.7
User Local High Not required Partial Partial Partial
A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.
3881 CVE-1999-0141 Exec Code 1996-03-29 2008-09-09
3.7
User Local High Not required Partial Partial Partial
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.
3882 CVE-1999-0123 1995-12-01 2008-09-05
3.7
User Local High Not required Partial Partial Partial
Race condition in Linux mailx command allows local users to read user files.
Total number of vulnerabilities : 3882   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.