CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3901 CVE-2004-1324 2004-12-18 2017-07-10
2.6
None Remote High Not required None Partial None
The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.
3902 CVE-2004-1323 DoS 2004-12-16 2017-07-10
2.1
None Local Low Not required None None Partial
Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions.
3903 CVE-2004-1296 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
3904 CVE-2004-1295 DoS 2005-01-10 2017-07-10
2.1
None Local Low Not required None None Partial
The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled).
3905 CVE-2004-1276 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP.
3906 CVE-2004-1270 2005-01-10 2018-10-03
2.1
None Local Low Not required None Partial None
lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.
3907 CVE-2004-1268 2005-01-10 2018-10-03
2.1
None Local Low Not required None Partial None
lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.
3908 CVE-2004-1237 DoS 2005-04-14 2017-10-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.
3909 CVE-2004-1234 DoS 2004-12-31 2017-10-10
2.1
None Local Low Not required None None Partial
load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.
3910 CVE-2004-1204 DoS Overflow 2005-01-10 2017-07-10
2.1
None Local Low Not required None None Partial
FluxBox 0.9.10 and earlier versions allows local users to cause a denial of service (application crash) by calling Xman with a long -title value, possibly triggering a buffer overflow.
3911 CVE-2004-1190 2005-01-10 2017-10-10
2.1
None Local Low Not required None Partial None
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
3912 CVE-2004-1179 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories.
3913 CVE-2004-1171 2005-01-10 2017-07-10
2.1
None Local Low Not required Partial None None
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
3914 CVE-2004-1110 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.
3915 CVE-2004-1108 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.
3916 CVE-2004-1107 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
3917 CVE-2004-1087 2004-12-02 2017-07-10
2.1
None Local Low Not required None Partial None
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user.
3918 CVE-2004-1085 2004-12-02 2017-07-10
2.1
None Local Low Not required None None Partial
Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode.
3919 CVE-2004-1081 2004-12-02 2017-07-10
2.1
None Local Low Not required Partial None None
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session.
3920 CVE-2004-1074 DoS 2005-01-10 2017-10-10
2.1
None Local Low Not required None None Partial
The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.
3921 CVE-2004-1073 2005-01-10 2017-10-10
2.1
None Local Low Not required Partial None None
The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
3922 CVE-2004-1033 Bypass 2005-03-01 2017-07-10
2.1
None Local Low Not required Partial None None
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.
3923 CVE-2004-1032 2005-03-01 2017-07-10
2.1
None Local Low Not required None Partial None
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string.
3924 CVE-2004-1030 2005-03-01 2017-07-10
2.1
None Local Low Not required Partial None None
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message.
3925 CVE-2004-1023 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.
3926 CVE-2004-1022 2005-01-10 2017-07-10
2.1
None Local Low Not required Partial None None
Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software.
3927 CVE-2004-1016 DoS 2005-01-10 2018-05-02
2.1
None Local Low Not required None None Partial
The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.
3928 CVE-2004-1000 2004-01-10 2017-07-10
2.1
None Local Low Not required None None Partial
lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.
3929 CVE-2004-0999 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
zgv 5.5.3 allows remote attackers to cause a denial of service (application crash via segmentation fault) via crafted multiple-image (animated) GIF images.
3930 CVE-2004-0996 2005-01-10 2017-07-10
2.1
None Local Low Not required None Partial None
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
3931 CVE-2004-0977 2005-02-09 2017-10-10
2.1
None Local Low Not required None Partial None
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
3932 CVE-2004-0976 2005-02-09 2017-10-10
2.1
None Local Low Not required None Partial None
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
3933 CVE-2004-0975 2005-02-09 2017-10-10
2.1
None Local Low Not required None Partial None
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
3934 CVE-2004-0974 2005-02-09 2017-07-10
2.1
None Local Low Not required None Partial None
The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
3935 CVE-2004-0972 2005-02-09 2017-10-10
2.1
None Local Low Not required None Partial None
The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
3936 CVE-2004-0971 2005-02-09 2017-10-10
2.1
None Local Low Not required None Partial None
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
3937 CVE-2004-0970 2005-02-09 2017-07-10
2.1
None Local Low Not required None Partial None
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
3938 CVE-2004-0969 2005-02-09 2017-07-10
2.1
None Local Low Not required None Partial None
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
3939 CVE-2004-0968 2005-02-09 2017-10-10
2.1
None Local Low Not required None Partial None
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
3940 CVE-2004-0966 2005-02-09 2017-07-10
2.1
None Local Low Not required None Partial None
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
3941 CVE-2004-0959 2004-11-03 2017-10-10
2.1
None Local Low Not required None Partial None
rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.
3942 CVE-2004-0923 +Info 2005-01-27 2017-10-10
2.1
None Local Low Not required Partial None None
CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.
3943 CVE-2004-0881 2005-01-27 2017-07-10
2.1
None Local Low Not required None Partial None
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
3944 CVE-2004-0851 2004-09-08 2017-07-10
2.1
None Local Low Not required None Partial None
The (1) write_list and (2) dump_curr_list functions in Net-Acct before 0.71 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
3945 CVE-2004-0838 2004-09-13 2017-07-10
2.1
None Local Low Not required Partial None None
Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive.
3946 CVE-2004-0837 DoS 2004-11-03 2018-09-26
2.6
None Remote High Not required None None Partial
MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.
3947 CVE-2004-0828 2004-11-03 2017-07-10
2.1
None Local Low Not required None Partial None
The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.
3948 CVE-2004-0824 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files.
3949 CVE-2004-0813 Bypass 2004-12-31 2017-10-10
2.1
None Local Low Not required None Partial None
Unknown vulnerability in the SG_IO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations.
3950 CVE-2004-0812 DoS Exec Code 2005-04-14 2017-10-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AMD64 and Intel EM64T architectures, associated with "setting up TSS limits," allows local users to cause a denial of service (crash) and possibly execute arbitrary code.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 (This Page)80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.