CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3951 CVE-2002-1764 2002-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files.
3952 CVE-2002-1754 DoS Overflow 2002-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows local users to cause a denial of service (crash) by using ping, traceroute, or a similar utility to force the client to resolve a large hostname.
3953 CVE-2002-1740 Exec Code Overflow 2002-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologies MDaemon 5.0.5.0 and earlier allows local users to execute arbitrary code via a long folder name (NewFolder parameter).
3954 CVE-2002-1739 2002-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords.
3955 CVE-2002-1737 2002-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files.
3956 CVE-2002-1731 2002-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.
3957 CVE-2002-1713 2002-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
3958 CVE-2002-1711 2002-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.
3959 CVE-2002-1696 2002-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.
3960 CVE-2002-1687 Overflow 2002-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable.
3961 CVE-2002-1682 2002-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts.
3962 CVE-2002-1676 2002-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
BindView NetInventory 1.0, when used with NetRC 1.0, allows local users to read sensitive information (passwords) by deleting the HOSTCFG._NI file and forcing an audit, which rewrites the HOSTCFG._NI to HOSTCFG.INI and stores the passwords in cleartext until the audit is complete.
3963 CVE-2002-1672 2002-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.
3964 CVE-2002-1669 2002-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation.
3965 CVE-2002-1668 DoS 2002-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a "file system weakness" that is possibly via an mmap() system call and performing an I/O operation using data from the mapped buffer on the file descriptor for the mapped file.
3966 CVE-2002-1667 DoS 2002-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
The virtual memory management system in FreeBSD 4.5-RELEASE and earlier does not properly check the existence of a VM object during page invalidation, which allows local users to cause a denial of service (crash) by calling msync on an unaccessed memory map created with MAP_ANON and MAP_NOSYNC flags.
3967 CVE-2002-1610 DoS 2002-08-30 2017-07-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service.
3968 CVE-2002-1589 DoS 2002-10-24 2018-10-30
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic).
3969 CVE-2002-1587 DoS 2002-12-04 2018-10-30
2.1
None Local Low Not required None None Partial
The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.
3970 CVE-2002-1586 DoS 2002-12-03 2018-10-30
2.1
None Local Low Not required None None Partial
Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.
3971 CVE-2002-1571 +Info 2002-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE registers.
3972 CVE-2002-1521 +Priv 2003-04-02 2008-09-05
2.1
None Local Low Not required Partial None None
Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges.
3973 CVE-2002-1502 2003-04-02 2008-09-05
2.1
None Local Low Not required None Partial None
Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file.
3974 CVE-2002-1490 DoS Overflow 2003-04-02 2008-09-05
2.1
None Local Low Not required None None Partial
NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes.
3975 CVE-2002-1470 2003-04-22 2008-09-05
2.1
None Local Low Not required Partial None None
SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.
3976 CVE-2002-1444 DoS 2002-08-15 2008-09-05
2.6
None Remote High Not required None None Partial
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function.
3977 CVE-2002-1409 DoS 2003-04-11 2017-10-10
2.1
None Local Low Not required None None Partial
ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state."
3978 CVE-2002-1395 2003-01-17 2008-09-10
2.1
None Local Low Not required None Partial None
Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz.
3979 CVE-2002-1392 2003-01-17 2017-10-09
2.1
None Local Low Not required None Partial None
faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.
3980 CVE-2002-1380 DoS 2002-12-23 2018-05-02
2.1
None Local Low Not required None None Partial
Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.
3981 CVE-2002-1319 DoS 2002-12-11 2017-10-09
2.1
None Local Low Not required None None Partial
The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.
3982 CVE-2002-1313 DoS 2002-11-29 2017-10-09
2.1
None Local Low Not required None None Partial
nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users.
3983 CVE-2002-1270 2002-12-11 2017-10-09
2.1
None Local Low Not required Partial None None
Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.
3984 CVE-2002-1233 2002-11-04 2016-10-17
2.6
None Local High Not required Partial Partial None
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3985 CVE-2002-1231 DoS 2002-11-04 2008-09-10
2.1
None Local Low Not required None None Partial
SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.
3986 CVE-2002-1193 2002-10-28 2008-09-10
2.1
None Local Low Not required None Partial None
tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files.
3987 CVE-2002-1126 2002-09-24 2016-10-17
2.6
None Remote High Not required Partial None None
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
3988 CVE-2002-1125 2002-09-24 2016-10-17
2.1
None Local Low Not required Partial None None
FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory.
3989 CVE-2002-1109 DoS 2002-10-04 2016-10-17
2.1
None Local Low Not required None None Partial
securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter.
3990 CVE-2002-1030 DoS 2002-10-04 2008-09-05
2.6
None Remote High Not required None None Partial
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.
3991 CVE-2002-1017 2002-10-04 2008-09-05
2.1
None Local Low Not required None Partial None
Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other systems by using the backup feature, capturing the encryption Challenge, and using the appropriate hash function to generate the activation code.
3992 CVE-2002-0992 DoS 2002-10-04 2008-09-05
2.1
None Local Low Not required None None Partial
Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data.
3993 CVE-2002-0915 2002-10-04 2008-09-05
2.1
None Local Low Not required Partial None None
autorun in Xandros based Linux distributions allows local users to read the first line of arbitrary files via the -c parameter, which causes autorun to print the first line of the file.
3994 CVE-2002-0887 2002-10-04 2016-10-17
2.1
None Local Low Not required None Partial None
scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files.
3995 CVE-2002-0881 2002-10-04 2018-10-30
2.1
None Local Low Not required None Partial None
Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings.
3996 CVE-2002-0875 2002-09-05 2008-09-10
2.1
None Local Low Not required Partial None None
Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.
3997 CVE-2002-0871 DoS 2002-09-05 2016-12-07
2.1
None Local Low Not required None None Partial
xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe.
3998 CVE-2002-0831 DoS 2002-08-12 2016-10-17
2.1
None Local Low Not required None None Partial
The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.
3999 CVE-2002-0806 2002-08-12 2008-09-05
2.1
None Local Low Not required None Partial None
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.
4000 CVE-2002-0798 DoS 2002-08-12 2017-10-10
2.1
None Local Low Not required Partial None None
Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service.
Total number of vulnerabilities : 4392   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 (This Page)81 82 83 84 85 86 87 88
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.