CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4051 CVE-2005-0421 +Priv 2005-04-27 2017-07-10
2.1
None Local Low Not required Partial None None
DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges.
4052 CVE-2005-0406 +Info 2005-02-14 2008-09-10
2.1
None Local Low Not required Partial None None
A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.
4053 CVE-2005-0402 Exec Code 2005-05-02 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.
4054 CVE-2005-0400 +Info 2005-05-02 2018-10-03
2.1
None Local Low Not required Partial None None
The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.
4055 CVE-2005-0396 DoS 2005-05-02 2018-10-19
2.1
None Local Low Not required None None Partial
Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process."
4056 CVE-2005-0387 2005-05-02 2008-09-05
2.1
None Local Low Not required None Partial None
remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
4057 CVE-2005-0365 2005-05-02 2017-10-10
2.1
None Local Low Not required None Partial None
The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
4058 CVE-2005-0348 Dir. Trav. 2005-05-02 2017-07-10
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. (dot dot) in the FILENAME tag.
4059 CVE-2005-0346 2005-05-02 2017-07-10
2.1
None Local Low Not required Partial None None
SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) in cleartext in memory of the IreIKE.exe process, which allows local users to gain sensitive information if they have access to that process.
4060 CVE-2005-0342 +Priv 2005-05-02 2017-07-10
2.1
None Local Low Not required None Partial None
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.
4061 CVE-2005-0331 Dir. Trav. 2005-05-02 2017-07-10
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.
4062 CVE-2005-0330 DoS Exec Code Overflow 2005-05-02 2017-07-10
2.1
None Local Low Not required None None Partial
Buffer overflow in Painkiller 1.35 and earlier, and possibly other versions before 1.61, allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long cd-key hash.
4063 CVE-2005-0329 Dir. Trav. 2005-05-02 2017-07-10
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences.
4064 CVE-2005-0321 2005-05-02 2017-07-10
2.1
None Local Low Not required Partial None None
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path.
4065 CVE-2005-0318 2005-01-28 2016-10-17
2.1
None Local Low Not required None Partial None
useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.
4066 CVE-2005-0312 DoS 2005-01-27 2017-07-10
2.1
None Local Low Not required None None Partial
WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability.
4067 CVE-2005-0261 2005-02-10 2017-07-10
2.1
None Local Low Not required Partial None None
lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.
4068 CVE-2005-0232 2005-05-02 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."
4069 CVE-2005-0231 Bypass 2005-02-07 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
4070 CVE-2005-0225 2005-05-02 2017-07-10
2.1
None Local Low Not required None Partial None
firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack.
4071 CVE-2005-0207 DoS 2005-05-02 2017-10-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
4072 CVE-2005-0204 2005-05-02 2017-10-10
2.1
None Local Low Not required None Partial None
Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction.
4073 CVE-2005-0201 2005-06-29 2018-10-03
2.1
None Local Low Not required Partial None None
D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.
4074 CVE-2005-0192 Dir. Trav. 2004-10-06 2017-12-12
2.6
None Remote High Not required Partial None None
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
4075 CVE-2005-0190 Dir. Trav. Bypass 2004-09-29 2017-11-16
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
4076 CVE-2005-0184 Dir. Trav. 2005-05-02 2017-07-10
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request.
4077 CVE-2005-0179 DoS Bypass 2005-03-07 2017-10-10
2.1
None Local Low Not required None None Partial
Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call.
4078 CVE-2005-0161 Dir. Trav. 2005-02-22 2008-09-05
2.1
None Local Low Not required None Partial None
Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.
4079 CVE-2005-0156 Exec Code Overflow 2005-02-07 2018-08-13
2.1
None Local Low Not required None Partial None
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
4080 CVE-2005-0145 Bypass 2005-01-24 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.
4081 CVE-2005-0144 2005-05-02 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
4082 CVE-2005-0143 2005-03-23 2017-10-10
2.6
None Remote High Not required None Partial None
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
4083 CVE-2005-0142 2005-05-02 2017-10-10
2.1
None Local Low Not required Partial None None
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.
4084 CVE-2005-0141 2005-05-02 2017-10-10
2.6
None Remote High Not required Partial None None
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
4085 CVE-2005-0137 DoS 2005-05-02 2017-10-10
2.1
None Local Low Not required None None Partial
Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry."
4086 CVE-2005-0136 DoS 2005-12-31 2018-10-30
2.1
None Local Low Not required None None Partial
The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761.
4087 CVE-2005-0135 DoS 2005-05-02 2017-10-10
2.1
None Local Low Not required None None Partial
The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash).
4088 CVE-2005-0124 DoS Exec Code Overflow 2005-04-14 2018-10-19
2.1
None Local Low Not required None None Partial
The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow.
4089 CVE-2005-0120 2005-05-02 2008-09-05
2.1
None Local Low Not required None Partial None
helvis 1.8h2_1 and earlier allows local users to delete arbitrary files via the elvprsv setuid program.
4090 CVE-2005-0119 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program.
4091 CVE-2005-0118 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
helvis 1.8h2_1 and earlier stores recovery files in world readable directories with world readable permissions, which allows local users to read the recovered files of other users.
4092 CVE-2005-0114 DoS 2005-02-11 2008-09-05
2.1
None Local Low Not required None None Partial
vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer.
4093 CVE-2005-0110 Bypass 2005-01-14 2016-10-17
2.6
None Remote High Not required None Partial None
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.
4094 CVE-2005-0099 2005-03-08 2008-09-05
2.1
None Local Low Not required None Partial None
The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files.
4095 CVE-2005-0092 DoS 2005-02-19 2017-10-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).
4096 CVE-2005-0090 DoS 2005-05-02 2017-10-10
2.1
None Local Low Not required None None Partial
A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).
4097 CVE-2005-0077 2005-05-02 2018-10-19
2.1
None Local Low Not required None Partial None
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
4098 CVE-2005-0072 2005-01-24 2017-07-10
2.1
None Local Low Not required Partial None None
zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.
4099 CVE-2005-0023 2005-10-05 2017-07-10
2.1
None Local Low Not required None Partial None
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
4100 CVE-2005-0018 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
Total number of vulnerabilities : 4868   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 (This Page)83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.