CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4051 CVE-2005-4191 XSS 2005-12-13 2008-09-05
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist.
4052 CVE-2005-4190 79 XSS 2005-12-13 2011-09-13
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
4053 CVE-2005-4189 XSS 2005-12-13 2008-09-05
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
4054 CVE-2005-3310 XSS 2005-10-25 2017-07-10
3.5
None Remote Medium Single system None Partial None
Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB.
4055 CVE-2005-3205 79 Exec Code XSS 2005-10-14 2017-07-10
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table.
4056 CVE-2005-3070 DoS 2005-09-27 2008-09-05
3.6
None Local Low Not required Partial None Partial
HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file.
4057 CVE-2005-2995 2005-09-20 2018-10-09
3.6
None Local Low Not required Partial Partial None
bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.
4058 CVE-2005-2617 2005-08-17 2008-09-05
3.6
None Local Low Not required None Partial Partial
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application with crafted ELF headers.
4059 CVE-2005-2582 2005-08-16 2016-10-17
3.6
None Local Low Not required None Partial Partial
Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing.
4060 CVE-2005-2492 264 DoS 2005-09-14 2018-10-19
3.6
None Local Low Not required Partial None Partial
The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.
4061 CVE-2005-2306 +Priv 2005-07-19 2008-09-05
3.7
User Local High Not required Partial Partial Partial
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.
4062 CVE-2005-1993 +Priv 2005-06-20 2018-10-19
3.7
None Local High Not required Partial Partial Partial
Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
4063 CVE-2005-1982 +Info 2005-08-10 2019-04-30
3.6
None Local Low Not required Partial Partial None
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
4064 CVE-2005-1941 Exec Code 2005-06-08 2008-09-05
3.7
User Local High Not required Partial Partial Partial
SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.
4065 CVE-2005-1902 Dir. Trav. 2005-06-09 2017-07-10
3.6
None Local Low Not required Partial Partial None
Directory traversal vulnerability in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to read other users' mail and perform operations on arbitrary directories via .. sequences in the (1) SELECT, (2) CREATE, (3) DELETE, and (4) RENAME commands.
4066 CVE-2005-1768 DoS Exec Code Overflow 2005-07-11 2017-10-10
3.7
User Local High Not required Partial Partial Partial
Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.
4067 CVE-2005-1751 2005-05-25 2018-05-02
3.7
None Local High Not required Partial Partial Partial
Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
4068 CVE-2005-1727 2005-06-08 2008-09-05
3.7
None Local High Not required Partial Partial Partial
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."
4069 CVE-2005-1430 2005-05-03 2008-09-10
3.6
None Local Low Not required Partial Partial None
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.
4070 CVE-2005-1111 2005-05-02 2017-10-10
3.7
None Local High Not required Partial Partial Partial
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
4071 CVE-2005-1039 2005-05-02 2008-09-05
3.7
None Local High Not required Partial Partial Partial
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.
4072 CVE-2005-0988 2005-05-02 2017-10-10
3.7
None Local High Not required Partial Partial Partial
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
4073 CVE-2005-0953 2005-05-02 2018-10-19
3.7
None Local High Not required Partial Partial Partial
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
4074 CVE-2005-0894 2005-05-02 2016-10-17
3.6
None Local Low Not required None Partial Partial
OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp.
4075 CVE-2005-0576 2005-05-02 2008-09-05
3.6
None Local Low Not required None Partial Partial
Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.
4076 CVE-2005-0288 2005-01-11 2017-07-10
3.6
None Local Low Not required None Partial Partial
The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords.
4077 CVE-2005-0180 Bypass 2005-03-07 2017-10-10
3.6
None Local Low Not required Partial Partial None
Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions.
4078 CVE-2004-2778 264 Exec Code 2017-06-27 2017-07-05
3.6
None Local Low Not required Partial Partial None
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.
4079 CVE-2004-2728 119 DoS Overflow 2004-12-31 2017-07-28
3.5
None Remote Medium Single system None None Partial
Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.
4080 CVE-2004-2643 1 Dir. Trav. 2004-12-31 2017-07-19
3.7
User Local High Not required Partial Partial Partial
Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive.
4081 CVE-2004-2626 2004-12-31 2017-07-19
3.7
User Local High Not required Partial Partial Partial
GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.
4082 CVE-2004-2408 DoS +Info 2004-12-31 2017-07-10
3.6
None Local Low Not required Partial Partial None
Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server.
4083 CVE-2004-2319 2004-12-31 2017-07-10
3.6
None Local Low Not required Partial Partial None
IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.
4084 CVE-2004-2311 Dir. Trav. 2004-12-31 2017-07-10
3.6
None Local Low Not required Partial Partial None
Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog.
4085 CVE-2004-2303 2004-12-31 2017-07-10
3.6
None Local Low Not required Partial Partial None
MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.
4086 CVE-2004-1683 +Priv 2004-09-13 2017-07-10
3.7
User Local High Not required Partial Partial Partial
A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.
4087 CVE-2004-1465 Exec Code Overflow 2004-12-31 2017-07-10
3.7
User Local High Not required Partial Partial Partial
Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.
4088 CVE-2004-1445 +Priv 2004-12-31 2017-07-10
3.7
User Local High Not required Partial Partial Partial
A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.
4089 CVE-2004-1066 DoS 2005-01-10 2017-07-10
3.6
None Local Low Not required Partial None Partial
The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future.
4090 CVE-2004-0698 2004-07-27 2017-07-10
3.6
None Local Low Not required Partial Partial None
4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.
4091 CVE-2004-0435 2004-08-18 2017-07-10
3.6
None Local Low Not required None Partial Partial
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.
4092 CVE-2004-0217 2004-04-15 2017-07-10
3.7
User Local High Not required Partial Partial Partial
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.
4093 CVE-2003-1570 287 2009-03-31 2017-08-16
3.5
None Remote Medium Single system Partial None None
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."
4094 CVE-2003-1463 20 2003-12-31 2017-07-28
3.5
None Remote Medium Single system None Partial None
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.
4095 CVE-2003-1460 264 +Info 2003-12-31 2008-09-05
3.6
None Local Low Not required Partial Partial None
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information.
4096 CVE-2003-1452 16 Exec Code 2003-12-31 2017-07-28
3.6
None Local Low Not required Partial Partial None
Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program.
4097 CVE-2003-1426 16 Exec Code 2003-12-31 2017-07-28
3.3
None Local Medium Not required Partial Partial None
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
4098 CVE-2003-1366 200 +Info 2003-12-31 2017-07-28
3.3
None Local Medium Not required Partial Partial None
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
4099 CVE-2003-1234 DoS Exec Code Overflow 2003-12-31 2018-10-19
3.6
None Local Low Not required None Partial Partial
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.
4100 CVE-2003-1120 2003-12-31 2017-07-10
3.7
None Local High Not required Partial Partial Partial
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.
Total number of vulnerabilities : 4150   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 (This Page)83
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.