CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4101 CVE-2001-0416 2001-06-27 2017-10-09
2.1
None Local Low Not required Partial None None
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
4102 CVE-2001-0409 2001-06-18 2017-10-09
2.1
None Local Low Not required None Partial None
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
4103 CVE-2001-0406 2001-07-02 2008-09-05
2.1
None Local Low Not required None Partial None
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
4104 CVE-2001-0384 2001-07-02 2008-09-05
2.1
None Local Low Not required None Partial None
ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file.
4105 CVE-2001-0378 2001-06-27 2017-10-09
2.1
None Local Low Not required Partial None None
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
4106 CVE-2001-0373 2001-06-18 2017-10-09
2.1
None Local Low Not required Partial None None
The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.
4107 CVE-2001-0351 DoS 2001-07-21 2018-10-12
2.1
None Local Low Not required None None Partial
Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
4108 CVE-2001-0324 DoS 2001-05-03 2008-09-05
2.6
None Remote High Not required None None Partial
Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.
4109 CVE-2001-0310 2001-06-02 2017-10-09
2.1
None Local Low Not required None None Partial
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.
4110 CVE-2001-0300 2001-06-02 2017-07-10
2.1
None Local Low Not required None Partial None
oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.
4111 CVE-2001-0287 DoS 2001-05-03 2008-09-05
2.1
None Local Low Not required None None Partial
VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command.
4112 CVE-2001-0275 DoS Exec Code 2001-05-03 2008-09-05
2.1
None Local Low Not required None None Partial
Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request.
4113 CVE-2001-0273 2001-05-03 2017-07-10
2.6
None Remote High Not required Partial None None
pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.
4114 CVE-2001-0265 2001-06-18 2017-10-09
2.1
None Local Low Not required None Partial None
ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file.
4115 CVE-2001-0261 2001-06-02 2017-12-18
2.1
None Local Low Not required Partial None None
Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
4116 CVE-2001-0235 2001-03-26 2017-10-09
2.1
None Local Low Not required Partial None None
Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.
4117 CVE-2001-0219 DoS 2001-03-26 2017-10-09
2.1
None Local Low Not required None None Partial
Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service.
4118 CVE-2001-0195 +Priv 2001-03-26 2017-10-09
2.1
None Local Low Not required Partial None None
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
4119 CVE-2001-0184 DoS 2001-03-26 2017-12-18
2.6
None Remote High Not required None None Partial
eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet.
4120 CVE-2001-0178 +Priv 2001-03-26 2017-10-09
2.1
None Local Low Not required Partial None None
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
4121 CVE-2001-0170 2001-03-26 2017-10-09
2.1
None Local Low Not required Partial None None
glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
4122 CVE-2001-0169 2001-03-26 2017-10-09
2.1
None Local Low Not required None Partial None
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
4123 CVE-2001-0156 2001-06-02 2017-10-09
2.1
None Local Low Not required None Partial None
VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems.
4124 CVE-2001-0152 2001-05-03 2018-10-12
2.1
None Local Low Not required Partial None None
The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.
4125 CVE-2001-0135 2001-03-12 2016-10-17
2.1
None Local Low Not required None Partial None
The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs.
4126 CVE-2001-0105 2001-02-12 2017-10-09
2.1
None Local Low Not required None Partial None
Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group.
4127 CVE-2001-0092 2001-02-16 2018-10-12
2.6
None Remote High Not required Partial None None
A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability.
4128 CVE-2001-0091 2001-02-16 2018-10-12
2.6
None Remote High Not required Partial None None
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.
4129 CVE-2001-0089 2001-02-16 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.
4130 CVE-2001-0079 2001-02-12 2008-09-05
2.1
None Local Low Not required None Partial None
Support Tools Manager (STM) A.22.00 for HP-UX allows local users to overwrite arbitrary files via a symlink attack on the tool_stat.txt log file.
4131 CVE-2001-0078 2001-02-12 2017-10-09
2.1
None Local Low Not required Partial None None
in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS.
4132 CVE-2001-0073 Overflow 2001-02-12 2008-09-05
2.1
None Local Low Not required None Partial None
Buffer overflow in the find_default_type function in libsecure in NSA Security-enhanced Linux, which may allow attackers to modify critical data in memory.
4133 CVE-2001-0071 2001-02-12 2017-10-09
2.1
None Local Low Not required None Partial None
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
4134 CVE-2001-0069 2001-02-12 2017-10-09
2.1
None Local Low Not required None Partial None
dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack.
4135 CVE-2001-0068 2001-02-12 2017-12-18
2.6
None Remote High Not required Partial None None
Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter.
4136 CVE-2001-0067 2001-02-12 2017-12-18
2.1
None Local Low Not required Partial None None
The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set.
4137 CVE-2001-0062 DoS 2001-02-12 2017-10-09
2.1
None Local Low Not required None None Partial
procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang.
4138 CVE-2001-0052 DoS 2001-02-16 2017-12-18
2.1
None Local Low Not required None None Partial
IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query.
4139 CVE-2001-0040 2001-02-16 2017-10-09
2.1
None Local Low Not required None None Partial
APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.
4140 CVE-2001-0020 Dir. Trav. 2001-02-12 2017-10-09
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack.
4141 CVE-2001-0019 DoS 2001-02-12 2008-09-05
2.1
None Local Low Not required None None Partial
Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands.
4142 CVE-2001-0006 DoS 2001-02-12 2018-10-12
2.1
None Local Low Not required None None Partial
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
4143 CVE-2000-1247 16 2011-10-04 2017-08-28
2.1
None Local Low Not required Partial None None
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
4144 CVE-2000-1198 DoS 2001-08-31 2016-10-17
2.1
None Local Low Not required None None Partial
qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.
4145 CVE-2000-1197 DoS 2001-08-31 2016-10-17
2.1
None Local Low Not required None None Partial
POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
4146 CVE-2000-1190 2001-08-31 2016-10-17
2.1
None Local Low Not required None Partial None
imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.
4147 CVE-2000-1178 2001-01-09 2018-05-02
2.1
None Local Low Not required None Partial None
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
4148 CVE-2000-1146 DoS 2001-01-09 2017-10-09
2.1
None Local Low Not required None None Partial
Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.
4149 CVE-2000-1144 2001-01-09 2017-10-09
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.
4150 CVE-2000-1143 2001-01-09 2017-10-09
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.
Total number of vulnerabilities : 4356   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 (This Page)84 85 86 87 88
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.