CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4101 CVE-2005-0017 2005-05-02 2008-09-05
2.1
None Local Low Not required Partial None None
The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
4102 CVE-2005-0003 DoS Exec Code 2005-04-14 2017-10-10
2.1
None Local Low Not required None None Partial
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.
4103 CVE-2004-2759 2004-12-31 2017-08-07
2.1
None Local Low Not required Partial None None
Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by accessing data within sparse files.
4104 CVE-2004-2723 255 2004-12-31 2017-07-28
2.1
None Local Low Not required Partial None None
NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.
4105 CVE-2004-2722 255 2004-12-31 2017-07-28
2.1
None Local Low Not required Partial None None
** DISPUTED ** Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue.
4106 CVE-2004-2717 22 Dir. Trav. 2004-12-31 2009-04-03
2.6
None Remote High Not required Partial None None
Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters.
4107 CVE-2004-2684 2004-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\templates.
4108 CVE-2004-2683 2004-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server.
4109 CVE-2004-2658 2004-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
4110 CVE-2004-2609 Overflow +Info 2004-12-31 2017-07-19
2.1
None Local Low Not required Partial None None
The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow.
4111 CVE-2004-2607 2004-12-31 2010-04-02
2.1
None Local Low Not required Partial None None
A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer.
4112 CVE-2004-2605 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files.
4113 CVE-2004-2599 DoS Overflow 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon.
4114 CVE-2004-2591 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does not properly overwrite data in files, which allows attackers to recover the data.
4115 CVE-2004-2569 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file.
4116 CVE-2004-2555 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they know the Control password and password recovery key.
4117 CVE-2004-2547 +Info 2004-12-31 2017-07-10
2.6
None Remote High Not required Partial None None
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
4118 CVE-2004-2544 +Info 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 exports private keys when exporting firewall certificates, which might allow attackers to obtain sensitive information.
4119 CVE-2004-2530 2004-12-31 2017-07-10
2.6
None Remote High Not required None Partial None
Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box.
4120 CVE-2004-2502 1 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a symlink attack on the imswitcher[PID] temporary file.
4121 CVE-2004-2491 2004-12-31 2017-07-10
2.6
None Remote High Not required None Partial None
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.
4122 CVE-2004-2477 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe.
4123 CVE-2004-2476 DoS 2004-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.
4124 CVE-2004-2459 2004-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.
4125 CVE-2004-2454 +Info 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml.
4126 CVE-2004-2440 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users.
4127 CVE-2004-2436 +Priv 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.
4128 CVE-2004-2419 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Keene Digital Media Server 1.0.2 allows local users to obtain usernames and passwords by reading the dmscore.db file on the local system.
4129 CVE-2004-2414 +Info 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
4130 CVE-2004-2410 DoS 2004-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).
4131 CVE-2004-2400 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials.
4132 CVE-2004-2398 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
4133 CVE-2004-2395 DoS 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.
4134 CVE-2004-2394 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.
4135 CVE-2004-2365 DoS 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
4136 CVE-2004-2337 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials.
4137 CVE-2004-2331 Bypass +Info 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
4138 CVE-2004-2321 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
4139 CVE-2004-2309 Dir. Trav. 2004-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command.
4140 CVE-2004-2302 DoS 2004-12-31 2017-02-19
2.6
None Local High Not required Partial None Partial
Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files.
4141 CVE-2004-2276 Bypass 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection.
4142 CVE-2004-2258 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab.
4143 CVE-2004-2230 DoS Overflow 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.
4144 CVE-2004-2219 2004-12-31 2017-07-10
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
4145 CVE-2004-2169 DoS 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long file request.
4146 CVE-2004-2136 2004-02-19 2016-10-17
2.1
None Local Low Not required Partial None None
dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
4147 CVE-2004-2135 2004-05-26 2016-10-17
2.1
None Local Low Not required Partial None None
cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
4148 CVE-2004-2097 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.
4149 CVE-2004-2083 2004-02-11 2017-07-10
2.6
None Remote High Not required None Partial None
Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."
4150 CVE-2004-2022 DoS Exec Code Overflow 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
Total number of vulnerabilities : 4868   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 (This Page)84 85 86 87 88 89 90 91 92 93 94 95 96 97 98
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.