CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4151 CVE-2004-0372 2004-04-15 2017-07-10
2.1
None Local Low Not required None Partial None
xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.
4152 CVE-2004-0370 2004-05-04 2017-07-10
2.1
None Local Low Not required Partial None None
The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic.
4153 CVE-2004-0351 2004-11-23 2017-07-10
2.1
None Local Low Not required Partial None None
Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data.
4154 CVE-2004-0350 2004-11-23 2017-07-10
2.1
None Local Low Not required Partial None None
SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring.
4155 CVE-2004-0342 DoS 2004-11-23 2017-07-10
2.1
None Local Low Not required None None Partial
WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.
4156 CVE-2004-0341 DoS 2004-11-23 2017-07-10
2.1
None Local Low Not required None None Partial
WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.
4157 CVE-2004-0325 DoS 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demonstrated using "//../qwerty".
4158 CVE-2004-0320 2004-11-23 2017-10-09
2.1
None Local Low Not required Partial None None
Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands.
4159 CVE-2004-0299 DoS Overflow 2004-11-23 2017-07-10
2.1
None Local Low Not required None None Partial
Buffer overflow in smallftpd 0.99 allows local users to cause a denial of service (crash) via an FTP request with a large number of "/" (slash) characters.
4160 CVE-2004-0289 DoS Overflow 2004-11-23 2017-07-10
2.1
None Local Low Not required None None Partial
Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to cause a denial of service (segmentation fault) via a database file that contains a large key parameter.
4161 CVE-2004-0283 2004-11-23 2017-07-10
2.1
None Local Low Not required None Partial None
Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/mailmgr.unsort, (2) /tmp/mailmgr.tmp, or (3) /tmp/mailmgr.sort.
4162 CVE-2004-0267 2004-11-23 2017-07-10
2.1
None Local Low Not required None Partial None
The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp.
4163 CVE-2004-0256 2004-11-23 2018-05-02
2.1
None Local Low Not required None Partial None
GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.
4164 CVE-2004-0233 Dir. Trav. 2004-08-18 2017-10-10
2.1
None Local Low Not required None Partial None
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
4165 CVE-2004-0231 2004-08-18 2017-07-10
2.1
None Local Low Not required None Partial None
Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."
4166 CVE-2004-0211 DoS 2004-11-03 2018-10-12
2.1
None Local Low Not required None None Partial
The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
4167 CVE-2004-0207 +Priv 2004-11-03 2018-10-12
2.1
None Local Low Not required None Partial None
"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
4168 CVE-2004-0181 +Info 2004-06-01 2017-10-10
2.1
None Local Low Not required Partial None None
The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.
4169 CVE-2004-0180 2004-06-01 2018-05-02
2.6
None Remote High Not required None Partial None
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
4170 CVE-2004-0178 DoS 2004-06-01 2017-10-10
2.1
None Local Low Not required None None Partial
The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.
4171 CVE-2004-0137 DoS 2004-08-06 2017-07-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system panic) as a result of "page invalidation issues."
4172 CVE-2004-0136 DoS 2004-08-06 2017-07-10
2.1
None Local Low Not required None None Partial
The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a "corrupted binary."
4173 CVE-2004-0133 +Info 2004-06-01 2017-07-10
2.1
None Local Low Not required Partial None None
The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.
4174 CVE-2004-0124 2004-06-01 2018-10-12
2.6
None Remote High Not required Partial None None
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
4175 CVE-2004-0088 2004-03-03 2008-09-10
2.1
None Local Low Not required None Partial None
The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087.
4176 CVE-2004-0087 2004-03-03 2017-07-10
2.1
None Local Low Not required None Partial None
The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.
4177 CVE-2004-0075 DoS 2004-03-15 2017-10-09
2.1
None Local Low Not required None None Partial
The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.
4178 CVE-2004-0064 2004-02-17 2016-10-17
2.1
None Local Low Not required None Partial None
The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory.
4179 CVE-2004-0058 2004-02-17 2017-07-10
2.1
None Local Low Not required None Partial None
Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file.
4180 CVE-2003-1582 79 XSS 2010-02-05 2019-07-03
2.6
None Remote High Not required None Partial None
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4181 CVE-2003-1581 79 XSS 2010-02-05 2010-02-08
2.6
None Remote High Not required None Partial None
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4182 CVE-2003-1577 79 XSS 2010-02-05 2017-08-16
2.6
None Remote High Not required None Partial None
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316.
4183 CVE-2003-1476 2003-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access.
4184 CVE-2003-1437 2003-12-31 2018-10-30
2.1
None Local Low Not required None Partial None
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
4185 CVE-2003-1306 +Info 2003-12-31 2008-09-05
2.6
None Remote High Not required Partial None None
Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
4186 CVE-2003-1295 2003-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."
4187 CVE-2003-1294 2003-12-31 2017-10-10
2.1
None Local Low Not required None Partial None
Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.
4188 CVE-2003-1289 2003-12-31 2017-07-19
2.1
None Local Low Not required Partial None None
The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.
4189 CVE-2003-1281 2003-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files.
4190 CVE-2003-1273 DoS 2003-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.
4191 CVE-2003-1265 2003-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
4192 CVE-2003-1261 DoS Overflow 2003-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard.
4193 CVE-2003-1246 2003-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.
4194 CVE-2003-1233 Bypass 2003-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
4195 CVE-2003-1226 2003-12-31 2008-09-10
2.1
None Local Low Not required Partial None None
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
4196 CVE-2003-1225 2003-12-31 2008-09-10
2.1
None Local Low Not required Partial None None
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
4197 CVE-2003-1224 2003-12-31 2008-09-10
2.1
None Local Low Not required Partial None None
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
4198 CVE-2003-1174 DoS Overflow 2003-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
4199 CVE-2003-1135 DoS Overflow 2003-12-31 2008-09-05
2.6
None Remote High Not required None None Partial
Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.
4200 CVE-2003-1134 DoS 2003-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.
Total number of vulnerabilities : 4720   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 (This Page)85 86 87 88 89 90 91 92 93 94 95
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.