CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4201 CVE-2004-0341 DoS 2004-11-23 2017-07-10
2.1
None Local Low Not required None None Partial
WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.
4202 CVE-2004-0325 DoS 2004-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demonstrated using "//../qwerty".
4203 CVE-2004-0320 2004-11-23 2017-10-09
2.1
None Local Low Not required Partial None None
Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands.
4204 CVE-2004-0299 DoS Overflow 2004-11-23 2017-07-10
2.1
None Local Low Not required None None Partial
Buffer overflow in smallftpd 0.99 allows local users to cause a denial of service (crash) via an FTP request with a large number of "/" (slash) characters.
4205 CVE-2004-0289 DoS Overflow 2004-11-23 2017-07-10
2.1
None Local Low Not required None None Partial
Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to cause a denial of service (segmentation fault) via a database file that contains a large key parameter.
4206 CVE-2004-0283 2004-11-23 2017-07-10
2.1
None Local Low Not required None Partial None
Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/mailmgr.unsort, (2) /tmp/mailmgr.tmp, or (3) /tmp/mailmgr.sort.
4207 CVE-2004-0267 2004-11-23 2017-07-10
2.1
None Local Low Not required None Partial None
The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp.
4208 CVE-2004-0256 2004-11-23 2018-05-02
2.1
None Local Low Not required None Partial None
GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.
4209 CVE-2004-0233 Dir. Trav. 2004-08-18 2017-10-10
2.1
None Local Low Not required None Partial None
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
4210 CVE-2004-0231 2004-08-18 2017-07-10
2.1
None Local Low Not required None Partial None
Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."
4211 CVE-2004-0211 DoS 2004-11-03 2018-10-12
2.1
None Local Low Not required None None Partial
The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
4212 CVE-2004-0207 +Priv 2004-11-03 2018-10-12
2.1
None Local Low Not required None Partial None
"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
4213 CVE-2004-0181 +Info 2004-06-01 2017-10-10
2.1
None Local Low Not required Partial None None
The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.
4214 CVE-2004-0180 2004-06-01 2018-05-02
2.6
None Remote High Not required None Partial None
The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.
4215 CVE-2004-0178 DoS 2004-06-01 2017-10-10
2.1
None Local Low Not required None None Partial
The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes.
4216 CVE-2004-0137 DoS 2004-08-06 2017-07-10
2.1
None Local Low Not required None None Partial
Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system panic) as a result of "page invalidation issues."
4217 CVE-2004-0136 DoS 2004-08-06 2017-07-10
2.1
None Local Low Not required None None Partial
The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a "corrupted binary."
4218 CVE-2004-0133 +Info 2004-06-01 2017-07-10
2.1
None Local Low Not required Partial None None
The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.
4219 CVE-2004-0124 2004-06-01 2018-10-12
2.6
None Remote High Not required Partial None None
The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
4220 CVE-2004-0088 2004-03-03 2008-09-10
2.1
None Local Low Not required None Partial None
The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087.
4221 CVE-2004-0087 2004-03-03 2017-07-10
2.1
None Local Low Not required None Partial None
The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.
4222 CVE-2004-0075 DoS 2004-03-15 2017-10-09
2.1
None Local Low Not required None None Partial
The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.
4223 CVE-2004-0064 2004-02-17 2016-10-17
2.1
None Local Low Not required None Partial None
The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory.
4224 CVE-2004-0058 2004-02-17 2017-07-10
2.1
None Local Low Not required None Partial None
Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file.
4225 CVE-2003-1582 79 XSS 2010-02-05 2019-07-03
2.6
None Remote High Not required None Partial None
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4226 CVE-2003-1581 79 XSS 2010-02-05 2010-02-08
2.6
None Remote High Not required None Partial None
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4227 CVE-2003-1577 79 XSS 2010-02-05 2017-08-16
2.6
None Remote High Not required None Partial None
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316.
4228 CVE-2003-1476 2003-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access.
4229 CVE-2003-1437 2003-12-31 2018-10-30
2.1
None Local Low Not required None Partial None
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
4230 CVE-2003-1306 +Info 2003-12-31 2008-09-05
2.6
None Remote High Not required Partial None None
Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
4231 CVE-2003-1295 2003-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."
4232 CVE-2003-1294 2003-12-31 2017-10-10
2.1
None Local Low Not required None Partial None
Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.
4233 CVE-2003-1289 2003-12-31 2017-07-19
2.1
None Local Low Not required Partial None None
The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.
4234 CVE-2003-1281 2003-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files.
4235 CVE-2003-1273 DoS 2003-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters.
4236 CVE-2003-1265 2003-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.
4237 CVE-2003-1261 DoS Overflow 2003-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard.
4238 CVE-2003-1246 2003-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.
4239 CVE-2003-1233 Bypass 2003-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
4240 CVE-2003-1226 2003-12-31 2008-09-10
2.1
None Local Low Not required Partial None None
BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.
4241 CVE-2003-1225 2003-12-31 2008-09-10
2.1
None Local Low Not required Partial None None
The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.
4242 CVE-2003-1224 2003-12-31 2008-09-10
2.1
None Local Low Not required Partial None None
Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen.
4243 CVE-2003-1174 DoS Overflow 2003-12-31 2017-07-10
2.1
None Local Low Not required None None Partial
Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
4244 CVE-2003-1135 DoS Overflow 2003-12-31 2008-09-05
2.6
None Remote High Not required None None Partial
Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.
4245 CVE-2003-1134 DoS 2003-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.
4246 CVE-2003-1133 2003-12-31 2017-07-10
2.1
None Local Low Not required Partial None None
Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages.
4247 CVE-2003-1129 DoS Exec Code Overflow 2003-12-31 2017-07-10
2.6
None Remote High Not required None None Partial
Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.
4248 CVE-2003-1122 Exec Code 2003-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code.
4249 CVE-2003-1105 DoS 2003-12-31 2018-10-12
2.6
None Remote High Not required None None Partial
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
4250 CVE-2003-1099 DoS Exec Code 2003-12-31 2017-10-10
2.1
None Local Low Not required None None Partial
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack.
Total number of vulnerabilities : 4765   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 (This Page)86 87 88 89 90 91 92 93 94 95 96
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.