CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4301 CVE-2005-4803 2005-12-31 2018-10-03
3.6
None Local Low Not required None Partial Partial
graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.
4302 CVE-2005-4796 2005-12-31 2018-10-30
3.6
None Local Low Not required None Partial Partial
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.
4303 CVE-2005-4779 2005-12-31 2008-09-05
3.6
None Local Low Not required Partial Partial None
verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs.
4304 CVE-2005-4667 119 Exec Code Overflow 2005-12-31 2018-10-19
3.7
User Local High Not required Partial Partial Partial
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
4305 CVE-2005-4618 DoS Overflow 2005-12-31 2018-10-03
3.6
None Local Low Not required None Partial Partial
Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified.
4306 CVE-2005-4268 119 DoS Exec Code Overflow 2005-12-15 2018-10-03
3.7
User Local High Not required Partial Partial Partial
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.
4307 CVE-2005-4192 XSS 2005-12-13 2008-09-05
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when creating a new notepad.
4308 CVE-2005-4191 XSS 2005-12-13 2008-09-05
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description, when creating a new tasklist.
4309 CVE-2005-4190 79 XSS 2005-12-13 2011-09-13
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
4310 CVE-2005-4189 XSS 2005-12-13 2008-09-05
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting events, the (3) Category and (4) Location search fields, and the (5) attendees email address fields when editing event attendees, and possibly other vectors.
4311 CVE-2005-3310 XSS 2005-10-25 2017-07-10
3.5
None Remote Medium Single system None Partial None
Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB.
4312 CVE-2005-3205 79 Exec Code XSS 2005-10-14 2017-07-10
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table.
4313 CVE-2005-3070 DoS 2005-09-27 2008-09-05
3.6
None Local Low Not required Partial None Partial
HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file.
4314 CVE-2005-2995 2005-09-20 2018-10-09
3.6
None Local Low Not required Partial Partial None
bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.
4315 CVE-2005-2617 2005-08-17 2008-09-05
3.6
None Local Low Not required None Partial Partial
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application with crafted ELF headers.
4316 CVE-2005-2582 2005-08-16 2016-10-17
3.6
None Local Low Not required None Partial Partial
Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing.
4317 CVE-2005-2492 264 DoS 2005-09-14 2018-10-19
3.6
None Local Low Not required Partial None Partial
The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.
4318 CVE-2005-2306 +Priv 2005-07-19 2008-09-05
3.7
User Local High Not required Partial Partial Partial
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.
4319 CVE-2005-1993 +Priv 2005-06-20 2018-10-19
3.7
None Local High Not required Partial Partial Partial
Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
4320 CVE-2005-1982 +Info 2005-08-10 2019-04-30
3.6
None Local Low Not required Partial Partial None
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
4321 CVE-2005-1941 Exec Code 2005-06-08 2008-09-05
3.7
User Local High Not required Partial Partial Partial
SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.
4322 CVE-2005-1902 Dir. Trav. 2005-06-09 2017-07-10
3.6
None Local Low Not required Partial Partial None
Directory traversal vulnerability in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to read other users' mail and perform operations on arbitrary directories via .. sequences in the (1) SELECT, (2) CREATE, (3) DELETE, and (4) RENAME commands.
4323 CVE-2005-1768 DoS Exec Code Overflow 2005-07-11 2017-10-10
3.7
User Local High Not required Partial Partial Partial
Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.
4324 CVE-2005-1751 2005-05-25 2018-05-02
3.7
None Local High Not required Partial Partial Partial
Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
4325 CVE-2005-1727 2005-06-08 2008-09-05
3.7
None Local High Not required Partial Partial Partial
Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."
4326 CVE-2005-1430 2005-05-03 2008-09-10
3.6
None Local Low Not required Partial Partial None
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.
4327 CVE-2005-1111 2005-05-02 2017-10-10
3.7
None Local High Not required Partial Partial Partial
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
4328 CVE-2005-1039 2005-05-02 2008-09-05
3.7
None Local High Not required Partial Partial Partial
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.
4329 CVE-2005-0988 2005-05-02 2017-10-10
3.7
None Local High Not required Partial Partial Partial
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
4330 CVE-2005-0953 2005-05-02 2018-10-19
3.7
None Local High Not required Partial Partial Partial
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
4331 CVE-2005-0894 2005-05-02 2016-10-17
3.6
None Local Low Not required None Partial Partial
OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp.
4332 CVE-2005-0576 2005-05-02 2008-09-05
3.6
None Local Low Not required None Partial Partial
Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.
4333 CVE-2005-0288 2005-01-11 2017-07-10
3.6
None Local Low Not required None Partial Partial
The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords.
4334 CVE-2005-0180 Bypass 2005-03-07 2017-10-10
3.6
None Local Low Not required Partial Partial None
Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions.
4335 CVE-2004-2778 264 Exec Code 2017-06-27 2017-07-05
3.6
None Local Low Not required Partial Partial None
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.
4336 CVE-2004-2728 119 DoS Overflow 2004-12-31 2017-07-28
3.5
None Remote Medium Single system None None Partial
Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.
4337 CVE-2004-2643 1 Dir. Trav. 2004-12-31 2017-07-19
3.7
User Local High Not required Partial Partial Partial
Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive.
4338 CVE-2004-2626 2004-12-31 2017-07-19
3.7
User Local High Not required Partial Partial Partial
GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.
4339 CVE-2004-2408 DoS +Info 2004-12-31 2017-07-10
3.6
None Local Low Not required Partial Partial None
Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server.
4340 CVE-2004-2319 2004-12-31 2017-07-10
3.6
None Local Low Not required Partial Partial None
IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.
4341 CVE-2004-2311 Dir. Trav. 2004-12-31 2017-07-10
3.6
None Local Low Not required Partial Partial None
Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog.
4342 CVE-2004-2303 2004-12-31 2017-07-10
3.6
None Local Low Not required Partial Partial None
MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.
4343 CVE-2004-1683 +Priv 2004-09-13 2017-07-10
3.7
User Local High Not required Partial Partial Partial
A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.
4344 CVE-2004-1465 Exec Code Overflow 2004-12-31 2017-07-10
3.7
User Local High Not required Partial Partial Partial
Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.
4345 CVE-2004-1445 +Priv 2004-12-31 2017-07-10
3.7
User Local High Not required Partial Partial Partial
A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.
4346 CVE-2004-1066 DoS 2005-01-10 2017-07-10
3.6
None Local Low Not required Partial None Partial
The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future.
4347 CVE-2004-0698 2004-07-27 2017-07-10
3.6
None Local Low Not required Partial Partial None
4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.
4348 CVE-2004-0435 2004-08-18 2017-07-10
3.6
None Local Low Not required None Partial Partial
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.
4349 CVE-2004-0217 2004-04-15 2017-07-10
3.7
User Local High Not required Partial Partial Partial
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.
4350 CVE-2003-1570 287 2009-03-31 2017-08-16
3.5
None Remote Medium Single system Partial None None
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."
Total number of vulnerabilities : 4400   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 (This Page)88
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.