CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4501 CVE-1999-1221 1996-11-17 2017-12-18
2.1
None Local Low Not required None Partial None
dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file.
4502 CVE-1999-1218 1993-02-18 2017-12-18
2.1
None Local Low Not required Partial None None
Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier allows local users to read arbitrary files.
4503 CVE-1999-1214 255 DoS 1997-09-15 2017-10-09
2.1
None Local Low Not required None None Partial
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
4504 CVE-1999-1205 1 DoS 1996-06-07 2018-05-02
2.1
None Local Low Not required None None Partial
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.
4505 CVE-1999-1173 1998-12-18 2016-10-17
2.1
None Local Low Not required None Partial None
Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working directory, or (2) modify files of other users via a symlink attack.
4506 CVE-1999-1137 1993-10-01 2018-10-30
2.1
None Local Low Not required Partial None None
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.
4507 CVE-1999-1126 +Info 1999-12-31 2017-12-18
2.1
None Local Low Not required Partial None None
Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_".
4508 CVE-1999-1118 DoS 1998-03-11 2017-10-09
2.1
None Local Low Not required None None Partial
ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.
4509 CVE-1999-1117 1999-12-31 2017-10-09
2.1
None Local Low Not required Partial None None
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
4510 CVE-1999-1102 1999-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
4511 CVE-1999-1010 1999-12-14 2016-10-17
2.1
None Local Low Not required Partial None None
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
4512 CVE-1999-1009 1999-12-12 2008-09-09
2.6
None Remote High Not required Partial None None
The Disney Go Express Search allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system.
4513 CVE-1999-1001 1999-12-16 2008-09-09
2.6
None Remote High Not required None Partial None
Cisco Cache Engine allows a remote attacker to gain access via a null username and password.
4514 CVE-1999-0990 1999-12-05 2008-09-09
2.1
None Local Low Not required Partial None None
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
4515 CVE-1999-0976 DoS 1999-12-07 2008-09-09
2.1
None Local Low Not required None None Partial
Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.
4516 CVE-1999-0957 1997-06-18 2008-09-09
2.1
None Local Low Not required None Partial None
MajorCool mj_key_cache program allows local users to modify files via a symlink attack.
4517 CVE-1999-0916 1999-06-29 2008-09-09
2.1
None Local Low Not required Partial None None
WebTrends software stores account names and passwords in a file which does not have restricted access permissions.
4518 CVE-1999-0912 DoS 1999-09-22 2008-09-09
2.1
None Local Low Not required None None Partial
FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.
4519 CVE-1999-0907 1999-09-16 2008-09-09
2.1
None Local Low Not required Partial None None
sccw allows local users to read arbitrary files.
4520 CVE-1999-0893 1999-10-11 2008-09-09
2.1
None Local Low Not required None Partial None
userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.
4521 CVE-1999-0871 1998-09-04 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.
4522 CVE-1999-0870 1998-10-01 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.
4523 CVE-1999-0869 1998-12-01 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
4524 CVE-1999-0862 +Priv 1999-12-02 2008-09-09
2.1
None Local Low Not required Partial None None
Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file.
4525 CVE-1999-0861 362 +Info 1999-08-11 2018-10-12
2.6
None Remote High Not required Partial None None
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
4526 CVE-1999-0860 1999-12-01 2018-10-30
2.1
None Local Low Not required Partial None None
Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.
4527 CVE-1999-0859 1999-12-01 2018-10-30
2.1
None Local Low Not required Partial None None
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.
4528 CVE-1999-0857 1999-12-01 2008-09-09
2.1
None Local Low Not required None Partial None
FreeBSD gdc program allows local users to modify files via a symlink attack.
4529 CVE-1999-0851 DoS 1999-11-10 2018-10-30
2.1
None Local Low Not required None None Partial
Denial of service in BIND named via naptr.
4530 CVE-1999-0827 1999-11-01 2008-09-09
2.6
None Remote High Not required Partial None None
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
4531 CVE-1999-0803 1999-05-25 2016-10-17
2.1
None Local Low Not required None Partial None
The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.
4532 CVE-1999-0797 DoS 1998-06-29 2008-09-09
2.6
None Remote High Not required None None Partial
NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.
4533 CVE-1999-0793 1999-11-17 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.
4534 CVE-1999-0790 2000-04-01 2008-09-09
2.6
None Remote High Not required Partial None None
A remote attacker can read information from a Netscape user's cache via JavaScript.
4535 CVE-1999-0787 1999-09-17 2016-10-17
2.1
None Local Low Not required None Partial None
The SSH authentication agent follows symlinks via a UNIX domain socket.
4536 CVE-1999-0782 1998-11-18 2016-10-17
2.1
None Local Low Not required None Partial None
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
4537 CVE-1999-0770 DoS 1999-07-29 2008-09-09
2.1
None Local Low Not required None None Partial
Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.
4538 CVE-1999-0762 1999-05-24 2008-09-09
2.6
None Remote High Not required Partial None None
When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.
4539 CVE-1999-0757 2001-03-12 2017-12-18
2.1
None Local Low Not required Partial None None
The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates.
4540 CVE-1999-0749 Overflow 1999-08-16 2018-10-12
2.6
None Remote High Not required None Partial None
Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.
4541 CVE-1999-0747 DoS 1999-08-18 2008-09-09
2.1
None Local Low Not required None None Partial
Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load.
4542 CVE-1999-0743 1999-08-20 2018-05-02
2.1
None Local Low Not required None Partial None
Trn allows local users to overwrite other users' files via symlinks.
4543 CVE-1999-0732 1999-08-19 2016-09-16
2.1
None Local Low Not required None Partial None
The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.
4544 CVE-1999-0717 1999-05-07 2018-10-12
2.6
None Remote High Not required None Partial None
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
4545 CVE-1999-0714 1999-02-15 2008-09-09
2.1
None Local Low Not required Partial None None
Vulnerability in Compaq Tru64 UNIX edauth command.
4546 CVE-1999-0712 1999-04-27 2008-09-09
2.1
None Local Low Not required Partial None None
A vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable.
4547 CVE-1999-0694 DoS 1999-08-11 2008-09-09
2.1
None Local Low Not required None None Partial
Denial of service in AIX ptrace system call allows local users to crash the system.
4548 CVE-1999-0595 2000-01-20 2008-09-09
2.1
None Local Low Not required Partial None None
A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.
4549 CVE-1999-0585 2000-07-01 2008-09-09
2.1
None Local Low Not required Partial None None
A Windows NT administrator account has the default name of Administrator.
4550 CVE-1999-0487 1999-05-01 2018-10-12
2.6
None Remote High Not required Partial None None
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 (This Page)92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.