CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4551 CVE-2001-0067 2001-02-12 2017-12-18
2.1
None Local Low Not required Partial None None
The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set.
4552 CVE-2001-0062 DoS 2001-02-12 2017-10-09
2.1
None Local Low Not required None None Partial
procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang.
4553 CVE-2001-0052 DoS 2001-02-16 2017-12-18
2.1
None Local Low Not required None None Partial
IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query.
4554 CVE-2001-0040 2001-02-16 2017-10-09
2.1
None Local Low Not required None None Partial
APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.
4555 CVE-2001-0020 Dir. Trav. 2001-02-12 2017-10-09
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack.
4556 CVE-2001-0019 DoS 2001-02-12 2008-09-05
2.1
None Local Low Not required None None Partial
Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands.
4557 CVE-2001-0006 DoS 2001-02-12 2018-10-12
2.1
None Local Low Not required None None Partial
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
4558 CVE-2000-1247 16 2011-10-04 2017-08-28
2.1
None Local Low Not required Partial None None
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
4559 CVE-2000-1198 DoS 2001-08-31 2016-10-17
2.1
None Local Low Not required None None Partial
qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.
4560 CVE-2000-1197 DoS 2001-08-31 2016-10-17
2.1
None Local Low Not required None None Partial
POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
4561 CVE-2000-1190 2001-08-31 2016-10-17
2.1
None Local Low Not required None Partial None
imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.
4562 CVE-2000-1178 2001-01-09 2018-05-02
2.1
None Local Low Not required None Partial None
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
4563 CVE-2000-1146 DoS 2001-01-09 2017-10-09
2.1
None Local Low Not required None None Partial
Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.
4564 CVE-2000-1144 2001-01-09 2017-10-09
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.
4565 CVE-2000-1143 2001-01-09 2017-10-09
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.
4566 CVE-2000-1142 Exec Code 2001-01-09 2017-10-09
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system.
4567 CVE-2000-1141 2001-01-09 2017-10-09
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.
4568 CVE-2000-1140 2001-01-09 2017-10-09
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem.
4569 CVE-2000-1083 DoS Exec Code 2001-01-09 2018-10-12
2.1
None Local Low Not required None None Partial
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
4570 CVE-2000-1018 2000-12-11 2017-10-09
2.1
None Local Low Not required Partial None None
shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file.
4571 CVE-2000-1003 DoS 2000-12-11 2017-10-09
2.6
None Remote High Not required None None Partial
NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.
4572 CVE-2000-0972 2000-12-19 2017-10-09
2.1
None Local Low Not required Partial None None
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
4573 CVE-2000-0936 2000-12-19 2017-10-09
2.1
None Local Low Not required Partial None None
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.
4574 CVE-2000-0928 2000-12-19 2017-10-09
2.1
None Local Low Not required Partial None None
WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares.
4575 CVE-2000-0892 +Info 2001-07-21 2017-10-09
2.6
None Remote High Not required Partial None None
Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.
4576 CVE-2000-0881 2000-11-14 2017-12-18
2.1
None Local Low Not required Partial None None
The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files.
4577 CVE-2000-0879 2000-11-14 2017-12-18
2.1
None Local Low Not required None None Partial
LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services.
4578 CVE-2000-0873 2000-11-14 2017-10-09
2.1
None Local Low Not required None Partial None
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.
4579 CVE-2000-0866 DoS 2000-11-14 2017-12-18
2.1
None Local Low Not required None None Partial
Interbase 6 SuperServer for Linux allows an attacker to cause a denial of service via a query containing 0 bytes.
4580 CVE-2000-0849 DoS 2000-11-14 2018-10-12
2.6
None Remote High Not required None None Partial
Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.
4581 CVE-2000-0829 DoS 2000-11-14 2017-10-09
2.1
None Local Low Not required None None Partial
The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.
4582 CVE-2000-0816 Exec Code 2000-10-06 2017-10-09
2.1
None Local Low Not required None Partial None
Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.
4583 CVE-2000-0771 DoS 2000-10-20 2018-10-12
2.1
None Local Low Not required None None Partial
Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
4584 CVE-2000-0768 2000-10-20 2018-10-12
2.6
None Remote High Not required Partial None None
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
4585 CVE-2000-0767 2000-10-20 2018-10-12
2.6
None Remote High Not required Partial None None
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.
4586 CVE-2000-0754 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.
4587 CVE-2000-0729 DoS 2000-10-20 2017-10-09
2.1
None Local Low Not required None None Partial
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
4588 CVE-2000-0726 2000-10-20 2017-10-09
2.6
None Remote High Not required Partial None None
CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.
4589 CVE-2000-0716 2000-10-20 2017-10-09
2.6
None Remote High Not required Partial None None
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.
4590 CVE-2000-0715 59 2000-10-20 2008-09-10
2.1
None Local Low Not required None Partial None
DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.
4591 CVE-2000-0691 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
4592 CVE-2000-0679 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
4593 CVE-2000-0650 Exec Code 2000-07-11 2017-10-09
2.1
None Local Low Not required None Partial None
The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.
4594 CVE-2000-0649 200 +Info 2000-07-13 2018-10-30
2.6
None Remote High Not required Partial None None
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
4595 CVE-2000-0633 2000-07-18 2017-10-09
2.1
None Local Low Not required None None Partial
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
4596 CVE-2000-0615 2000-07-19 2017-10-09
2.1
None Local Low Not required Partial None None
LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files.
4597 CVE-2000-0605 2000-07-10 2008-09-10
2.1
None Local Low Not required Partial None None
Blackboard CourseInfo 4.0 stores the local and SQL administrator user names and passwords in cleartext in a registry key whose access control allows users to access the passwords.
4598 CVE-2000-0565 2000-06-13 2017-10-09
2.1
None Local Low Not required Partial None None
SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.
4599 CVE-2000-0559 2000-06-07 2008-09-10
2.1
None Local Low Not required Partial None None
eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.
4600 CVE-2000-0553 Bypass 2000-05-26 2017-10-09
2.6
None Remote High Not required None Partial None
Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions.
Total number of vulnerabilities : 4765   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 (This Page)93 94 95 96
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.