CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4801 CVE-1999-1137 1993-10-01 2018-10-30
2.1
None Local Low Not required Partial None None
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.
4802 CVE-1999-1126 +Info 1999-12-31 2017-12-18
2.1
None Local Low Not required Partial None None
Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from (1) swim_swd.log, (2) swim_debug.log, (3) dbi_debug.log, and (4) temporary files whose names begin with "DPR_".
4803 CVE-1999-1118 DoS 1998-03-11 2017-10-09
2.1
None Local Low Not required None None Partial
ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.
4804 CVE-1999-1117 1999-12-31 2017-10-09
2.1
None Local Low Not required Partial None None
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
4805 CVE-1999-1102 1999-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
4806 CVE-1999-1010 1999-12-14 2016-10-17
2.1
None Local Low Not required Partial None None
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
4807 CVE-1999-1009 1999-12-12 2008-09-09
2.6
None Remote High Not required Partial None None
The Disney Go Express Search allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system.
4808 CVE-1999-1001 1999-12-16 2008-09-09
2.6
None Remote High Not required None Partial None
Cisco Cache Engine allows a remote attacker to gain access via a null username and password.
4809 CVE-1999-0990 1999-12-05 2008-09-09
2.1
None Local Low Not required Partial None None
Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.
4810 CVE-1999-0976 DoS 1999-12-07 2008-09-09
2.1
None Local Low Not required None None Partial
Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.
4811 CVE-1999-0957 1997-06-18 2008-09-09
2.1
None Local Low Not required None Partial None
MajorCool mj_key_cache program allows local users to modify files via a symlink attack.
4812 CVE-1999-0916 1999-06-29 2008-09-09
2.1
None Local Low Not required Partial None None
WebTrends software stores account names and passwords in a file which does not have restricted access permissions.
4813 CVE-1999-0912 DoS 1999-09-22 2008-09-09
2.1
None Local Low Not required None None Partial
FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.
4814 CVE-1999-0907 1999-09-16 2008-09-09
2.1
None Local Low Not required Partial None None
sccw allows local users to read arbitrary files.
4815 CVE-1999-0893 1999-10-11 2008-09-09
2.1
None Local Low Not required None Partial None
userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.
4816 CVE-1999-0871 1998-09-04 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.
4817 CVE-1999-0870 1998-10-01 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.
4818 CVE-1999-0869 1998-12-01 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
4819 CVE-1999-0862 +Priv 1999-12-02 2008-09-09
2.1
None Local Low Not required Partial None None
Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file.
4820 CVE-1999-0861 362 +Info 1999-08-11 2018-10-12
2.6
None Remote High Not required Partial None None
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
4821 CVE-1999-0860 1999-12-01 2018-10-30
2.1
None Local Low Not required Partial None None
Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.
4822 CVE-1999-0859 1999-12-01 2018-10-30
2.1
None Local Low Not required Partial None None
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.
4823 CVE-1999-0857 1999-12-01 2008-09-09
2.1
None Local Low Not required None Partial None
FreeBSD gdc program allows local users to modify files via a symlink attack.
4824 CVE-1999-0851 DoS 1999-11-10 2018-10-30
2.1
None Local Low Not required None None Partial
Denial of service in BIND named via naptr.
4825 CVE-1999-0827 1999-11-01 2008-09-09
2.6
None Remote High Not required Partial None None
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.
4826 CVE-1999-0803 1999-05-25 2016-10-17
2.1
None Local Low Not required None Partial None
The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.
4827 CVE-1999-0797 DoS 1998-06-29 2008-09-09
2.6
None Remote High Not required None None Partial
NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.
4828 CVE-1999-0793 1999-11-17 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.
4829 CVE-1999-0790 2000-04-01 2008-09-09
2.6
None Remote High Not required Partial None None
A remote attacker can read information from a Netscape user's cache via JavaScript.
4830 CVE-1999-0787 1999-09-17 2016-10-17
2.1
None Local Low Not required None Partial None
The SSH authentication agent follows symlinks via a UNIX domain socket.
4831 CVE-1999-0782 1998-11-18 2016-10-17
2.1
None Local Low Not required None Partial None
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
4832 CVE-1999-0770 DoS 1999-07-29 2008-09-09
2.1
None Local Low Not required None None Partial
Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.
4833 CVE-1999-0762 1999-05-24 2008-09-09
2.6
None Remote High Not required Partial None None
When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.
4834 CVE-1999-0757 2001-03-12 2017-12-18
2.1
None Local Low Not required Partial None None
The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates.
4835 CVE-1999-0749 Overflow 1999-08-16 2018-10-12
2.6
None Remote High Not required None Partial None
Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.
4836 CVE-1999-0747 DoS 1999-08-18 2008-09-09
2.1
None Local Low Not required None None Partial
Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load.
4837 CVE-1999-0743 1999-08-20 2018-05-02
2.1
None Local Low Not required None Partial None
Trn allows local users to overwrite other users' files via symlinks.
4838 CVE-1999-0732 1999-08-19 2016-09-16
2.1
None Local Low Not required None Partial None
The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.
4839 CVE-1999-0717 1999-05-07 2018-10-12
2.6
None Remote High Not required None Partial None
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
4840 CVE-1999-0714 1999-02-15 2008-09-09
2.1
None Local Low Not required Partial None None
Vulnerability in Compaq Tru64 UNIX edauth command.
4841 CVE-1999-0712 1999-04-27 2008-09-09
2.1
None Local Low Not required Partial None None
A vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable.
4842 CVE-1999-0694 DoS 1999-08-11 2008-09-09
2.1
None Local Low Not required None None Partial
Denial of service in AIX ptrace system call allows local users to crash the system.
4843 CVE-1999-0595 2000-01-20 2008-09-09
2.1
None Local Low Not required Partial None None
A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.
4844 CVE-1999-0585 2000-07-01 2008-09-09
2.1
None Local Low Not required Partial None None
A Windows NT administrator account has the default name of Administrator.
4845 CVE-1999-0487 1999-05-01 2018-10-12
2.6
None Remote High Not required Partial None None
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.
4846 CVE-1999-0485 1999-02-19 2008-09-09
2.6
None Remote High Not required None None Partial
Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.
4847 CVE-1999-0484 Overflow 1999-02-23 2008-09-09
2.1
None Local Low Not required None Partial None
Buffer overflow in OpenBSD ping.
4848 CVE-1999-0483 1999-02-25 2008-09-09
2.1
None Local Low Not required None None Partial
OpenBSD crash using nlink value in FFS and EXT2FS filesystems.
4849 CVE-1999-0480 DoS 1999-04-01 2008-09-09
2.1
None Local Low Not required None None Partial
Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack.
4850 CVE-1999-0473 1999-04-07 2008-09-09
2.1
None Local Low Not required None Partial None
The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.
Total number of vulnerabilities : 4868   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 (This Page)98
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.