CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-0078 Exec Code 1996-04-18 2018-10-30
1.9
 None Local Medium Not required Partial None None
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
2 CVE-1999-0371 1999-02-11 2008-09-09
1.2
 None Local High Not required Partial None None
Lynx allows a local user to overwrite sensitive files through /tmp symlinks.
3 CVE-1999-0475 1999-04-05 2008-09-09
1.2
 None Local High Not required Partial None None
A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail.
4 CVE-1999-0497 1999-01-01 2007-07-13
0.0
 None Remote Low Not required None None None
Anonymous FTP is enabled.
5 CVE-1999-0523 1999-01-01 2010-12-01
0.0
 None Remote Low Not required None None None
ICMP echo (ping) is allowed from arbitrary hosts.
6 CVE-1999-0524 200 +Info 1997-08-01 2021-09-22
0.0
 None Local Low Not required None None None
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
7 CVE-1999-0525 1997-01-01 2014-11-24
0.0
 None Remote Low Not required None None None
IP traceroute is allowed from arbitrary hosts.
8 CVE-1999-0532 1997-07-01 2008-09-09
0.0
 None Remote Low Not required None None None
A DNS server allows zone transfers.
9 CVE-1999-0586 1999-01-01 2014-11-04
0.0
 None Remote Low Not required None None None
A network service is running on a nonstandard port.
10 CVE-1999-0612 1997-03-01 2008-09-09
0.0
 None Remote Low Not required None None None
A version of finger is running that exposes valid user information to any entity on the network.
11 CVE-1999-0613 1999-01-01 2007-07-13
0.0
 None Remote Low Not required None None None
The rpc.sprayd service is running.
12 CVE-1999-0624 1999-01-01 2007-07-13
0.0
 None Remote Low Not required None None None
The rstat/rstatd service is running.
13 CVE-1999-0625 1999-01-01 2007-07-13
0.0
 None Remote Low Not required None None None
The rpc.rquotad service is running.
14 CVE-1999-0626 1997-01-01 2008-09-09
0.0
 None Remote Low Not required None None None
A version of rusers is running that exposes valid user information to any entity on the network.
15 CVE-1999-0627 Exec Code 1992-03-01 2008-09-09
0.0
 None Remote Low Not required None None None
The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.
16 CVE-1999-0629 1999-01-01 2010-12-01
0.0
 None Remote Low Not required None None None
The ident/identd service is running.
17 CVE-1999-0632 1999-01-01 2007-07-13
0.0
 None Remote Low Not required None None None
The RPC portmapper service is running.
18 CVE-1999-0635 1999-01-01 2007-07-13
0.0
 None Remote Low Not required None None None
The echo service is running.
19 CVE-1999-0637 1999-01-01 2007-07-13
0.0
 None Remote Low Not required None None None
The systat service is running.
20 CVE-1999-0638 1999-01-01 2007-07-13
0.0
 None Remote Low Not required None None None
The daytime service is running.
21 CVE-1999-0639 1999-01-01 2007-07-13
0.0
 None Remote Low Not required None None None
The chargen service is running.
22 CVE-1999-0641 1999-01-01 2007-07-13
0.0
 None Remote Low Not required None None None
The UUCP service is running.
23 CVE-1999-0657 1999-01-01 2007-07-21
0.0
 None Remote Low Not required None None None
WinGate is being used.
24 CVE-1999-1042 1999-12-31 2008-09-05
1.2
 None Local High Not required Partial None None
Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings.
25 CVE-1999-1480 1998-06-11 2008-09-05
1.2
 None Local High Not required None Partial None
(1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack.
26 CVE-1999-1486 1998-02-25 2017-10-10
1.2
 None Local High Not required None Partial None
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
27 CVE-2000-0154 2000-02-16 2008-09-10
1.2
 None Local High Not required None Partial None
The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.
28 CVE-2000-0210 2000-02-21 2008-09-10
1.2
 None Local High Not required None Partial None
The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.
29 CVE-2000-0224 +Priv 2000-02-15 2008-09-10
1.2
 None Local High Not required None Partial None
ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.
30 CVE-2000-0371 1999-03-01 2008-09-10
1.2
 None Local High Not required None Partial None
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.
31 CVE-2000-0718 2000-10-20 2008-09-05
1.2
 None Local High Not required None Partial None
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
32 CVE-2000-0723 2000-10-20 2008-09-05
1.2
 None Local High Not required None None Partial
Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config.
33 CVE-2000-0890 2001-02-16 2018-05-03
1.2
 None Local High Not required None Partial None
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.
34 CVE-2000-0959 2000-12-19 2017-10-10
1.2
 None Local High Not required None Partial None
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
35 CVE-2000-1045 DoS 2000-12-11 2017-10-10
1.2
 None Local High Not required None None Partial
nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.
36 CVE-2001-0036 2001-02-16 2017-10-10
1.2
 None Local High Not required None Partial None
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.
37 CVE-2001-0095 2001-02-12 2018-10-30
1.2
 None Local High Not required None Partial None
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file.
38 CVE-2001-0109 2001-03-12 2017-10-10
1.2
 None Local High Not required None Partial None
rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file.
39 CVE-2001-0116 2001-03-12 2017-10-10
1.2
 None Local High Not required None Partial None
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.
40 CVE-2001-0117 2001-03-12 2017-10-10
1.2
 None Local High Not required None Partial None
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.
41 CVE-2001-0118 2001-03-12 2017-10-10
1.2
 None Local High Not required None Partial None
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.
42 CVE-2001-0119 2001-03-12 2017-10-10
1.2
 None Local High Not required None Partial None
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.
43 CVE-2001-0120 2001-03-12 2017-10-10
1.2
 None Local High Not required None Partial None
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.
44 CVE-2001-0125 2001-03-12 2017-10-10
1.2
 None Local High Not required None Partial None
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.
45 CVE-2001-0132 2001-03-12 2008-09-05
1.2
 None Local High Not required None Partial None
Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack.
46 CVE-2001-0138 2001-03-12 2017-10-10
1.2
 None Local High Not required None Partial None
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
47 CVE-2001-0139 2001-03-12 2017-10-10
1.2
 None Local High Not required None Partial None
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
48 CVE-2001-0140 2001-03-12 2017-10-10
1.2
 None Local High Not required None Partial None
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
49 CVE-2001-0141 2001-03-12 2017-10-10
1.2
 None Local High Not required None Partial None
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
50 CVE-2001-0142 2001-03-12 2017-10-10
1.2
 None Local High Not required None Partial None
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
Total number of vulnerabilities : 3644   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.