CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6451 CVE-2005-4536 2005-12-31 2017-07-20
2.1
None Local Low Not required None Partial None
Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file.
6452 CVE-2005-4494 XSS 2005-12-22 2011-03-08
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.
6453 CVE-2005-4412 2005-12-20 2008-09-05
2.1
None Local Low Not required Partial None None
Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field.
6454 CVE-2005-4357 XSS 2005-12-20 2018-10-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.
6455 CVE-2005-4352 Bypass 2005-12-31 2018-10-19
2.1
None Local Low Not required None Partial None
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."
6456 CVE-2005-4344 2005-12-19 2011-03-08
2.1
None Local Low Not required None Partial None
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.
6457 CVE-2005-4273 2005-12-15 2018-10-19
2.1
None Local Low Not required None Partial None
Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files.
6458 CVE-2005-4176 2005-12-11 2018-10-19
2.1
None Local Low Not required Partial None None
AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
6459 CVE-2005-4175 2005-12-11 2018-10-19
2.1
None Local Low Not required Partial None None
Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
6460 CVE-2005-4151 2005-12-10 2018-10-19
2.1
None Local Low Not required Partial None None
The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk.
6461 CVE-2005-4133 2005-12-09 2011-03-08
2.1
None Local Low Not required Partial None None
Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files.
6462 CVE-2005-3997 +Info 2005-12-05 2018-10-19
2.6
None Remote High Not required Partial None None
Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php, (5) application_bottom.php, (6) attributes_preview.php, (7) modules/category_product_listing.php, (8) modules/copy_to_confirm.php, (9) modules/delete_product_confirm.php, and (10) modules/move_product_confirm.php, which leaks the web server path in the resulting error message.
6463 CVE-2005-3921 XSS 2005-11-30 2018-10-19
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers.
6464 CVE-2005-3885 2005-11-29 2018-10-03
2.1
None Local Low Not required None Partial None
The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.
6465 CVE-2005-3782 Bypass 2005-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username.
6466 CVE-2005-3738 File Inclusion 2005-11-22 2018-10-19
2.6
None Remote High Not required None Partial None
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
6467 CVE-2005-3649 2005-11-17 2016-10-18
2.6
None Remote High Not required None Partial None
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.
6468 CVE-2005-3620 +Priv 2005-12-31 2018-10-30
2.1
None Local Low Not required Partial None None
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.
6469 CVE-2005-3568 DoS 2005-11-16 2017-07-11
2.1
None Local Low Not required None None Partial
db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING."
6470 CVE-2005-3531 2005-11-23 2011-03-08
2.1
None Local Low Not required None Partial None
fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.
6471 CVE-2005-3476 DoS 2005-11-03 2018-10-19
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and OpenVMS Alpha 7.3-2 and 8.2, allows local users to cause a denial of service.
6472 CVE-2005-3427 2005-11-02 2017-07-11
2.1
None Local Low Not required None Partial None
The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection.
6473 CVE-2005-3402 Bypass +Info 2005-11-01 2016-10-18
2.6
None Remote High Not required Partial None None
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.
6474 CVE-2005-3356 DoS 2005-12-31 2018-10-19
2.1
None Local Low Not required None None Partial
The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attack vectors.
6475 CVE-2005-3341 2005-12-27 2017-07-11
2.1
None Local Low Not required None Partial None
DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh.
6476 CVE-2005-3331 2005-10-27 2017-07-11
2.1
None Local Low Not required None Partial None
viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
6477 CVE-2005-3320 XSS 2005-10-27 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script.
6478 CVE-2005-3319 DoS 2005-10-27 2018-10-30
2.1
None Local Low Not required None None Partial
The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
6479 CVE-2005-3311 2005-10-26 2016-10-18
2.1
None Local Low Not required None Partial None
BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
6480 CVE-2005-3295 DoS 2005-10-23 2018-05-03
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."
6481 CVE-2005-3289 2005-10-23 2008-09-05
2.1
None Local Low Not required None Partial None
LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file.
6482 CVE-2005-3286 DoS 2005-10-23 2012-12-13
2.1
None Local Low Not required None None Partial
The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout vulnerability."
6483 CVE-2005-3276 +Info 2005-10-21 2018-10-19
2.1
None Local Low Not required Partial None None
The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information.
6484 CVE-2005-3275 DoS Mem. Corr. 2005-10-21 2018-10-19
2.6
None Remote High Not required None None Partial
The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption.
6485 CVE-2005-3271 DoS 2005-10-21 2018-10-03
2.1
None Local Low Not required None None Partial
Exec in Linux kernel 2.6 does not properly clear posix-timers in multi-threaded environments, which results in a resource leak and could allow a large number of multiple local users to cause a denial of service by using more posix-timers than specified by the quota for a single user.
6486 CVE-2005-3268 2005-10-20 2008-09-05
2.1
None Local Low Not required Partial None None
yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files.
6487 CVE-2005-3250 DoS 2005-10-17 2013-07-20
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference.
6488 CVE-2005-3238 DoS 2005-10-14 2008-09-05
2.1
None Local Low Not required None None Partial
Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors.
6489 CVE-2005-3181 399 DoS 2005-10-12 2018-10-19
2.1
None Local Low Not required None None Partial
The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).
6490 CVE-2005-3179 264 +Info 2005-10-12 2017-02-19
2.1
None Local Low Not required Partial None None
drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information.
6491 CVE-2005-3164 200 +Info 2005-10-06 2019-03-25
2.6
None Remote High Not required Partial None None
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
6492 CVE-2005-3147 +Info 2005-10-05 2008-09-05
2.1
None Local Low Not required Partial None None
StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.
6493 CVE-2005-3146 2005-10-05 2008-09-05
2.1
None Local Low Not required None Partial None
StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.
6494 CVE-2005-3137 2005-10-05 2017-07-11
2.1
None Local Low Not required None Partial None
The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.
6495 CVE-2005-3124 2005-11-06 2011-03-08
2.1
None Local Low Not required None Partial None
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
6496 CVE-2005-3121 2005-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations.
6497 CVE-2005-3119 399 DoS 2005-10-12 2017-10-11
2.1
None Local Low Not required None None Partial
Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys.
6498 CVE-2005-3115 2005-09-30 2008-09-05
2.1
None Local Low Not required None Partial None
mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, which allows local users to overwrite arbitrary files via (1) ts.stat, (2) ts.mpg, (3) foobar, (4) blockbar, or (5) foobar[NNN].
6499 CVE-2005-3112 2005-09-30 2008-09-05
2.1
None Local Low Not required Partial None None
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords.
6500 CVE-2005-3111 2005-09-30 2017-07-11
2.1
None Local Low Not required None Partial None
The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.