CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6551 CVE-2005-2731 Dir. Trav. 2005-08-30 2016-10-18
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.
6552 CVE-2005-2725 2005-08-30 2017-07-11
2.1
None Local Low Not required Partial None None
The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier versions does not properly check permissions when the -t flag is specified, which allows local users to read arbitrary files.
6553 CVE-2005-2708 399 DoS 2005-10-25 2018-10-19
2.1
None Local Low Not required None None Partial
The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command.
6554 CVE-2005-2689 XSS 2005-08-24 2008-09-05
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.
6555 CVE-2005-2672 2005-08-23 2018-10-03
2.1
None Local Low Not required None Partial None
pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.
6556 CVE-2005-2664 2005-08-23 2016-10-18
2.1
None Local Low Not required Partial None None
Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory.
6557 CVE-2005-2663 2005-09-21 2017-07-11
2.1
None Local Low Not required None Partial None
masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log file.
6558 CVE-2005-2660 2005-09-30 2008-09-05
2.1
None Local Low Not required None Partial None
apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
6559 CVE-2005-2656 DoS 2005-09-06 2008-09-05
2.1
None Local Low Not required None None Partial
Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities.
6560 CVE-2005-2602 2005-08-17 2008-09-05
2.6
None Remote High Not required None Partial None
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.
6561 CVE-2005-2586 +Info 2005-08-16 2016-10-18
2.1
None Local Low Not required Partial None None
Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information.
6562 CVE-2005-2554 2005-08-12 2017-07-11
2.1
None Local Low Not required Partial None None
The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.
6563 CVE-2005-2553 DoS 2005-08-12 2018-10-19
2.1
None Local Low Not required None None Partial
The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return value from another function, which allows local users to cause a denial of service (kernel crash/oops) by running a 32-bit ltrace program with the -i option on a 64-bit executable program.
6564 CVE-2005-2534 DoS 2005-08-24 2008-09-05
2.6
None Remote High Not required None None Partial
Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.
6565 CVE-2005-2533 DoS 2005-08-24 2008-09-05
2.1
None Local Low Not required None None Partial
OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses.
6566 CVE-2005-2520 2005-08-19 2008-09-05
2.1
None Local Low Not required Partial None None
The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.
6567 CVE-2005-2517 2005-08-19 2008-09-05
2.6
None Remote High Not required Partial None None
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
6568 CVE-2005-2512 2005-08-19 2008-09-05
2.1
None Local Low Not required Partial None None
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
6569 CVE-2005-2509 2005-08-19 2008-09-05
2.1
None Local Low Not required None Partial None
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
6570 CVE-2005-2499 DoS 2005-08-23 2017-10-11
2.1
None Local Low Not required None None Partial
slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure.
6571 CVE-2005-2487 DoS 2005-08-07 2017-07-11
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Sun McData switches and directors 4300, 4500, 6064, and 6140 before E/OS 6.0.0 may allow attackers to cause a denial of service (connectivity and array access loss) via a network broadcast storm.
6572 CVE-2005-2462 +Priv 2005-12-31 2016-10-18
2.1
None Local Low Not required Partial None None
Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges.
6573 CVE-2005-2456 DoS Exec Code Overflow 2005-08-04 2018-10-19
2.1
None Local Low Not required None None Partial
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.
6574 CVE-2005-2451 DoS Exec Code 2005-08-03 2017-10-11
2.1
None Local Low Not required None None Partial
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
6575 CVE-2005-2444 +Info 2005-08-03 2017-07-11
2.1
None Local Low Not required Partial None None
Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information.
6576 CVE-2005-2426 DoS 2005-08-03 2017-07-11
2.1
None Local Low Not required None None Partial
FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command.
6577 CVE-2005-2414 DoS 2005-08-03 2017-07-11
2.6
None Remote High Not required None None Partial
Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.
6578 CVE-2005-2407 Exec Code 2005-08-01 2011-03-08
2.6
None Remote High Not required None Partial None
A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".
6579 CVE-2005-2353 2005-08-05 2018-10-03
2.1
None Local Low Not required None Partial None
run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
6580 CVE-2005-2351 668 DoS 2019-11-01 2019-11-13
2.1
None Local Low Not required None None Partial
Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.
6581 CVE-2005-2343 DoS 2005-12-31 2011-03-08
2.6
None Remote High Not required None None Partial
Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed.
6582 CVE-2005-2311 2005-07-19 2008-09-05
2.1
None Local Low Not required None Partial None
SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files.
6583 CVE-2005-2302 2005-07-19 2016-10-18
2.1
None Local Low Not required None None Partial
PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.
6584 CVE-2005-2300 2005-07-19 2016-10-18
2.1
None Local Low Not required None Partial None
Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file.
6585 CVE-2005-2294 2005-07-18 2017-07-11
2.1
None Local Low Not required Partial None None
Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.
6586 CVE-2005-2293 +Info 2005-07-18 2017-07-11
2.1
None Local Low Not required Partial None None
Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
6587 CVE-2005-2292 +Info 2005-07-18 2017-07-11
2.1
None Local Low Not required Partial None None
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
6588 CVE-2005-2283 DoS 2005-07-18 2008-09-05
2.1
None Local Low Not required None None Partial
WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file.
6589 CVE-2005-2274 2005-07-13 2021-07-23
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
6590 CVE-2005-2273 2005-07-13 2008-09-05
2.6
None Remote High Not required None Partial None
Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
6591 CVE-2005-2272 2005-07-13 2017-07-11
2.6
None Remote High Not required None Partial None
Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
6592 CVE-2005-2271 2005-07-13 2008-09-05
2.6
None Remote High Not required None Partial None
iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
6593 CVE-2005-2268 2005-07-13 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
6594 CVE-2005-2240 2005-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file.
6595 CVE-2005-2238 DoS 2005-07-12 2008-09-05
2.1
None Local Low Not required None None Partial
ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.
6596 CVE-2005-2231 2005-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
6597 CVE-2005-2230 2005-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files.
6598 CVE-2005-2196 2005-07-19 2008-09-05
2.1
None Local Low Not required None Partial None
The Apple AirPort card uses a default WEP key when not connected to a known or trusted network, which can cause it to automatically connect to a malicious network.
6599 CVE-2005-2180 2005-07-11 2016-10-18
2.1
None Local Low Not required None Partial None
gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files.
6600 CVE-2005-2174 2005-07-08 2008-09-05
2.6
None Remote High Not required Partial None None
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.