CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6601 CVE-2005-2144 Bypass 2005-07-05 2008-09-05
2.1
None Local Low Not required None Partial None
Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file.
6602 CVE-2005-2142 Dir. Trav. 2005-07-05 2008-09-05
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command.
6603 CVE-2005-2134 DoS 2005-07-05 2008-09-10
2.1
None Local Low Not required None None Partial
The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error.
6604 CVE-2005-2133 2005-07-05 2008-09-10
2.1
None Local Low Not required None Partial None
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1915. Reason: This candidate is a duplicate of CVE-2005-1915. Notes: All CVE users should reference CVE-2005-1915 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
6605 CVE-2005-2132 DoS 2005-08-03 2016-10-18
2.1
None Local Low Not required None None Partial
RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests.
6606 CVE-2005-2126 2005-10-21 2018-10-12
2.6
None Remote High Not required None Partial None
The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.
6607 CVE-2005-2104 +Info 2005-10-07 2017-10-11
2.1
None Local Low Not required Partial None None
sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory.
6608 CVE-2005-2100 DoS 2005-10-25 2017-10-11
2.1
None Local Low Not required None None Partial
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).
6609 CVE-2005-2097 DoS 2005-08-16 2018-10-19
2.1
None Local Low Not required None None Partial
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
6610 CVE-2005-2078 DoS 2005-06-29 2008-09-05
2.1
None Local Low Not required None None Partial
BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument.
6611 CVE-2005-2076 2005-06-29 2011-03-08
2.1
None Local Low Not required Partial None None
HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen.
6612 CVE-2005-2073 2005-06-29 2008-09-05
2.1
None Local Low Not required None Partial None
Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents.
6613 CVE-2005-2056 DoS 2005-06-29 2008-11-15
2.6
None Remote High Not required None None Partial
The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.
6614 CVE-2005-2032 2005-06-16 2018-10-30
2.1
None Local Low Not required None Partial None
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.
6615 CVE-2005-1981 DoS 2005-08-10 2019-04-30
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
6616 CVE-2005-1944 2005-06-09 2016-10-18
2.1
None Local Low Not required None None Partial
xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp.
6617 CVE-2005-1937 2005-06-14 2017-10-11
2.6
None Remote High Not required None Partial None
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
6618 CVE-2005-1932 +Info 2005-07-05 2008-09-05
2.1
None Local Low Not required None Partial None
Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php.
6619 CVE-2005-1923 DoS 2005-07-05 2008-09-05
2.6
None Remote High Not required None None Partial
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
6620 CVE-2005-1918 22 Dir. Trav. 2005-12-31 2018-10-19
2.6
None Remote High Not required None Partial None
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
6621 CVE-2005-1917 2005-07-05 2008-09-05
2.1
None Local Low Not required None Partial None
kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file.
6622 CVE-2005-1916 2005-07-06 2016-10-18
2.1
None Local Low Not required None Partial None
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
6623 CVE-2005-1915 2005-09-02 2011-03-08
2.1
None Local Low Not required None Partial None
The log4sh_readProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames.
6624 CVE-2005-1914 2005-07-18 2008-09-05
2.1
None Local Low Not required None Partial None
CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.
6625 CVE-2005-1913 DoS 2005-09-14 2017-07-11
2.1
None Local Low Not required None None Partial
The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a denial of service (kernel panic) via a non group-leader thread executing a different program than was pending in itimer, which causes the signal to be delivered to the old group-leader task, which does not exist.
6626 CVE-2005-1903 Exec Code Overflow 2005-06-02 2017-07-11
2.1
None Local Low Not required None None Partial
Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to execute arbitrary code via a long CREATE command.
6627 CVE-2005-1880 2005-06-06 2008-09-05
2.1
None Local Low Not required None Partial None
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
6628 CVE-2005-1879 2005-06-09 2008-09-05
2.1
None Local Low Not required None Partial None
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
6629 CVE-2005-1858 +Info 2005-06-03 2008-09-05
2.1
None Local Low Not required Partial None None
FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.
6630 CVE-2005-1856 2005-08-30 2008-09-05
2.1
None Local Low Not required None Partial None
The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack.
6631 CVE-2005-1855 +Info 2005-08-30 2008-09-05
2.1
None Local Low Not required Partial None None
Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.
6632 CVE-2005-1842 2005-08-24 2008-09-05
2.1
None Local Low Not required None Partial None
VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack.
6633 CVE-2005-1841 2005-07-07 2008-09-05
2.1
None Local Low Not required Partial None None
The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it.
6634 CVE-2005-1801 DoS 2005-05-26 2008-09-10
2.6
None Remote High Not required None None Partial
The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it.
6635 CVE-2005-1793 DoS 2005-06-01 2008-09-10
2.6
None Remote High Not required None None Partial
User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values.
6636 CVE-2005-1791 2005-05-28 2016-10-18
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE.
6637 CVE-2005-1790 399 DoS Exec Code Mem. Corr. 2005-06-01 2021-07-23
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."
6638 CVE-2005-1778 79 XSS 2005-05-31 2016-11-25
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter.
6639 CVE-2005-1774 2005-05-31 2016-10-18
2.1
None Local Low Not required None Partial None
WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Unix permissions, which allows local users to write arbitrary files on a davfs2 mounted filesystem.
6640 CVE-2005-1767 DoS 2005-08-05 2017-10-11
2.1
None Local Low Not required None None Partial
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).
6641 CVE-2005-1765 DoS 2005-05-31 2018-10-03
2.1
None Local Low Not required None None Partial
syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when running in 32-bit compatibility mode, allows local users to cause a denial of service (kernel hang) via crafted arguments.
6642 CVE-2005-1764 DoS 2005-10-07 2017-07-11
2.1
None Local Low Not required None None Partial
Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard page for the 47-bit address page to protect against an AMD K8 bug, which allows local users to cause a denial of service.
6643 CVE-2005-1762 DoS 2005-08-02 2018-10-19
2.1
None Local Low Not required None None Partial
The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address.
6644 CVE-2005-1761 20 DoS 2005-08-05 2018-10-19
2.1
None Local Low Not required None None Partial
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.
6645 CVE-2005-1725 2005-06-08 2016-10-18
2.1
None Local Low Not required None Partial None
launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.
6646 CVE-2005-1720 2005-06-16 2008-09-05
2.1
None Local Low Not required None Partial None
AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL.
6647 CVE-2005-1696 XSS 2005-05-24 2016-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module.
6648 CVE-2005-1695 XSS 2005-05-24 2016-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php.
6649 CVE-2005-1686 DoS 2005-05-20 2018-10-03
2.6
None Remote High Not required None None Partial
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
6650 CVE-2005-1683 DoS Exec Code Overflow 2005-05-20 2016-10-18
2.6
None Remote High Not required None None Partial
Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.