CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2005-1424 +Info 2005-05-03 2017-07-11
2.1
None Local Low Not required Partial None None
StumbleInside GoText 1.01 stores sensitive username, mail address,and phone number information in plaintext in the GoText.bin file, which allows local users to obtain that information.
902 CVE-2005-1472 2005-05-19 2008-09-05
2.1
None Local Low Not required Partial None None
Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories.
903 CVE-2005-1490 2005-05-11 2017-07-11
2.1
None Local Low Not required Partial None None
Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html.
904 CVE-2005-1518 DoS 2005-05-11 2018-10-30
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.
905 CVE-2005-1576 2005-05-12 2008-09-05
2.6
None Remote High Not required None Partial None
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.
906 CVE-2005-1578 2005-05-13 2008-09-05
2.1
None Local Low Not required None Partial None
EnCase Forensic Edition 4.18a does not support Device Configuration Overlays (DCO), which allows attackers to hide information without detection.
907 CVE-2005-1617 2005-05-16 2016-10-18
2.1
None Local Low Not required Partial None None
Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive information.
908 CVE-2005-1627 2005-05-17 2017-07-11
2.1
None Local Low Not required Partial None None
Unknown vulnerability in Viewglob before 2.0.1, related to "a potential security issue with the Viewglob display and ssh X forwarding," has unknown impact.
909 CVE-2005-1641 DoS 2005-05-17 2008-09-05
2.1
None Local Low Not required None None Partial
mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service.
910 CVE-2005-1671 +Info 2005-05-19 2016-10-18
2.1
None Local Low Not required Partial None None
The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users.
911 CVE-2005-1678 2005-05-20 2008-09-05
2.6
None Remote High Not required None Partial None
Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code.
912 CVE-2005-1682 20 2005-05-20 2016-10-18
2.1
None Local Low Not required Partial None None
** DISPUTED ** JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products."
913 CVE-2005-1683 DoS Exec Code Overflow 2005-05-20 2016-10-18
2.6
None Remote High Not required None None Partial
Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
914 CVE-2005-1686 DoS 2005-05-20 2018-10-03
2.6
None Remote High Not required None None Partial
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
915 CVE-2005-1695 XSS 2005-05-24 2016-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php.
916 CVE-2005-1696 XSS 2005-05-24 2016-10-18
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter to config.php in the Multisites (aka NS-Multisites) module.
917 CVE-2005-1720 2005-06-16 2008-09-05
2.1
None Local Low Not required None Partial None
AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL.
918 CVE-2005-1725 2005-06-08 2016-10-18
2.1
None Local Low Not required None Partial None
launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.
919 CVE-2005-1761 20 DoS 2005-08-05 2018-10-19
2.1
None Local Low Not required None None Partial
Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.
920 CVE-2005-1762 DoS 2005-08-02 2018-10-19
2.1
None Local Low Not required None None Partial
The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address.
921 CVE-2005-1764 DoS 2005-10-07 2017-07-11
2.1
None Local Low Not required None None Partial
Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard page for the 47-bit address page to protect against an AMD K8 bug, which allows local users to cause a denial of service.
922 CVE-2005-1765 DoS 2005-05-31 2018-10-03
2.1
None Local Low Not required None None Partial
syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, when running in 32-bit compatibility mode, allows local users to cause a denial of service (kernel hang) via crafted arguments.
923 CVE-2005-1767 DoS 2005-08-05 2017-10-11
2.1
None Local Low Not required None None Partial
traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).
924 CVE-2005-1774 2005-05-31 2016-10-18
2.1
None Local Low Not required None Partial None
WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Unix permissions, which allows local users to write arbitrary files on a davfs2 mounted filesystem.
925 CVE-2005-1778 79 XSS 2005-05-31 2016-11-25
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter.
926 CVE-2005-1790 399 DoS Exec Code Mem. Corr. 2005-06-01 2021-07-23
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects Memory Corruption Vulnerability."
927 CVE-2005-1791 2005-05-28 2016-10-18
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this behavior, then perhaps this issue should not be included in CVE.
928 CVE-2005-1793 DoS 2005-06-01 2008-09-10
2.6
None Remote High Not required None None Partial
User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values.
929 CVE-2005-1801 DoS 2005-05-26 2008-09-10
2.6
None Remote High Not required None None Partial
The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it.
930 CVE-2005-1841 2005-07-07 2008-09-05
2.1
None Local Low Not required Partial None None
The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it.
931 CVE-2005-1842 2005-08-24 2008-09-05
2.1
None Local Low Not required None Partial None
VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack.
932 CVE-2005-1855 +Info 2005-08-30 2008-09-05
2.1
None Local Low Not required Partial None None
Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.
933 CVE-2005-1856 2005-08-30 2008-09-05
2.1
None Local Low Not required None Partial None
The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack.
934 CVE-2005-1858 +Info 2005-06-03 2008-09-05
2.1
None Local Low Not required Partial None None
FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.
935 CVE-2005-1879 2005-06-09 2008-09-05
2.1
None Local Low Not required None Partial None
LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
936 CVE-2005-1880 2005-06-06 2008-09-05
2.1
None Local Low Not required None Partial None
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.
937 CVE-2005-1903 Exec Code Overflow 2005-06-02 2017-07-11
2.1
None Local Low Not required None None Partial
Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to execute arbitrary code via a long CREATE command.
938 CVE-2005-1913 DoS 2005-09-14 2017-07-11
2.1
None Local Low Not required None None Partial
The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a denial of service (kernel panic) via a non group-leader thread executing a different program than was pending in itimer, which causes the signal to be delivered to the old group-leader task, which does not exist.
939 CVE-2005-1914 2005-07-18 2008-09-05
2.1
None Local Low Not required None Partial None
CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.
940 CVE-2005-1915 2005-09-02 2011-03-08
2.1
None Local Low Not required None Partial None
The log4sh_readProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames.
941 CVE-2005-1916 2005-07-06 2016-10-18
2.1
None Local Low Not required None Partial None
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
942 CVE-2005-1917 2005-07-05 2008-09-05
2.1
None Local Low Not required None Partial None
kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file.
943 CVE-2005-1918 22 Dir. Trav. 2005-12-31 2018-10-19
2.6
None Remote High Not required None Partial None
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
944 CVE-2005-1923 DoS 2005-07-05 2008-09-05
2.6
None Remote High Not required None None Partial
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
945 CVE-2005-1932 +Info 2005-07-05 2008-09-05
2.1
None Local Low Not required None Partial None
Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php.
946 CVE-2005-1937 2005-06-14 2017-10-11
2.6
None Remote High Not required None Partial None
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2004-0718.
947 CVE-2005-1944 2005-06-09 2016-10-18
2.1
None Local Low Not required None None Partial
xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp.
948 CVE-2005-1981 DoS 2005-08-10 2019-04-30
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
949 CVE-2005-2032 2005-06-16 2018-10-30
2.1
None Local Low Not required None Partial None
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.
950 CVE-2005-2056 DoS 2005-06-29 2008-11-15
2.6
None Remote High Not required None None Partial
The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.