CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2001-1346 2001-05-18 2021-04-07
1.2
None Local High Not required None Partial None
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
1052 CVE-2002-0141 2002-03-25 2008-11-04
1.2
None Local High Not required None Partial None
Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file.
1053 CVE-2002-0271 2002-05-29 2016-10-18
1.2
None Local High Not required None Partial None
Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.
1054 CVE-2002-0296 2002-05-31 2017-07-11
1.2
None Local High Not required None Partial None
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
1055 CVE-2002-0435 2002-07-26 2008-09-05
1.2
None Local High Not required None Partial None
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
1056 CVE-2002-0760 2002-08-12 2008-09-05
1.2
None Local High Not required Partial None None
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
1057 CVE-2002-1508 2003-02-19 2008-09-10
1.2
None Local High Not required None Partial None
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.
1058 CVE-2002-1563 DoS 2003-05-12 2016-10-18
1.2
None Local High Not required None None Partial
stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter.
1059 CVE-2002-1674 DoS 2002-12-31 2017-07-11
1.2
None Local High Not required None None Partial
procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to.
1060 CVE-2002-2001 2002-12-31 2008-09-10
1.2
None Local High Not required None Partial None
jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
1061 CVE-2003-0086 2003-03-31 2018-10-19
1.2
None Local High Not required None Partial None
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
1062 CVE-2003-0120 2003-03-07 2008-09-05
1.2
None Local High Not required None Partial None
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.
1063 CVE-2003-0438 2003-07-24 2008-09-05
1.2
None Local High Not required None Partial None
eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
1064 CVE-2003-0462 DoS 2003-08-27 2017-10-11
1.2
None Local High Not required None None Partial
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
1065 CVE-2003-0669 DoS 2003-08-27 2018-10-30
1.2
None Local High Not required None None Partial
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
1066 CVE-2003-1061 DoS 2003-10-14 2018-10-30
1.2
None Local High Not required None None Partial
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
1067 CVE-2003-1073 2003-12-31 2018-10-30
1.2
None Local High Not required None Partial None
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
1068 CVE-2003-1080 2003-02-11 2018-10-30
1.2
None Local High Not required Partial None None
Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.
1069 CVE-2004-0404 2004-07-07 2017-07-11
1.2
None Local High Not required None Partial None
logcheck before 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary directory in /var/tmp.
1070 CVE-2004-0814 DoS 2004-12-23 2017-10-11
1.2
None Local High Not required None None Partial
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.
1071 CVE-2004-0880 2005-01-27 2017-07-11
1.2
None Local High Not required None Partial None
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
1072 CVE-2004-1058 2005-01-10 2018-10-03
1.2
None Local High Not required Partial None None
Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.
1073 CVE-2004-1069 DoS 2005-01-10 2017-07-11
1.2
None Local High Not required None None Partial
Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function.
1074 CVE-2004-1191 2005-01-10 2017-07-11
1.2
None Local High Not required Partial None None
Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages."
1075 CVE-2004-2231 2004-12-31 2017-07-11
1.2
None Local High Not required None Partial None
Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files.
1076 CVE-2004-2473 59 2004-12-31 2017-07-11
1.2
None Local High Not required None Partial None
wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
1077 CVE-2005-0448 2005-05-02 2018-10-03
1.2
None Local High Not required None Partial None
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
1078 CVE-2005-0937 2005-02-22 2018-10-19
1.2
None Local High Not required None None Partial
Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions.
1079 CVE-2005-1066 2005-05-02 2008-09-05
1.2
None Local High Not required None Partial None
Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack.
1080 CVE-2005-1176 +Info 2005-05-02 2017-07-11
1.2
None Local High Not required Partial None None
Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.
1081 CVE-2005-1286 2005-05-02 2016-10-18
1.2
None Local High Not required None None Partial
Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process.
1082 CVE-2005-1368 DoS 2005-05-02 2018-10-19
1.2
None Local High Not required None None Partial
The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow attackers to cause a denial of service (oops) via SMP.
1083 CVE-2005-1396 2005-05-03 2018-08-13
1.2
None Local High Not required None Partial None
Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file.
1084 CVE-2005-1759 2005-06-28 2016-10-18
1.2
None Local High Not required None Partial None
Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751.
1085 CVE-2005-1878 2005-06-09 2008-09-05
1.2
None Local High Not required None Partial None
GIPTables Firewall 1.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the temp.ip.addresses temporary file.
1086 CVE-2005-2449 2005-08-03 2017-07-11
1.2
None Local High Not required None Partial None
Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp.
1087 CVE-2005-2475 2005-08-05 2017-10-11
1.2
None Local High Not required Partial None None
Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.
1088 CVE-2005-2527 59 2005-12-31 2017-07-11
1.2
None Local High Not required None Partial None
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.
1089 CVE-2005-2666 255 2005-08-23 2017-10-11
1.2
None Local High Not required Partial None None
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
1090 CVE-2005-3011 59 2005-09-21 2018-10-19
1.2
None Local High Not required None Partial None
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
1091 CVE-2005-3106 DoS 2005-09-30 2018-10-19
1.2
None Local High Not required None None Partial
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.
1092 CVE-2005-3274 DoS 2005-10-21 2018-10-19
1.2
None Local High Not required None None Partial
Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired.
1093 CVE-2005-3342 2005-12-31 2011-03-08
1.2
None Local High Not required None Partial None
noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm.
1094 CVE-2005-4660 +Priv 2005-12-31 2008-09-05
1.2
None Local High Not required None Partial None
Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from this backup.
1095 CVE-2005-4761 2005-12-31 2008-09-05
1.2
None Local High Not required Partial None None
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used.
1096 CVE-2006-0050 2006-03-23 2017-07-20
1.2
None Local High Not required None Partial None
snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.
1097 CVE-2006-0591 310 2006-02-08 2018-10-19
1.2
None Local High Not required Partial None None
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
1098 CVE-2006-0741 DoS 2006-03-07 2018-10-03
1.2
None Local High Not required None None Partial
Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address."
1099 CVE-2006-1059 2006-03-30 2018-10-18
1.2
None Local High Not required Partial None None
The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.
1100 CVE-2006-1066 DoS 2006-03-27 2018-10-03
1.2
None Local High Not required None None Partial
Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single steps, which can cause corruption of the DEBUG_STACK stack during the do_debug function call.
Total number of vulnerabilities : 2011   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.