CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2005-1066 2005-05-02 2008-09-05
1.2
None Local High Not required None Partial None
Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack.
1052 CVE-2005-0937 2005-02-22 2018-10-19
1.2
None Local High Not required None None Partial
Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions.
1053 CVE-2005-0448 2005-05-02 2018-10-03
1.2
None Local High Not required None Partial None
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
1054 CVE-2004-2713 264 DoS 2004-12-31 2017-07-29
1.9
None Local Medium Not required None None Partial
** DISPUTED ** Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a protected file.
1055 CVE-2004-2657 2004-12-31 2018-10-19
1.7
None Local Low ??? Partial None None
** DISPUTED ** Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision."
1056 CVE-2004-2648 DoS 2004-12-31 2017-07-20
1.0
None Local High ??? None None Partial
FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file.
1057 CVE-2004-2473 59 2004-12-31 2017-07-11
1.2
None Local High Not required None Partial None
wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
1058 CVE-2004-2231 2004-12-31 2017-07-11
1.2
None Local High Not required None Partial None
Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files.
1059 CVE-2004-1191 2005-01-10 2017-07-11
1.2
None Local High Not required Partial None None
Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages."
1060 CVE-2004-1069 DoS 2005-01-10 2017-07-11
1.2
None Local High Not required None None Partial
Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function.
1061 CVE-2004-1058 2005-01-10 2018-10-03
1.2
None Local High Not required Partial None None
Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.
1062 CVE-2004-0880 2005-01-27 2017-07-11
1.2
None Local High Not required None Partial None
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
1063 CVE-2004-0814 DoS 2004-12-23 2017-10-11
1.2
None Local High Not required None None Partial
Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6.x before 2.6.9, allow (1) local users to obtain portions of kernel data via a TIOCSETD ioctl call to a terminal interface that is being accessed by another thread, or (2) remote attackers to cause a denial of service (panic) by switching from console to PPP line discipline, then quickly sending data that is received during the switch.
1064 CVE-2004-0404 2004-07-07 2017-07-11
1.2
None Local High Not required None Partial None
logcheck before 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary directory in /var/tmp.
1065 CVE-2003-1588 255 +Info 2010-02-08 2017-08-17
1.9
None Local Medium Not required Partial None None
Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file.
1066 CVE-2003-1447 310 2003-12-31 2017-07-29
1.9
None Local Medium Not required Partial None None
IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.
1067 CVE-2003-1399 +Info 2003-12-31 2017-07-29
1.9
None Local Medium Not required Partial None None
eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.
1068 CVE-2003-1080 2003-02-11 2018-10-30
1.2
None Local High Not required Partial None None
Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users.
1069 CVE-2003-1073 2003-12-31 2018-10-30
1.2
None Local High Not required None Partial None
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
1070 CVE-2003-1061 DoS 2003-10-14 2018-10-30
1.2
None Local High Not required None None Partial
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
1071 CVE-2003-0986 DoS 2003-12-31 2017-10-11
1.7
None Local Low ??? None None Partial
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.
1072 CVE-2003-0669 DoS 2003-08-27 2018-10-30
1.2
None Local High Not required None None Partial
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
1073 CVE-2003-0462 DoS 2003-08-27 2017-10-11
1.2
None Local High Not required None None Partial
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
1074 CVE-2003-0438 2003-07-24 2008-09-05
1.2
None Local High Not required None Partial None
eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
1075 CVE-2003-0120 2003-03-07 2008-09-05
1.2
None Local High Not required None Partial None
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.
1076 CVE-2003-0086 2003-03-31 2018-10-19
1.2
None Local High Not required None Partial None
The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.
1077 CVE-2002-2283 264 2002-12-31 2017-08-17
1.9
None Local Medium Not required Partial None None
Microsoft Windows XP with Fast User Switching (FUS) enabled does not remove the "show processes from all users" privilege when the user is removed from the administrator group, which allows that user to view processes of other users.
1078 CVE-2002-2001 2002-12-31 2008-09-10
1.2
None Local High Not required None Partial None
jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
1079 CVE-2002-1785 XSS 2002-12-31 2008-09-05
1.9
None Local Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.
1080 CVE-2002-1674 DoS 2002-12-31 2017-07-11
1.2
None Local High Not required None None Partial
procfs on FreeBSD before 4.5 allows local users to cause a denial of service (kernel panic) by removing a file that the fstatfs function refers to.
1081 CVE-2002-1563 DoS 2003-05-12 2016-10-18
1.2
None Local High Not required None None Partial
stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter.
1082 CVE-2002-1508 2003-02-19 2008-09-10
1.2
None Local High Not required None Partial None
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.
1083 CVE-2002-0760 2002-08-12 2008-09-05
1.2
None Local High Not required Partial None None
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
1084 CVE-2002-0435 2002-07-26 2008-09-05
1.2
None Local High Not required None Partial None
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
1085 CVE-2002-0415 Dir. Trav. 2002-08-12 2008-09-05
1.7
None Local Low ??? Partial None None
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
1086 CVE-2002-0296 2002-05-31 2017-07-11
1.2
None Local High Not required None Partial None
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
1087 CVE-2002-0271 2002-05-29 2016-10-18
1.2
None Local High Not required None Partial None
Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.
1088 CVE-2002-0141 2002-03-25 2008-11-04
1.2
None Local High Not required None Partial None
Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file.
1089 CVE-2001-1346 2001-05-18 2021-04-07
1.2
None Local High Not required None Partial None
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
1090 CVE-2001-1333 2001-05-10 2008-09-05
1.2
None Local High Not required None Partial None
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
1091 CVE-2001-1331 2001-05-03 2008-09-10
1.2
None Local High Not required None Partial None
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
1092 CVE-2001-1301 2001-08-07 2008-09-05
1.2
None Local High Not required None Partial None
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
1093 CVE-2001-1276 2001-06-21 2016-10-18
1.2
None Local High Not required None Partial None
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.
1094 CVE-2001-1256 2001-06-11 2017-12-19
1.2
None Local High Not required None Partial None
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
1095 CVE-2001-1146 2001-07-11 2017-10-10
1.2
None Local High Not required None Partial None
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.
1096 CVE-2001-1047 DoS 2001-06-02 2017-12-19
1.2
None Local High Not required None None Partial
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
1097 CVE-2001-0887 2002-01-15 2017-10-10
1.2
None Local High Not required None Partial None
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.
1098 CVE-2001-0222 2001-03-26 2017-10-10
1.2
None Local High Not required None Partial None
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
1099 CVE-2001-0143 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
1100 CVE-2001-0142 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
Total number of vulnerabilities : 1121   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.