CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 1 and 1.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1151 CVE-2002-1508 2003-02-19 2008-09-10
1.2
None Local High Not required None Partial None
slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users to overwrite arbitrary files via a race condition during the creation of a log file for rejected replication requests.
1152 CVE-2002-0760 2002-08-12 2008-09-05
1.2
None Local High Not required Partial None None
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
1153 CVE-2002-0435 2002-07-26 2008-09-05
1.2
None Local High Not required None Partial None
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
1154 CVE-2002-0415 Dir. Trav. 2002-08-12 2008-09-05
1.7
None Local Low ??? Partial None None
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
1155 CVE-2002-0296 2002-05-31 2017-07-11
1.2
None Local High Not required None Partial None
The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.
1156 CVE-2002-0271 2002-05-29 2016-10-18
1.2
None Local High Not required None Partial None
Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.
1157 CVE-2002-0141 2002-03-25 2008-11-04
1.2
None Local High Not required None Partial None
Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file.
1158 CVE-2001-1346 2001-05-18 2021-04-07
1.2
None Local High Not required None Partial None
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
1159 CVE-2001-1333 2001-05-10 2008-09-05
1.2
None Local High Not required None Partial None
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
1160 CVE-2001-1331 2001-05-03 2008-09-10
1.2
None Local High Not required None Partial None
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
1161 CVE-2001-1301 2001-08-07 2008-09-05
1.2
None Local High Not required None Partial None
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
1162 CVE-2001-1276 2001-06-21 2016-10-18
1.2
None Local High Not required None Partial None
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.
1163 CVE-2001-1256 2001-06-11 2017-12-19
1.2
None Local High Not required None Partial None
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
1164 CVE-2001-1146 2001-07-11 2017-10-10
1.2
None Local High Not required None Partial None
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.
1165 CVE-2001-1047 DoS 2001-06-02 2017-12-19
1.2
None Local High Not required None None Partial
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
1166 CVE-2001-0887 2002-01-15 2017-10-10
1.2
None Local High Not required None Partial None
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.
1167 CVE-2001-0222 2001-03-26 2017-10-10
1.2
None Local High Not required None Partial None
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
1168 CVE-2001-0143 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
1169 CVE-2001-0142 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
1170 CVE-2001-0141 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
1171 CVE-2001-0140 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
1172 CVE-2001-0139 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
1173 CVE-2001-0138 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
1174 CVE-2001-0132 2001-03-12 2008-09-05
1.2
None Local High Not required None Partial None
Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack.
1175 CVE-2001-0125 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.
1176 CVE-2001-0120 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.
1177 CVE-2001-0119 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.
1178 CVE-2001-0118 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.
1179 CVE-2001-0117 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.
1180 CVE-2001-0116 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.
1181 CVE-2001-0109 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file.
1182 CVE-2001-0095 2001-02-12 2018-10-30
1.2
None Local High Not required None Partial None
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file.
1183 CVE-2001-0036 2001-02-16 2017-10-10
1.2
None Local High Not required None Partial None
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.
1184 CVE-2000-1045 DoS 2000-12-11 2017-10-10
1.2
None Local High Not required None None Partial
nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.
1185 CVE-2000-0959 2000-12-19 2017-10-10
1.2
None Local High Not required None Partial None
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
1186 CVE-2000-0890 2001-02-16 2018-05-03
1.2
None Local High Not required None Partial None
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.
1187 CVE-2000-0723 2000-10-20 2008-09-05
1.2
None Local High Not required None None Partial
Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config.
1188 CVE-2000-0718 2000-10-20 2008-09-05
1.2
None Local High Not required None Partial None
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
1189 CVE-2000-0371 1999-03-01 2008-09-10
1.2
None Local High Not required None Partial None
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.
1190 CVE-2000-0224 +Priv 2000-02-15 2008-09-10
1.2
None Local High Not required None Partial None
ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.
1191 CVE-2000-0210 2000-02-21 2008-09-10
1.2
None Local High Not required None Partial None
The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.
1192 CVE-2000-0154 2000-02-16 2008-09-10
1.2
None Local High Not required None Partial None
The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.
1193 CVE-1999-1486 1998-02-25 2017-10-10
1.2
None Local High Not required None Partial None
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
1194 CVE-1999-1480 1998-06-11 2008-09-05
1.2
None Local High Not required None Partial None
(1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack.
1195 CVE-1999-1042 1999-12-31 2008-09-05
1.2
None Local High Not required Partial None None
Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community strings.
1196 CVE-1999-0475 1999-04-05 2008-09-09
1.2
None Local High Not required Partial None None
A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail.
1197 CVE-1999-0371 1999-02-11 2008-09-09
1.2
None Local High Not required Partial None None
Lynx allows a local user to overwrite sensitive files through /tmp symlinks.
1198 CVE-1999-0078 Exec Code 1996-04-18 2018-10-30
1.9
None Local Medium Not required Partial None None
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
Total number of vulnerabilities : 1193   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.