CVE & Exploit Intelligence Database

CVE-2005-2456 5.5 MEDIUM EPSS 0.00

Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.

CWE-667 Aug 04, 2005

CVE-2005-2293 5.5 MEDIUM EPSS 0.00

Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.

CWE-459 Jul 18, 2005

CVE-2005-2209 5.5 MEDIUM EPSS 0.00

Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.

CWE-312 Jul 11, 2005

CVE-2005-1916 5.5 MEDIUM EPSS 0.00

linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

CWE-59 Jul 06, 2005

CVE-2005-2059 6.5 MEDIUM EPSS 0.00

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.

CWE-352 Jun 29, 2005

CVE-2005-1876 4.5 MEDIUM EPSS 0.01

Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.

CWE-94 Jun 09, 2005

CVE-2005-1879 5.5 MEDIUM EPSS 0.00

LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.

CWE-59 Jun 09, 2005

CVE-2005-1947 4.3 MEDIUM EPSS 0.01

Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.

CWE-352 Jun 09, 2005

CVE-2005-1880 5.5 MEDIUM EPSS 0.00

everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.

CWE-59 Jun 06, 2005

CVE-2005-1688 5.3 MEDIUM EPSS 0.01

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.

CWE-425 May 20, 2005

CVE-2005-1674 6.5 MEDIUM 1 PoC Analysis EPSS 0.01

Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.

CWE-352 May 19, 2005

CVE-2005-0369 5.3 MEDIUM 1 PoC Analysis EPSS 0.07

Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier allows remote attackers to cause a denial of service (application crash) via a packet with a large (1) descriptor ID or (2) claim_id, which exceeds the boundaries of an array.

CWE-129 May 02, 2005

CVE-2005-0824 5.5 MEDIUM EPSS 0.00

The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.

CWE-59 May 02, 2005

CVE-2005-1111 4.7 MEDIUM EPSS 0.00

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

CWE-367 May 02, 2005

CVE-2005-0587 6.5 MEDIUM EPSS 0.01

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.

CWE-59 Mar 25, 2005

CVE-2005-0109 5.6 MEDIUM EPSS 0.00

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

Mar 05, 2005

CVE-2005-0406 5.5 MEDIUM EPSS 0.00

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

CWE-212 Feb 14, 2005

CVE-2004-1464 5.9 MEDIUM KEV EPSS 0.02

Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.

CWE-400 Dec 31, 2004

CVE-2004-1995 6.5 MEDIUM 1 PoC Analysis EPSS 0.05

Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.

CWE-352 Dec 31, 2004

CVE-2004-2257 5.3 MEDIUM EPSS 0.01

phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.

CWE-425 Dec 31, 2004