CVE & Exploit Intelligence Database

CVE-2004-2331 5.5 MEDIUM EPSS 0.00

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.

CWE-470 Dec 31, 2004

CVE-2004-1901 5.5 MEDIUM EPSS 0.00

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

CWE-59 Dec 31, 2004

CVE-2004-0342 5.5 MEDIUM EPSS 0.00

WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.

CWE-193 Nov 23, 2004

CVE-2004-1603 5.5 MEDIUM EPSS 0.00

cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.

CWE-59 Oct 18, 2004

CVE-2004-1865 4.8 MEDIUM EPSS 0.00

Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability.

CWE-79 Mar 26, 2004

CVE-2003-0981 6.1 MEDIUM EPSS 0.00

FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks.

CWE-346 Jan 05, 2004

CVE-2003-1564 6.5 MEDIUM EPSS 0.01

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."

CWE-776 Dec 31, 2003

CVE-2003-0517 5.5 MEDIUM EPSS 0.00

faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.

CWE-59 Aug 18, 2003

CVE-2002-1682 5.5 MEDIUM EPSS 0.00

NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts.

CWE-326 Dec 31, 2002

CVE-2002-1696 5.5 MEDIUM EPSS 0.00

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.

CWE-312 Dec 31, 2002

CVE-2002-1713 5.5 MEDIUM EPSS 0.00

The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.

CWE-276 Dec 31, 2002

CVE-2002-1739 5.5 MEDIUM EPSS 0.00

Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords.

CWE-326 Dec 31, 2002

CVE-2002-1915 5.5 MEDIUM EPSS 0.00

tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.

CWE-667 Dec 31, 2002

CVE-2002-1946 5.5 MEDIUM EPSS 0.00

Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password.

CWE-326 Dec 31, 2002

CVE-2002-1975 5.5 MEDIUM EPSS 0.00

Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.

CWE-326 Dec 31, 2002

CVE-2002-2024 5.3 MEDIUM EPSS 0.00

Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for (1) poppassd.php3, (2) login.php3?reason=chpass2, (3) spelling.php3, and (4) ldap.search.php3?ldap_serv=nonsense which leaks the information in error messages.

CWE-219 Dec 31, 2002

CVE-2002-1914 5.5 MEDIUM EPSS 0.00

dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.

CWE-667 Dec 31, 2002

CVE-2002-0725 5.5 MEDIUM EPSS 0.01

NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.

CWE-59 Sep 05, 2002

CVE-2002-0788 5.5 MEDIUM EPSS 0.00

An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.

CWE-459 Aug 12, 2002

CVE-2002-0793 5.5 MEDIUM 3 PoCs Analysis EPSS 0.00

Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.

CWE-59 Aug 12, 2002