Exploit Intelligence Platform

CVE-2005-1880 5.5 MEDIUM EPSS 0.00

everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.

CWE-59 Jun 06, 2005

CVE-2005-1688 5.3 MEDIUM EPSS 0.01

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.

CWE-425 May 20, 2005

CVE-2005-1674 6.5 MEDIUM 1 PoC Analysis EPSS 0.01

Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.

CWE-352 May 19, 2005

CVE-2005-1111 4.7 MEDIUM EPSS 0.00

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

CWE-367 May 02, 2005

CVE-2005-0369 5.3 MEDIUM 1 PoC Analysis EPSS 0.07

Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier allows remote attackers to cause a denial of service (application crash) via a packet with a large (1) descriptor ID or (2) claim_id, which exceeds the boundaries of an array.

CWE-129 May 02, 2005

CVE-2005-0824 5.5 MEDIUM EPSS 0.00

The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.

CWE-59 May 02, 2005

CVE-2005-0587 6.5 MEDIUM EPSS 0.01

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to overwrite arbitrary files by tricking the user into downloading a .LNK (link) file twice, which overwrites the file that was referenced in the first .LNK file.

CWE-59 Mar 25, 2005

CVE-2005-0109 5.6 MEDIUM EPSS 0.00

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

Mar 05, 2005

CVE-2005-0406 5.5 MEDIUM EPSS 0.00

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.

CWE-212 Feb 14, 2005

CVE-2004-1464 5.9 MEDIUM KEV EPSS 0.02

Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.

CWE-400 Dec 31, 2004

CVE-2004-2257 5.3 MEDIUM EPSS 0.01

phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.

CWE-425 Dec 31, 2004

CVE-2004-2331 5.5 MEDIUM EPSS 0.00

ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.

CWE-470 Dec 31, 2004

CVE-2004-1901 5.5 MEDIUM EPSS 0.00

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

CWE-59 Dec 31, 2004

CVE-2004-1995 6.5 MEDIUM 1 PoC Analysis EPSS 0.05

Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.

CWE-352 Dec 31, 2004

CVE-2004-0342 5.5 MEDIUM EPSS 0.00

WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.

CWE-193 Nov 23, 2004

CVE-2004-1603 5.5 MEDIUM EPSS 0.00

cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.

CWE-59 Oct 18, 2004

CVE-2004-1865 4.8 MEDIUM EPSS 0.00

Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability.

CWE-79 Mar 26, 2004

CVE-2003-0981 6.1 MEDIUM EPSS 0.00

FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks.

CWE-346 Jan 05, 2004

CVE-2003-1564 6.5 MEDIUM EPSS 0.01

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."

CWE-776 Dec 31, 2003

CVE-2003-0517 5.5 MEDIUM EPSS 0.00

faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.

CWE-59 Aug 18, 2003