Vulnerabilities > Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-13 | CVE-2007-1741 | Race Condition vulnerability in Apache Http Server 2.2.3 Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. | 6.2 |
| 2007-03-03 | CVE-2007-1249 | Race Condition vulnerability in Contelligent C1 Financial Services 9.1.4 MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 does not check "the additional environment security configuration," which allows remote attackers with write permissions to reorder components. | 6.8 |
| 2007-01-08 | CVE-2007-0099 | Race Condition vulnerability in Microsoft Internet Explorer and XML Core Services Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability." | 9.3 |
| 2006-12-04 | CVE-2006-6275 | Race Condition vulnerability in SUN Solaris and Sunos Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals. | 4.7 |
| 2006-10-10 | CVE-2006-5178 | Race Condition vulnerability in PHP Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. | 6.2 |
| 2006-09-14 | CVE-2006-4801 | Race Condition vulnerability in Roxio Toast 7 Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges. | 6.2 |
| 2006-04-29 | CVE-2006-2094 | Race Condition vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. | 5.1 |
| 2006-04-25 | CVE-2006-1057 | Race Condition vulnerability in Gnome GDM 2.14 Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. | 3.7 |
| 2005-12-31 | CVE-2005-3240 | Race Condition vulnerability in Microsoft IE and Internet Explorer Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window. | 5.1 |
| 2004-12-31 | CVE-2004-2698 | Race Condition vulnerability in Imwheel Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file. | 6.9 |