Vulnerabilities > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-02-03 | CVE-2002-0712 | Authorization Circumvention vulnerability in Entrust Authority Security Manager 5.0/6.0 Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations. | 2.1 |
2004-01-10 | CVE-2004-1000 | Unspecified vulnerability in Debian Lintian 1.20.17.1 lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack. | 2.1 |
2003-12-31 | CVE-2003-1476 | Unspecified vulnerability in Cerberus FTP Server 2.1 Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access. | 2.1 |
2003-12-31 | CVE-2003-1463 | Improper Input Validation vulnerability in Alt-N Webadmin 2.0.0/2.0.1/2.0.2 Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. | 3.5 |
2003-12-31 | CVE-2003-1460 | Permissions, Privileges, and Access Controls vulnerability in Ralf Hoffmann Worker Filemanager Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information. | 3.6 |
2003-12-31 | CVE-2003-1452 | Configuration vulnerability in Qualcomm Qpopper Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program. | 3.6 |
2003-12-31 | CVE-2003-1447 | Cryptographic Issues vulnerability in IBM Websphere Application Server 4.0.4 IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML. | 1.9 |
2003-12-31 | CVE-2003-1437 | Unspecified vulnerability in BEA Weblogic Server 7.0/7.0.0.1 BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. | 2.1 |
2003-12-31 | CVE-2003-1426 | Configuration vulnerability in Cpanel 5.0 Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable. | 3.3 |
2003-12-31 | CVE-2003-1399 | Information Disclosure vulnerability in Eject 2.0.10/2.0.11/2.0.12 eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information. local eject | 1.9 |