Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2002-12-31 CVE-2002-1946 Inadequate Encryption Strength vulnerability in Tata Integrated Dialer 1.2.000
Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users to obtain and decrypt the password.
local
low complexity
tata CWE-326
5.5
2002-12-31 CVE-2002-1915 Improper Locking vulnerability in multiple products
tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
local
low complexity
openbsd netbsd freebsd CWE-667
5.5
2002-12-31 CVE-2002-1914 Improper Locking vulnerability in Dump Project Dump 0.4
dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.
local
low complexity
dump-project CWE-667
5.5
2002-12-31 CVE-2002-1739 Inadequate Encryption Strength vulnerability in Mdaemon 5.0/5.0.6
Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption algorithm to store user passwords, which allows local users to crack passwords.
local
low complexity
mdaemon CWE-326
5.5
2002-12-31 CVE-2002-1713 Incorrect Default Permissions vulnerability in Mandrakesoft Mandrake Linux 8.2
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
local
low complexity
mandrakesoft CWE-276
5.5
2002-12-31 CVE-2002-1696 Cleartext Storage of Sensitive Information vulnerability in PGP Personal Privacy 7.0/7.0.3/7.0.4
Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Always use Secure Viewer when decrypting" option is not checked, and the user replies to an encrypted message.
local
low complexity
pgp CWE-312
5.5
2002-12-31 CVE-2002-1682 Inadequate Encryption Strength vulnerability in Daansystems Newsreactor 1.0
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts.
local
low complexity
daansystems CWE-326
5.5
2002-09-05 CVE-2002-0725 Link Following vulnerability in Microsoft Windows 2000 and Windows NT
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
local
low complexity
microsoft CWE-59
5.5
2002-08-12 CVE-2002-0793 Link Following vulnerability in Blackberry QNX Neutrino Real-Time Operating System 4.25
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
local
low complexity
blackberry CWE-59
5.5
2002-08-12 CVE-2002-0788 Incomplete Cleanup vulnerability in PGP Corporate Desktop, Freeware and Personal Security
An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.
local
low complexity
pgp CWE-459
5.5