Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2002-12-31 CVE-2002-1682 Inadequate Encryption Strength vulnerability in Daansystems Newsreactor 1.0
NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts.
local
low complexity
daansystems CWE-326
5.5
2002-09-05 CVE-2002-0725 Link Following vulnerability in Microsoft Windows 2000 and Windows NT
NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local attackers to hide file usage activities via a hard link to the target file, which causes the link to be recorded in the audit trail instead of the target file.
local
low complexity
microsoft CWE-59
5.5
2002-08-12 CVE-2002-0793 Link Following vulnerability in Blackberry QNX Neutrino Real-Time Operating System 4.25
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.
local
low complexity
blackberry CWE-59
5.5
2002-08-12 CVE-2002-0788 Incomplete Cleanup vulnerability in PGP Corporate Desktop, Freeware and Personal Security
An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.
local
low complexity
pgp CWE-459
5.5
2001-12-31 CVE-2001-1559 NULL Pointer Dereference vulnerability in Openbsd 2.9/3.0
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.
local
low complexity
openbsd CWE-476
5.5
2001-12-31 CVE-2001-1494 Link Following vulnerability in multiple products
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
local
low complexity
kernel avaya CWE-59
5.5
2001-08-31 CVE-2000-1198 Improper Locking vulnerability in Qualcomm Qpopper 2.53/3.0
qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.
local
low complexity
qualcomm CWE-667
5.5
2001-08-29 CVE-2001-0682 Improper Locking vulnerability in multiple products
ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.
local
low complexity
zonelabs checkpoint CWE-667
5.5
2001-04-17 CVE-2001-1391 Off-by-one Error vulnerability in Linux Kernel
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.
local
low complexity
linux CWE-193
5.5
2001-01-09 CVE-2000-1178 Link Following vulnerability in Joseph Allen JOE 2.8
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
local
low complexity
joseph-allen CWE-59
5.5