Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1128 | 1 Progress | 1 Progress | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. | |||||
| CVE-2001-0519 | 1 Aladdin Knowledge Systems | 1 Esafe Gateway | 2017-12-19 | 7.5 HIGH | N/A |
| Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags. | |||||
| CVE-2001-0524 | 1 Eeye Digital Security | 1 Securells | 2017-12-19 | 7.5 HIGH | N/A |
| eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier. | |||||
| CVE-2000-1009 | 2 Redhat, Trustix | 2 Linux, Secure Linux | 2017-12-19 | 7.2 HIGH | N/A |
| dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program. | |||||
| CVE-2000-0971 | 1 Avirt | 1 Avirt Mail Server | 2017-12-19 | 10.0 HIGH | N/A |
| Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command. | |||||
| CVE-2001-1127 | 1 Progress | 1 Progress | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. | |||||
| CVE-2001-1126 | 1 Symantec | 1 Liveupdate | 2017-12-19 | 5.0 MEDIUM | N/A |
| Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site. | |||||
| CVE-2001-1125 | 1 Symantec | 1 Liveupdate | 2017-12-19 | 7.5 HIGH | N/A |
| Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. | |||||
| CVE-2001-1124 | 1 Hp | 1 Hp-ux | 2017-12-19 | 5.0 MEDIUM | N/A |
| rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow. | |||||
| CVE-2001-1123 | 1 Hp | 1 Openview Network Node Manager | 2017-12-19 | 7.2 HIGH | N/A |
| Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID. | |||||
| CVE-2001-1122 | 1 Microsoft | 1 Windows Nt | 2017-12-19 | 2.1 LOW | N/A |
| Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode. | |||||
| CVE-2001-0557 | 1 T. Hauck | 1 Jana Web Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e). | |||||
| CVE-2001-0561 | 1 Drummond Miles | 1 A1stats | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi. | |||||
| CVE-2001-0562 | 1 Drummond Miles | 1 A1stats | 2017-12-19 | 7.5 HIGH | N/A |
| a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters. | |||||
| CVE-2001-0683 | 1 Netscape | 1 Collabra Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service (memory exhaustion) by repeatedly sending approximately 5K of data to TCP port 5238. | |||||
| CVE-2001-0684 | 1 Netscape | 1 Collabra Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service by sending seven or more characters to TCP port 5239. | |||||
| CVE-2001-1120 | 1 Allaire | 1 Coldfusion Server | 2017-12-19 | 6.4 MEDIUM | N/A |
| Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates. | |||||
| CVE-2001-0702 | 1 Grant Averett | 1 Ceberus Ftp Server | 2017-12-19 | 7.5 HIGH | N/A |
| Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command. | |||||
| CVE-2001-0570 | 1 Minicom | 1 Minicom | 2017-12-19 | 7.2 HIGH | N/A |
| minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks. | |||||
| CVE-2001-1138 | 1 Randy Parker | 1 Power Up Html | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter. | |||||
| CVE-2001-1137 | 1 D-link | 1 Dl-704 | 2017-12-19 | 5.0 MEDIUM | N/A |
| D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments. | |||||
| CVE-2001-0709 | 1 Microsoft | 1 Internet Information Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | |||||
| CVE-2001-0575 | 1 Sco | 1 Openserver | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut. | |||||
| CVE-2001-0577 | 1 Sco | 1 Openserver | 2017-12-19 | 7.2 HIGH | N/A |
| recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument. | |||||
| CVE-2001-0578 | 1 Sco | 1 Openserver | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command. | |||||
| CVE-2001-0579 | 1 Sco | 1 Openserver | 2017-12-19 | 7.5 HIGH | N/A |
| lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command. | |||||
| CVE-2001-0581 | 1 Spytech | 1 Spynet Chat | 2017-12-19 | 5.0 MEDIUM | N/A |
| Spytech Spynet Chat Server 6.5 allows a remote attacker to create a denial of service (crash) via a large number of connections to port 6387. | |||||
| CVE-2001-0582 | 1 Ben Spink | 1 Crushftp Ftp Server | 2017-12-19 | 4.6 MEDIUM | N/A |
| Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR. | |||||
| CVE-2001-0583 | 1 Alt-n | 1 Mdaemon | 2017-12-19 | 5.0 MEDIUM | N/A |
| Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001. | |||||
| CVE-2001-0584 | 1 Alt-n | 1 Mdaemon | 2017-12-19 | 2.1 LOW | N/A |
| IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands. | |||||
| CVE-2001-0587 | 1 Sco | 1 Openserver | 2017-12-19 | 7.2 HIGH | N/A |
| deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command. | |||||
| CVE-2000-1015 | 1 Open Source Development Network | 1 Slashcode | 2017-12-19 | 7.5 HIGH | N/A |
| The default configuration of Slashcode before version 2.0 Alpha has a default administrative password, which allows remote attackers to gain Slashcode privileges and possibly execute arbitrary commands. | |||||
| CVE-2001-0592 | 1 Watchguard | 1 Firebox Ii | 2017-12-19 | 5.0 MEDIUM | N/A |
| Watchguard Firebox II prior to 4.6 allows a remote attacker to create a denial of service in the kernel via a large stream (>10,000) of malformed ICMP or TCP packets. | |||||
| CVE-2001-0597 | 1 Zetetic Enterprises | 1 Strip | 2017-12-19 | 7.2 HIGH | N/A |
| Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'. | |||||
| CVE-2001-0598 | 1 Symantec | 1 Norton Ghost | 2017-12-19 | 5.0 MEDIUM | N/A |
| Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled. | |||||
| CVE-2001-0599 | 1 Sybase | 1 Adaptive Server Anywhere | 2017-12-19 | 5.0 MEDIUM | N/A |
| Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier as included with Symantec Ghost 6.5 allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to port 2638. | |||||
| CVE-2001-0600 | 1 Lotus | 1 Domino R5 Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type. | |||||
| CVE-2001-0609 | 1 Infodrom | 1 Cfingerd | 2017-12-19 | 10.0 HIGH | N/A |
| Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. | |||||
| CVE-2001-0610 | 2 Kde, Suse | 2 Kde, Suse Linux | 2017-12-19 | 4.6 MEDIUM | N/A |
| kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp. | |||||
| CVE-2000-1199 | 1 Postgresql | 1 Postgresql | 2017-12-19 | 4.6 MEDIUM | N/A |
| PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases. | |||||
| CVE-2001-0617 | 1 Alliedtelesyn | 1 At-ar220e | 2017-12-19 | 7.5 HIGH | N/A |
| Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled. | |||||
| CVE-2001-0618 | 1 Lucent | 1 Orinoco Rg-1000 | 2017-12-19 | 7.5 HIGH | N/A |
| Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the 'Network Name' or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic. | |||||
| CVE-2001-1115 | 1 Sixhead | 1 Six-webboard | 2017-12-19 | 5.0 MEDIUM | N/A |
| generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter. | |||||
| CVE-2001-0620 | 1 Iplanet | 1 Calendar Server | 2017-12-19 | 2.1 LOW | N/A |
| iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions. | |||||
| CVE-2000-1202 | 1 Ibm | 1 Http Server Ssl Module Common | 2017-12-19 | 7.2 HIGH | N/A |
| ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class. | |||||
| CVE-2001-0623 | 1 Sendfile | 1 Sendfile | 2017-12-19 | 4.6 MEDIUM | N/A |
| sendfiled, as included with Simple Asynchronous File Transfer (SAFT), on various Linux systems does not properly drop privileges when sending notification emails, which allows local attackers to gain privileges. | |||||
| CVE-2001-1114 | 1 Netcode | 1 Nc Book | 2017-12-19 | 7.5 HIGH | N/A |
| book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter. | |||||
| CVE-2001-1136 | 1 Hp | 1 Hp-ux | 2017-12-19 | 2.1 LOW | N/A |
| The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service. | |||||
| CVE-2001-1112 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters. | |||||
| CVE-2001-1111 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2017-12-19 | 4.6 MEDIUM | N/A |
| EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file. | |||||