Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0954 | 1 Evolvable Corporation | 1 Shambala Server | 2017-12-19 | 10.0 HIGH | N/A |
| Shambala Server 4.5 stores passwords in plaintext, which could allow local users to obtain the passwords and compromise the server. | |||||
| CVE-2001-0868 | 1 Redhat | 1 Stronghold | 2017-12-19 | 5.0 MEDIUM | N/A |
| Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status. | |||||
| CVE-2001-0999 | 1 Microsoft | 1 Outlook Express | 2017-12-19 | 7.5 HIGH | N/A |
| Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. | |||||
| CVE-2000-0955 | 1 Cisco | 1 Virtual Central Office 4000 | 2017-12-19 | 7.5 HIGH | N/A |
| Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges. | |||||
| CVE-2001-0065 | 1 Max-wilhelm Bruker | 1 Bftpd | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command. | |||||
| CVE-2001-0997 | 1 Textor Webmasters Ltd. | 1 Listrec.pl | 2017-12-19 | 7.5 HIGH | N/A |
| Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter. | |||||
| CVE-2001-0996 | 1 Pop3lite | 1 Pop3lite | 2017-12-19 | 6.4 MEDIUM | N/A |
| POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly. | |||||
| CVE-2001-0067 | 1 Judd Montgomery | 1 Jpilot | 2017-12-19 | 2.1 LOW | N/A |
| The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set. | |||||
| CVE-2001-0994 | 1 Marconi | 1 Forethought | 2017-12-19 | 5.0 MEDIUM | N/A |
| Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents others from logging into the device. | |||||
| CVE-2001-0070 | 1 Upland Solutions | 1 1st Up Mail Server | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long MAIL FROM command. | |||||
| CVE-2001-0908 | 1 Citrix | 1 Metaframe | 2017-12-19 | 7.5 HIGH | N/A |
| CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT). | |||||
| CVE-2001-0910 | 1 Emc | 1 Networker | 2017-12-19 | 7.5 HIGH | N/A |
| Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup. | |||||
| CVE-2001-0911 | 2 Francisco Burzi, Postnuke Software Foundation | 2 Php-nuke, Postnuke | 2017-12-19 | 7.5 HIGH | N/A |
| PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. | |||||
| CVE-2001-0992 | 1 Kabotie Software Technologies | 1 Shopplus Cart | 2017-12-19 | 7.5 HIGH | N/A |
| shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter. | |||||
| CVE-2001-0991 | 1 Scott R. Lemmon | 1 Proxomitron Naoko-4 | 2017-12-19 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message. | |||||
| CVE-2001-0990 | 1 Inter7 | 1 Vpopmail | 2017-12-19 | 4.6 MEDIUM | N/A |
| Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library. | |||||
| CVE-2001-0988 | 1 Knox Software | 1 Arkeia | 2017-12-19 | 7.2 HIGH | N/A |
| Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information. | |||||
| CVE-2001-0076 | 1 Ikonboard.com | 1 Ikonboard | 2017-12-19 | 10.0 HIGH | N/A |
| register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed. | |||||
| CVE-2001-0922 | 1 Sun | 1 Netdynamics | 2017-12-19 | 7.5 HIGH | N/A |
| ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in. | |||||
| CVE-2001-0949 | 1 Valicert | 1 Enterprise Validation Authority | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length. | |||||
| CVE-2001-0950 | 1 Valicert | 1 Enterprise Validation Authority | 2017-12-19 | 7.5 HIGH | N/A |
| ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing. | |||||
| CVE-2001-0923 | 1 Redhat | 1 Redhat Package Manager | 2017-12-19 | 7.2 HIGH | N/A |
| RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried. | |||||
| CVE-2001-0924 | 1 Ibm | 1 Informix Web Datablade | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter. | |||||
| CVE-2001-0926 | 1 Macromedia | 1 Jrun | 2017-12-19 | 5.0 MEDIUM | N/A |
| SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement. | |||||
| CVE-2001-0986 | 1 Microsoft | 1 Index Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. | |||||
| CVE-2001-0985 | 1 Hassan Consulting | 1 Shopping Cart | 2017-12-19 | 7.5 HIGH | N/A |
| shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter. | |||||
| CVE-2001-0975 | 1 Oracle | 1 Internet Directory | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2001-0931 | 1 Cooolsoft | 1 Powerftp | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET. | |||||
| CVE-2001-0932 | 1 Cooolsoft | 1 Powerftp | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command. | |||||
| CVE-2001-0974 | 1 Oracle | 1 Internet Directory | 2017-12-19 | 7.5 HIGH | N/A |
| Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2001-0979 | 1 Hp | 1 Hp-ux | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument. | |||||
| CVE-2001-0964 | 1 Valve Software | 1 Half-life | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command. | |||||
| CVE-2001-0958 | 1 Trend Micro | 2 Interscan Emanager, Interscan Viruswall | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll. | |||||
| CVE-2000-0906 | 1 Moreover.com | 1 Cached Feed.cgi Script | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters. | |||||
| CVE-2001-0956 | 1 Speechio | 1 Speechd | 2017-12-19 | 7.2 HIGH | N/A |
| speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2001-0955 | 1 Xfree86 Project | 1 X11r6 | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title. | |||||
| CVE-2001-0953 | 1 Nara Vision | 1 Kebi Community | 2017-12-19 | 10.0 HIGH | N/A |
| Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root. | |||||
| CVE-2001-0952 | 1 Volition | 1 Red Faction | 2017-12-19 | 5.0 MEDIUM | N/A |
| THQ Volition Red Faction Game allows remote attackers to cause a denial of service (hang) of a client or server via packets to UDP port 7755. | |||||
| CVE-2001-0948 | 1 Valicert | 1 Enterprise Validation Authority | 2017-12-19 | 7.5 HIGH | N/A |
| Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed. | |||||
| CVE-2001-0947 | 1 Valicert | 1 Enterprise Validation Authority | 2017-12-19 | 7.5 HIGH | N/A |
| Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path. | |||||
| CVE-2001-0086 | 1 Cgi Script Center | 1 Subscribe Me Lite | 2017-12-19 | 5.0 MEDIUM | N/A |
| CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter. | |||||
| CVE-2001-0087 | 1 Michael Glickman | 1 Itetris | 2017-12-19 | 7.2 HIGH | N/A |
| itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program. | |||||
| CVE-2001-0088 | 1 Jason Hines | 1 Phpweblog | 2017-12-19 | 7.5 HIGH | N/A |
| common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog. | |||||
| CVE-2001-0097 | 1 Infinite | 1 Infinite Interchange | 2017-12-19 | 5.0 MEDIUM | N/A |
| The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request. | |||||
| CVE-2001-0098 | 1 Bea | 1 Weblogic Server | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. | |||||
| CVE-2001-0101 | 1 Fetchmail | 1 Fetchmail | 2017-12-19 | 10.0 HIGH | N/A |
| Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command. | |||||
| CVE-2001-0104 | 1 Alt-n | 1 Mdaemon | 2017-12-19 | 7.2 HIGH | N/A |
| MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key. | |||||
| CVE-2000-1048 | 1 Qbik | 1 Wingate | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL. | |||||
| CVE-2000-1053 | 1 Macromedia | 1 Jrun | 2017-12-19 | 10.0 HIGH | N/A |
| Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. | |||||
| CVE-2000-1186 | 1 Phf | 1 Phf | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header. | |||||