Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1059 | 1 Vmware | 1 Workstation | 2017-10-10 | 3.6 LOW | N/A |
| VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. | |||||
| CVE-2001-1063 | 1 Caldera | 2 Openunix, Unixware | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument. | |||||
| CVE-2001-1067 | 1 Aol | 1 Aol Server | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header. | |||||
| CVE-2001-1069 | 1 Adobe | 1 Acrobat Reader | 2017-10-10 | 7.2 HIGH | N/A |
| libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior. | |||||
| CVE-2001-1071 | 1 Cisco | 2 Catos, Ios | 2017-10-10 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements. | |||||
| CVE-2001-1072 | 1 Apache | 1 Http Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. | |||||
| CVE-2001-1074 | 1 Webmin | 1 Webmin | 2017-10-10 | 7.2 HIGH | N/A |
| Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. | |||||
| CVE-2001-1075 | 1 Sun | 1 Cobalt Raq 3i | 2017-10-10 | 5.0 MEDIUM | N/A |
| poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file. | |||||
| CVE-2001-1079 | 1 Ibm | 1 Aix | 2017-10-10 | 3.6 LOW | N/A |
| create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service. | |||||
| CVE-2001-1080 | 1 Ibm | 1 Aix | 2017-10-10 | 10.0 HIGH | N/A |
| diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program. | |||||
| CVE-2001-1083 | 1 Icecast | 1 Icecast | 2017-10-10 | 5.0 MEDIUM | N/A |
| Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash). | |||||
| CVE-2001-1084 | 1 Macromedia | 1 Jrun | 2017-10-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. | |||||
| CVE-2001-1085 | 1 Jon Zeeff | 1 Lmail | 2017-10-10 | 3.7 LOW | N/A |
| Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2001-1088 | 1 Microsoft | 2 Outlook, Outlook Express | 2017-10-10 | 7.5 HIGH | N/A |
| Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. | |||||
| CVE-2001-1089 | 2 Alessandro Gardich, Joerg Wendland | 2 Nss Postgresql, Libnss-pgsql | 2017-10-10 | 7.5 HIGH | N/A |
| libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request. | |||||
| CVE-2000-0877 | 1 Ranson Johnson | 1 Mailform | 2017-10-10 | 5.0 MEDIUM | N/A |
| mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker. | |||||
| CVE-1999-1099 | 1 Kth | 1 Kth Kerberos | 2017-10-10 | 5.0 MEDIUM | N/A |
| Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user. | |||||
| CVE-1999-1100 | 1 Cisco | 1 Pix Private Link | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack. | |||||
| CVE-1999-1189 | 1 Netscape | 2 Communicator, Navigator | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file. | |||||
| CVE-2000-0590 | 1 Cgi-world | 1 Poll It | 2017-10-10 | 7.5 HIGH | N/A |
| Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter. | |||||
| CVE-1999-0077 | 1 Microsoft | 1 Windows Nt | 2017-10-10 | 5.0 MEDIUM | N/A |
| Predictable TCP sequence numbers allow spoofing. | |||||
| CVE-1999-0084 | 1 Sun | 1 Nfs | 2017-10-10 | 7.2 HIGH | N/A |
| Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. | |||||
| CVE-2001-0394 | 1 Oreilly | 1 Website Pro | 2017-10-10 | 5.0 MEDIUM | N/A |
| Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory. | |||||
| CVE-2001-0108 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2017-10-10 | 5.0 MEDIUM | N/A |
| PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. | |||||
| CVE-2001-0409 | 1 Vim Development Group | 1 Vim | 2017-10-10 | 2.1 LOW | N/A |
| vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory. | |||||
| CVE-2001-0514 | 3 Atmel, Linksys, Netgear | 3 802.11b Vnet-b Access Point, Wap11, Me102 | 2017-10-10 | 7.5 HIGH | N/A |
| SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network. | |||||
| CVE-1999-0178 | 1 Oreilly | 1 Oreilly Website | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string. | |||||
| CVE-2001-1029 | 2 Freebsd, Openbsd | 2 Freebsd, Openssh | 2017-10-10 | 2.1 LOW | N/A |
| libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. | |||||
| CVE-2001-0615 | 1 Faust Informatics | 1 Freestyle Chat | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'. | |||||
| CVE-2001-1030 | 6 Caldera, Immunix, Mandrakesoft and 3 more | 8 Openlinux Server, Immunix, Mandrake Linux and 5 more | 2017-10-10 | 7.5 HIGH | N/A |
| Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. | |||||
| CVE-1999-0313 | 1 Sgi | 1 Irix | 2017-10-10 | 7.2 HIGH | N/A |
| disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. | |||||
| CVE-1999-0314 | 1 Sgi | 1 Irix | 2017-10-10 | 7.2 HIGH | N/A |
| ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames. | |||||
| CVE-1999-0380 | 1 Seattle Lab Software | 1 Slmail | 2017-10-10 | 4.6 MEDIUM | N/A |
| SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user. | |||||
| CVE-1999-0608 | 1 Pdgsoft | 1 Pdg Shopping Cart | 2017-10-10 | 5.0 MEDIUM | N/A |
| An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. | |||||
| CVE-1999-0681 | 1 Microsoft | 2 Frontpage, Personal Web Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. | |||||
| CVE-1999-1120 | 1 Sgi | 1 Irix | 2017-10-10 | 4.6 MEDIUM | N/A |
| netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges. | |||||
| CVE-1999-0718 | 1 Ibm | 1 Gina | 2017-10-10 | 6.2 MEDIUM | N/A |
| IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. | |||||
| CVE-1999-0756 | 1 Allaire | 1 Coldfusion Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility. | |||||
| CVE-1999-0760 | 1 Allaire | 1 Coldfusion Server | 2017-10-10 | 10.0 HIGH | N/A |
| Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. | |||||
| CVE-1999-0800 | 1 Allaire | 1 Forums | 2017-10-10 | 5.0 MEDIUM | N/A |
| The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm. | |||||
| CVE-1999-0815 | 1 Microsoft | 1 Windows Nt | 2017-10-10 | 5.0 MEDIUM | N/A |
| Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. | |||||
| CVE-1999-0924 | 1 Allaire | 1 Coldfusion Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service. | |||||
| CVE-1999-0968 | 1 James Seter | 1 Bnc Irc | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges. | |||||
| CVE-1999-1021 | 1 Sun | 1 Sunos | 2017-10-10 | 7.2 HIGH | N/A |
| NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade. | |||||
| CVE-1999-1032 | 1 Digital | 1 Ultrix | 2017-10-10 | 10.0 HIGH | N/A |
| Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges. | |||||
| CVE-1999-1034 | 1 Att | 1 Svr4 | 2017-10-10 | 7.2 HIGH | N/A |
| Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges. | |||||
| CVE-1999-1048 | 2 Debian, Redhat | 2 Debian Linux, Linux | 2017-10-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory. | |||||
| CVE-1999-1090 | 1 Ncsa | 1 Telnet | 2017-10-10 | 7.5 HIGH | N/A |
| The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files. | |||||
| CVE-1999-1111 | 1 Immunix | 1 Stackguard | 2017-10-10 | 7.5 HIGH | N/A |
| Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself. | |||||
| CVE-1999-1114 | 1 Sgi | 1 Irix | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges. | |||||