Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1030 | 1 Csandt | 1 Corporatetime For The Web | 2017-07-11 | 5.0 MEDIUM | N/A |
| CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server. | |||||
| CVE-2002-0180 | 1 Bradford Barrett | 1 Webalizer | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname. | |||||
| CVE-2002-0628 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack. | |||||
| CVE-2000-1066 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname. | |||||
| CVE-2000-1093 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command. | |||||
| CVE-2001-0555 | 1 Screaming Media | 1 Siteware | 2017-07-11 | 10.0 HIGH | N/A |
| ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet. | |||||
| CVE-2002-0602 | 1 Snapgear | 1 Snapgear Lite\+ Firewall | 2017-07-11 | 5.0 MEDIUM | N/A |
| Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash) via a large number of connections to (1) the HTTP web management port, or (2) the PPTP port. | |||||
| CVE-2001-0499 | 1 Oracle | 1 Oracle8i | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD. | |||||
| CVE-2002-0592 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 7.5 HIGH | N/A |
| AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user. | |||||
| CVE-2001-1148 | 1 Sco | 1 Openserver | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh. | |||||
| CVE-2002-0535 | 2 Postboard, Postnuke Software Foundation | 2 Postboard, Postnuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title. | |||||
| CVE-2002-0526 | 1 Inn | 1 Inn | 2017-07-11 | 7.2 HIGH | N/A |
| Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls. | |||||
| CVE-2002-0486 | 1 Workforceroi | 1 Xpede | 2017-07-11 | 7.2 HIGH | N/A |
| Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges. | |||||
| CVE-2002-0385 | 1 Vignette | 2 Storyserver, Vignette | 2017-07-11 | 5.0 MEDIUM | N/A |
| Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a request that contains a large number of '"' (double quote) and and '>' characters, which causes the TCL interpreter to crash and include stack data in the output. | |||||
| CVE-2001-1192 | 1 Citrix | 1 Ica Client | 2017-07-11 | 7.5 HIGH | N/A |
| Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client. | |||||
| CVE-2001-1194 | 1 Zyxel | 2 Prestige 1600, Prestige 681 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly. | |||||
| CVE-2001-1197 | 1 Kde | 1 Kdeutils | 2017-07-11 | 4.6 MEDIUM | N/A |
| klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file. | |||||
| CVE-2001-1204 | 1 Total Pc Solutions | 1 Php Rocket Add-in | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2002-0375 | 1 Ecometry | 1 Sgdynamo | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter. | |||||
| CVE-2001-0381 | 1 Pgp | 1 Openpgp | 2017-07-11 | 4.6 MEDIUM | N/A |
| The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key. | |||||
| CVE-2001-1475 | 1 Ssh | 1 Ssh | 2017-07-11 | 7.5 HIGH | N/A |
| SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated. | |||||
| CVE-2001-0972 | 1 Surf-net | 1 Asp Forum | 2017-07-11 | 10.0 HIGH | N/A |
| Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888." | |||||
| CVE-2002-0310 | 1 Netwin | 1 Webnews | 2017-07-11 | 7.5 HIGH | N/A |
| Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879. | |||||
| CVE-2002-0308 | 1 Stefan Holmberg | 1 Admentor | 2017-07-11 | 10.0 HIGH | N/A |
| admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments. | |||||
| CVE-2001-0300 | 1 Oracle | 1 Internet Directory | 2017-07-11 | 2.1 LOW | N/A |
| oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack. | |||||
| CVE-2002-0305 | 1 Zero One Tech | 1 P100s | 2017-07-11 | 5.0 MEDIUM | N/A |
| Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's knowledge. | |||||
| CVE-2001-0970 | 1 Tdavid | 1 Td Forum | 2017-07-11 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script. | |||||
| CVE-2002-0296 | 1 Tarantella | 1 Tarantella Enterprise | 2017-07-11 | 1.2 LOW | N/A |
| The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file. | |||||
| CVE-2001-0853 | 1 Entrust | 1 Getaccess | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat. | |||||
| CVE-2001-1474 | 1 Ssh | 1 Ssh | 2017-07-11 | 5.0 MEDIUM | N/A |
| SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache. | |||||
| CVE-2002-0282 | 1 Codeworx Technologies | 1 Dcp-portal | 2017-07-11 | 5.0 MEDIUM | N/A |
| DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message. | |||||
| CVE-2002-0281 | 1 Codeworx Technologies | 1 Dcp-portal | 2017-07-11 | 5.1 MEDIUM | N/A |
| Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php. | |||||
| CVE-2001-0273 | 1 Holger Lamm | 1 Pgp4pine | 2017-07-11 | 2.6 LOW | N/A |
| pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext. | |||||
| CVE-2001-1379 | 1 Guiseppe Tanzilli And Matthias Eckermann | 1 Mod Auth Pgsql | 2017-07-11 | 7.5 HIGH | N/A |
| The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name. | |||||
| CVE-2001-1413 | 1 Ncompress | 1 Ncompress | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument. | |||||
| CVE-2001-1415 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 4.6 MEDIUM | N/A |
| vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes. | |||||
| CVE-2001-1417 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data. | |||||
| CVE-2001-1418 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file. | |||||
| CVE-2001-1419 | 2 Aol, Cerulean Studios | 2 Instant Messenger, Trillian | 2017-07-11 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments. | |||||
| CVE-2001-1420 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow. | |||||
| CVE-2001-1421 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag. | |||||
| CVE-2001-1422 | 1 Att | 1 Winvnc | 2017-07-11 | 7.5 HIGH | N/A |
| WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. | |||||
| CVE-2001-1423 | 1 Advanced Poll | 1 Advanced Poll | 2017-07-11 | 7.5 HIGH | N/A |
| Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter. | |||||
| CVE-2001-1424 | 1 Alcatel | 1 Speed Touch Home | 2017-07-11 | 7.5 HIGH | N/A |
| Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2001-1425 | 1 Alcatel | 1 Speed Touch Home | 2017-07-11 | 7.5 HIGH | N/A |
| The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login. | |||||
| CVE-2001-1426 | 1 Alcatel | 1 Speed Touch Home | 2017-07-11 | 7.5 HIGH | N/A |
| Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations. | |||||
| CVE-2001-1427 | 1 Macromedia | 1 Coldfusion | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. | |||||
| CVE-2001-1428 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Embedded-webserver | 2017-07-11 | 7.5 HIGH | N/A |
| The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped with a default password, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2001-1429 | 1 Midnight Commander | 1 Midnight Commander | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file. | |||||
| CVE-2001-1430 | 1 Cayman | 1 3220-h Dsl Router | 2017-07-11 | 7.5 HIGH | N/A |
| Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access. | |||||