Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0915 | 1 Berkeley | 1 Pmake | 2016-10-18 | 7.2 HIGH | N/A |
| Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition. | |||||
| CVE-2001-0916 | 1 Berkeley | 1 Pmake | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via a long check argument of a shell definition. | |||||
| CVE-2001-0930 | 1 Sendpage | 1 Sendpage.pl | 2016-10-18 | 7.5 HIGH | N/A |
| Sendpage.pl allows remote attackers to execute arbitrary commands via a message containing shell metacharacters. | |||||
| CVE-2001-0848 | 1 E-zone Media | 1 Fuse Talk | 2016-10-18 | 4.6 MEDIUM | N/A |
| join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable. | |||||
| CVE-2001-0831 | 1 Oracle | 1 Database Server | 2016-10-18 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access. | |||||
| CVE-2001-0898 | 1 Opera Software | 1 Opera Web Browser | 2016-10-18 | 5.0 MEDIUM | N/A |
| Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache. | |||||
| CVE-2001-0897 | 1 Infopop | 1 Ultimate Bulletin Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field. | |||||
| CVE-2001-0832 | 1 Oracle | 1 Database Server | 2016-10-18 | 2.1 LOW | N/A |
| Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability." | |||||
| CVE-2001-0858 | 1 Caldera | 2 Openunix, Unixware | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges. | |||||
| CVE-2001-0856 | 1 Ibm | 1 4758 | 2016-10-18 | 4.6 MEDIUM | N/A |
| Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key. | |||||
| CVE-2001-0855 | 1 Rational Software | 1 Clearcase | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable. | |||||
| CVE-2001-0854 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user. | |||||
| CVE-2001-0844 | 1 Seth Leonard | 2 Book Of Guests, Post It | 2016-10-18 | 7.5 HIGH | N/A |
| Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter. | |||||
| CVE-2001-0842 | 1 Leoboard | 1 Lb5000 | 2016-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie. | |||||
| CVE-2001-0841 | 1 Ikonboard.com | 1 Ikonboard | 2016-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie. | |||||
| CVE-2001-0424 | 2 Freebsd, Timecop | 2 Freebsd, Bubblemon | 2016-10-18 | 7.2 HIGH | N/A |
| BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id. | |||||
| CVE-2001-0419 | 1 Oracle | 1 Application Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/. | |||||
| CVE-2001-0552 | 2 Hp, Ibm | 2 Openview Network Node Manager, Tivoli Netview | 2016-10-18 | 10.0 HIGH | N/A |
| ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message. | |||||
| CVE-2001-0411 | 1 Siemens | 1 Reliant Unix | 2016-10-18 | 5.0 MEDIUM | N/A |
| Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet. | |||||
| CVE-2001-0571 | 1 Elron | 2 Im Anti Virus, Im Message Inspector | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL. | |||||
| CVE-2001-0466 | 1 Microburst | 1 Ustorekeeper Online Shopping System | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ustorekeeper 1.61 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2001-0410 | 1 Trend Micro | 1 Virus Buster 2001 | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long "From" header. | |||||
| CVE-2001-0669 | 4 Cisco, Enterasys, Iss and 1 more | 6 Catalyst 6000 Intrusion Detection System Module, Secure Intrusion Detection System, Dragon and 3 more | 2016-10-18 | 7.5 HIGH | N/A |
| Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL. | |||||
| CVE-2001-0756 | 1 Virtualcart | 1 Virtualcatalog | 2016-10-18 | 7.5 HIGH | N/A |
| CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualCart) allows remote attackers to execute arbitrary code via the template parameter. | |||||
| CVE-2001-0435 | 1 Pgp | 1 Pgp | 2016-10-18 | 4.6 MEDIUM | N/A |
| The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate. | |||||
| CVE-2001-0446 | 1 Ibm | 1 Websphere Commerce Suite | 2016-10-18 | 5.0 MEDIUM | N/A |
| IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL. | |||||
| CVE-2001-0464 | 1 Crosswind | 1 Cyberscheduler | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter. | |||||
| CVE-2001-0433 | 1 Micheal Lamont | 1 Savant Webserver | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header. | |||||
| CVE-2001-0605 | 1 Headlight Software | 1 Mygetright | 2016-10-18 | 7.5 HIGH | N/A |
| Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data. | |||||
| CVE-2001-0399 | 1 Caucho Technology | 1 Resin | 2016-10-18 | 5.0 MEDIUM | N/A |
| Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request. | |||||
| CVE-2001-0254 | 1 Fastream | 1 Ftp\+\+ Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real pathname of the server via the "pwd" command. | |||||
| CVE-2001-0404 | 1 Sun | 1 Javaserver Web Dev Kit | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory. | |||||
| CVE-2001-0393 | 1 Navision | 1 Financials Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Navision Financials Server 2.0 allows remote attackers to cause a denial of service via a series of connections to the server without providing a username/password combination, which consumes the license limits. | |||||
| CVE-2001-0392 | 1 Navision | 1 Financials Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash. | |||||
| CVE-2001-0367 | 1 Mirabilis | 1 Icq | 2016-10-18 | 5.0 MEDIUM | N/A |
| Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters. | |||||
| CVE-2001-0355 | 1 Novell | 1 Groupwise | 2016-10-18 | 5.0 MEDIUM | N/A |
| Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies. | |||||
| CVE-2001-0304 | 1 Caucho Technology | 1 Resin | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a "\.." (dot dot) in a URL request. | |||||
| CVE-2001-0295 | 1 Jarle Aase | 1 War Ftpd | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command. | |||||
| CVE-2001-0277 | 1 Working Resources Inc. | 1 Badblue | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. | |||||
| CVE-2001-0205 | 1 Aol | 1 Aol Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "..." into the requested pathname, a modified .. (dot dot) attack. | |||||
| CVE-2001-0135 | 1 Ultrascripts | 1 Ultraboard | 2016-10-18 | 2.1 LOW | N/A |
| The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs. | |||||
| CVE-2000-1198 | 1 Qualcomm | 1 Qpopper | 2016-10-18 | 2.1 LOW | N/A |
| qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes. | |||||
| CVE-2000-1197 | 1 University Of Washington | 1 Imap | 2016-10-18 | 2.1 LOW | N/A |
| POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes. | |||||
| CVE-2000-1210 | 1 Apache | 1 Tomcat | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp. | |||||
| CVE-2000-1168 | 1 Ibm | 1 Http Server | 2016-10-18 | 7.5 HIGH | N/A |
| IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. | |||||
| CVE-2001-0112 | 2 Debian, Sam Lantinga | 2 Debian Linux, Splitvt | 2016-10-18 | 7.2 HIGH | N/A |
| Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands. | |||||
| CVE-2000-1190 | 1 Jon Atkins | 1 Imwheel | 2016-10-18 | 2.1 LOW | N/A |
| imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file. | |||||
| CVE-2000-1208 | 4 Immunix, Netbsd, Openbsd and 1 more | 4 Immunix, Netbsd, Openbsd and 1 more | 2016-10-18 | 7.2 HIGH | N/A |
| Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call. | |||||
| CVE-2000-1207 | 1 Redhat | 1 Linux | 2016-10-18 | 7.2 HIGH | N/A |
| userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844). | |||||
| CVE-2001-0134 | 2 Compaq, Digital | 15 Armada Insight Manager, Enterprise Volume Manager-command Scripter, Foundation Agents and 12 more | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name. | |||||