Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0452 | 1 Brs | 1 Webweaver | 2008-09-05 | 5.0 MEDIUM | N/A |
| BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command. | |||||
| CVE-2001-0477 | 1 Webcalendar | 1 Webcalendar | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in WebCalendar 0.9.26 allows remote command execution. | |||||
| CVE-2001-0448 | 1 Software602 | 1 602pro Lan Suite | 2008-09-05 | 5.0 MEDIUM | N/A |
| Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories with legacy DOS device names. | |||||
| CVE-2001-0447 | 1 Software602 | 1 602pro Lan Suite | 2008-09-05 | 7.5 HIGH | N/A |
| Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters. | |||||
| CVE-2001-0442 | 1 David Harris | 1 Mercury Nlm | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command. | |||||
| CVE-2001-0438 | 1 Netopia | 1 Timbuktu Mac | 2008-09-05 | 2.1 LOW | N/A |
| Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu. | |||||
| CVE-2001-0794 | 1 A-ftp | 1 Anonymous Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers to cause a denial of service via a long USER command. | |||||
| CVE-2001-0786 | 1 Internet Software Solutions | 1 Air Messenger Lan Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 stores user passwords in plaintext in the pUser.Dat file. | |||||
| CVE-2001-0694 | 1 Texas Imperial Software | 1 Wftpd | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command. | |||||
| CVE-2001-0785 | 1 Internet Software Solutions | 1 Air Messenger Lan Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal in Webpaging interface in Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2001-0755 | 1 Debian | 1 Debian Linux | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command. | |||||
| CVE-2001-0471 | 1 Ssh | 1 Ssh | 2008-09-05 | 7.5 HIGH | N/A |
| SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack. | |||||
| CVE-2001-0568 | 1 Zope | 1 Zope | 2008-09-05 | 2.1 LOW | N/A |
| Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes. | |||||
| CVE-2001-0758 | 1 Evolvable Corporation | 1 Shambala Server | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Shambala 4.5 allows remote attackers to escape the FTP root directory via "CWD ..." command. | |||||
| CVE-2001-0569 | 1 Zope | 1 Zope | 2008-09-05 | 2.1 LOW | N/A |
| Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet. | |||||
| CVE-2001-0759 | 1 Jetico | 1 Bestcrypt | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount. | |||||
| CVE-2001-0788 | 1 Internet Software Solutions | 1 Air Messenger Lan Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows remote attackers to obtain an absolute path for the server directory by viewing the Location header. | |||||
| CVE-2001-0767 | 1 Steve Poulsen | 1 Guildftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a .. in (1) LS or (2) GET. | |||||
| CVE-2001-0766 | 1 Apache | 1 Http Server | 2008-09-05 | 7.5 HIGH | N/A |
| Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters. | |||||
| CVE-2001-0762 | 1 Su-wrapper | 1 Su-wrapper | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in su-wrapper 1.1.1 allows local users to execute arbitrary code via a long first argument. | |||||
| CVE-2001-0800 | 1 Sgi | 1 Irix | 2008-09-05 | 10.0 HIGH | N/A |
| lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2001-0761 | 1 Trend Micro | 1 Interscan Webmanager | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1.2 allows remote attackers to execute arbitrary code via a long value to a certain parameter. | |||||
| CVE-2001-0483 | 1 Symantec | 1 Raptor Firewall | 2008-09-05 | 7.5 HIGH | N/A |
| Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set. | |||||
| CVE-2001-0432 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands. | |||||
| CVE-2001-0572 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2008-09-05 | 7.5 HIGH | N/A |
| The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. | |||||
| CVE-2001-0425 | 1 Adcycle | 1 Adcycle | 2008-09-05 | 7.5 HIGH | N/A |
| AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information. | |||||
| CVE-2001-0714 | 1 Sendmail | 1 Sendmail | 2008-09-05 | 2.1 LOW | N/A |
| Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option. | |||||
| CVE-2001-0406 | 1 Samba | 1 Samba | 2008-09-05 | 2.1 LOW | N/A |
| Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient. | |||||
| CVE-2001-0478 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. | |||||
| CVE-2001-0479 | 1 Phppgadmin | 1 Phppgadmin | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. | |||||
| CVE-2001-0453 | 1 Brs | 1 Webweaver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories. | |||||
| CVE-2001-0400 | 1 Matt Tourtillott | 1 Nph-maillist | 2008-09-05 | 7.5 HIGH | N/A |
| nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address. | |||||
| CVE-2001-0647 | 1 Orange Software | 1 Orange Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version. | |||||
| CVE-2001-0632 | 1 Sun | 1 Chilisoft | 2008-09-05 | 7.5 HIGH | N/A |
| Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges. | |||||
| CVE-2001-0633 | 1 Sun | 1 Chilisoft | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'. | |||||
| CVE-2001-0535 | 1 Macromedia | 1 Coldfusion Server | 2008-09-05 | 7.5 HIGH | N/A |
| Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. | |||||
| CVE-2001-0490 | 1 Nullsoft | 1 Winamp | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file. | |||||
| CVE-2001-0636 | 1 Raytheon | 1 Silentrunner | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. NOTE: It is highly likely that this candidate will be split into multiple candidates. | |||||
| CVE-2001-0671 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges. | |||||
| CVE-2001-0398 | 1 Ritlabs | 1 The Bat | 2008-09-05 | 7.5 HIGH | N/A |
| The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon. | |||||
| CVE-2001-0397 | 1 Silent Runner | 1 Silent Runner Collector Src | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long SMTP HELO command. | |||||
| CVE-2001-0396 | 1 Lightwave | 1 Consoleserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users. | |||||
| CVE-2001-0790 | 1 Specter | 1 Specter Ids | 2008-09-05 | 5.0 MEDIUM | N/A |
| Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a denial of service (CPU exhaustion) via a port scan, which causes the server to consume CPU while preparing alerts. | |||||
| CVE-2001-0791 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 5.0 MEDIUM | N/A |
| Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access. | |||||
| CVE-2001-0395 | 1 Lightwave | 1 Consoleserver | 2008-09-05 | 7.5 HIGH | N/A |
| Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing. | |||||
| CVE-2000-1242 | 1 Apc | 1 Powerchute | 2008-09-05 | 9.0 HIGH | N/A |
| The HTTP service in American Power Conversion (APC) PowerChute uses a default username and password, which allows remote attackers to gain system access. | |||||
| CVE-2001-0186 | 1 Free Java Web Server | 1 Free Java Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2001-0073 | 1 Nsa | 1 Security-enhanced Linux | 2008-09-05 | 2.1 LOW | N/A |
| Buffer overflow in the find_default_type function in libsecure in NSA Security-enhanced Linux, which may allow attackers to modify critical data in memory. | |||||
| CVE-2001-0390 | 1 Ibm | 3 Net.commerce, Net.commerce Hosting Server, Websphere Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters. | |||||
| CVE-2001-0389 | 1 Ibm | 2 Net.commerce, Websphere Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. | |||||