Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0210 | 1 Carey Internet Service | 1 Commerce.cgi | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter. | |||||
| CVE-2001-0208 | 1 Microfocus | 1 Cobol | 2008-09-05 | 4.6 MEDIUM | N/A |
| MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the mfaslmf directory and the nolicense file with insecure permissions, which allows local users to gain privileges by modifying files. | |||||
| CVE-2001-0127 | 1 Oliver Debon | 1 Flash | 2008-09-05 | 7.6 HIGH | N/A |
| Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag. | |||||
| CVE-2001-0114 | 1 Omnicron | 1 Omnihttpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter. | |||||
| CVE-2001-0113 | 1 Omnicron | 1 Omnihttpd | 2008-09-05 | 10.0 HIGH | N/A |
| statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script. | |||||
| CVE-2001-0093 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd. | |||||
| CVE-2001-0084 | 1 Gtk | 1 Gtk\+ | 2008-09-05 | 7.2 HIGH | N/A |
| GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program. | |||||
| CVE-2001-0082 | 1 Checkpoint | 1 Firewall-1 | 2008-09-05 | 7.5 HIGH | N/A |
| Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets. | |||||
| CVE-2001-0079 | 1 Hp | 1 Support Tools Manager | 2008-09-05 | 2.1 LOW | N/A |
| Support Tools Manager (STM) A.22.00 for HP-UX allows local users to overwrite arbitrary files via a symlink attack on the tool_stat.txt log file. | |||||
| CVE-2001-0075 | 1 Technote Inc | 1 Technote | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter. | |||||
| CVE-2001-0074 | 1 Technote Inc | 1 Technote | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in print.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the board parameter. | |||||
| CVE-2001-0064 | 1 Alt-n | 1 Mdaemon | 2008-09-05 | 5.0 MEDIUM | N/A |
| Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string. | |||||
| CVE-2001-0019 | 1 Cisco | 2 Arrowpoint, Content Services Switch | 2008-09-05 | 2.1 LOW | N/A |
| Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands. | |||||
| CVE-2001-0220 | 2 Ja-elvis, Ko-helvis | 2 Ja-elvis, Ko-helvis | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local users to gain root privileges. | |||||
| CVE-2000-1105 | 1 Microsoft | 1 Indexing Service | 2008-09-05 | 4.3 MEDIUM | N/A |
| The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled. | |||||
| CVE-2000-1194 | 1 Argosoft | 1 Ftp Server | 2008-09-05 | 7.5 HIGH | N/A |
| Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands. | |||||
| CVE-2000-1211 | 1 Zope | 1 Zope | 2008-09-05 | 7.5 HIGH | N/A |
| Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities. | |||||
| CVE-2000-1110 | 1 Ibm | 1 Net.data | 2008-09-05 | 5.0 MEDIUM | N/A |
| document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program. | |||||
| CVE-2000-1127 | 1 Hp | 1 Hp-ux | 2008-09-05 | 3.6 LOW | N/A |
| registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable. | |||||
| CVE-2000-1152 | 1 Be | 1 Beos | 2008-09-05 | 5.0 MEDIUM | N/A |
| Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL. | |||||
| CVE-2000-1098 | 1 Sonicwall | 1 Soho Firewall | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. | |||||
| CVE-2000-1100 | 1 Trlinux | 1 Postaci Webmail | 2008-09-05 | 7.5 HIGH | N/A |
| The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request. | |||||
| CVE-2000-1235 | 1 Oracle | 1 Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files. | |||||
| CVE-2000-1118 | 1 24link | 1 24link | 2008-09-05 | 7.5 HIGH | N/A |
| 24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request. | |||||
| CVE-2000-0903 | 1 Qnx | 1 Voyager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2000-1234 | 1 Phorum | 1 Phorum | 2008-09-05 | 5.0 MEDIUM | N/A |
| violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters. | |||||
| CVE-2000-1233 | 1 Phorum | 1 Phorum | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter. | |||||
| CVE-2000-1201 | 1 Checkpoint | 1 Firewall-1 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264. | |||||
| CVE-2000-1219 | 1 Gnu | 2 G\+\+, Gcc | 2008-09-05 | 7.5 HIGH | N/A |
| The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows. | |||||
| CVE-2000-1128 | 1 Mcafee | 1 Virusscan | 2008-09-05 | 4.6 MEDIUM | N/A |
| The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory. | |||||
| CVE-2000-1101 | 1 Texas Imperial Software | 1 Wftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack. | |||||
| CVE-2000-1102 | 1 Ptlink | 2 Ptlink Irc Services, Ptlink Ircd | 2008-09-05 | 5.0 MEDIUM | N/A |
| PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to cause a denial of service (server crash) via "mode +owgscfxeb" and "oper" commands. | |||||
| CVE-2000-1231 | 1 Phorum | 1 Phorum | 2008-09-05 | 5.0 MEDIUM | N/A |
| code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary files in the phorum directory via the query string. | |||||
| CVE-2000-1223 | 1 I-soft | 1 Quikstore | 2008-09-05 | 7.5 HIGH | N/A |
| quikstore.cgi in Quikstore Shopping Cart allows remote attackers to execute arbitrary commands via shell metacharacters in the URL portion of an HTTP GET request. | |||||
| CVE-2000-1172 | 1 Rob Flynn | 1 Gaim | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to conduct a denial of service and possibly execute arbitrary commands via a long HTML tag. | |||||
| CVE-2000-1037 | 1 Checkpoint | 1 Firewall-1 | 2008-09-05 | 7.5 HIGH | N/A |
| Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack. | |||||
| CVE-2000-1225 | 1 Imatix | 1 Xitami | 2008-09-05 | 5.0 MEDIUM | N/A |
| Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program. | |||||
| CVE-2000-1226 | 1 Snort | 1 Snort | 2008-09-05 | 5.0 MEDIUM | N/A |
| Snort 1.6, when running in straight ASCII packet logging mode or IDS mode with straight decoded ASCII packet logging selected, allows remote attackers to cause a denial of service (crash) by sending non-IP protocols that Snort does not know about, as demonstrated by an nmap protocol scan. | |||||
| CVE-2000-1228 | 1 Phorum | 1 Phorum | 2008-09-05 | 5.0 MEDIUM | N/A |
| Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables. | |||||
| CVE-2000-1103 | 1 Bsdi | 1 Bsd Os | 2008-09-05 | 7.2 HIGH | N/A |
| rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line. | |||||
| CVE-2000-1012 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
| The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. | |||||
| CVE-2000-1008 | 1 Palm | 1 Palm Os | 2008-09-05 | 4.6 MEDIUM | N/A |
| PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device. | |||||
| CVE-2000-0999 | 1 Openbsd | 1 Openssh | 2008-09-05 | 10.0 HIGH | N/A |
| Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges. | |||||
| CVE-2000-1177 | 1 Bb4 | 1 Big Brother Network Monitor | 2008-09-05 | 5.0 MEDIUM | N/A |
| bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother (BB) before 1.5d3 allows remote attackers to determine the existence of files and user ID's by specifying the target file in the HISTFILE parameter. | |||||
| CVE-2000-1013 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.2 HIGH | N/A |
| The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. | |||||
| CVE-2000-1129 | 1 Network Associates | 1 Webshield Smtp | 2008-09-05 | 5.0 MEDIUM | N/A |
| McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field. | |||||
| CVE-2000-1157 | 1 Network Associates | 1 Sniffer Agent | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in NAI Sniffer Agent allows remote attackers to execute arbitrary commands via a long SNMP community name. | |||||
| CVE-2000-1114 | 1 Unify | 1 Ewave Servletexec | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20". | |||||
| CVE-2000-1130 | 1 Network Associates | 1 Webshield Smtp | 2008-09-05 | 7.5 HIGH | N/A |
| McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment. | |||||
| CVE-2000-1017 | 1 Webteacher | 1 Webdata | 2008-09-05 | 5.0 MEDIUM | N/A |
| Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database. | |||||