Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1446 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.5 HIGH | N/A |
| Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories. | |||||
| CVE-2001-1447 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.2 HIGH | N/A |
| NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges. | |||||
| CVE-2001-1448 | 1 Magic | 1 Edeveloper | 2017-07-11 | 4.6 MEDIUM | N/A |
| Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts. | |||||
| CVE-2001-1449 | 2 Apache, Mandrakesoft | 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. | |||||
| CVE-2001-1455 | 1 Netegrity | 1 Siteminder | 2017-07-11 | 7.5 HIGH | N/A |
| Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters. | |||||
| CVE-2001-1456 | 4 Mcafee, Network Associates, Pgp and 1 more | 5 Webshield Smtp, Gauntlet Firewall, Mcafee E-ppliance and 2 more | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message. | |||||
| CVE-2001-1457 | 1 Nobreak Technologies | 1 Crazywwwboard | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable. | |||||
| CVE-2001-1458 | 1 Novell | 1 Groupwise | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character. | |||||
| CVE-2001-1459 | 1 Openbsd | 1 Openssh | 2017-07-11 | 7.5 HIGH | N/A |
| OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d. | |||||
| CVE-2001-1460 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter. | |||||
| CVE-2001-1461 | 1 Rsa | 1 Securid | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences. | |||||
| CVE-2001-1462 | 1 Rsa | 1 Securid | 2017-07-11 | 7.5 HIGH | N/A |
| WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information. | |||||
| CVE-2001-1464 | 1 Businessobjects | 1 Crystal Reports | 2017-07-11 | 7.5 HIGH | N/A |
| Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords. | |||||
| CVE-2001-1466 | 1 Van Dyke Technologies | 1 Securecrt | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | |||||
| CVE-2001-1467 | 1 Don Libes | 1 Expect | 2017-07-11 | 7.5 HIGH | N/A |
| mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks. | |||||
| CVE-2001-1468 | 1 Secure Reality | 1 Phpsecurepages | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2001-1469 | 1 Ssh | 1 Ssh | 2017-07-11 | 5.0 MEDIUM | N/A |
| The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check (CRC) with the CRC of a mask consisting of all the bits of the original message that were modified. | |||||
| CVE-2001-1470 | 1 Ssh | 1 Ssh | 2017-07-11 | 5.0 MEDIUM | N/A |
| The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message. | |||||
| CVE-2001-1471 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 4.6 MEDIUM | N/A |
| prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement. | |||||
| CVE-2001-1472 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter. | |||||
| CVE-2001-1473 | 1 Ssh | 1 Ssh | 2017-07-11 | 7.5 HIGH | N/A |
| The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target. | |||||
| CVE-2001-1474 | 1 Ssh | 1 Ssh | 2017-07-11 | 5.0 MEDIUM | N/A |
| SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache. | |||||
| CVE-2001-1475 | 1 Ssh | 1 Ssh | 2017-07-11 | 7.5 HIGH | N/A |
| SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated. | |||||
| CVE-2001-1476 | 1 Ssh | 1 Ssh | 2017-07-11 | 7.5 HIGH | N/A |
| SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not. | |||||
| CVE-2001-1477 | 1 Bea | 1 Tuxedo | 2017-07-11 | 4.6 MEDIUM | N/A |
| The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain. | |||||
| CVE-2001-1478 | 1 Caldera | 2 Openunix, Unixware | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0.0 allows local users to execute arbitrary code. | |||||
| CVE-2001-1479 | 1 Sun | 1 Management\+center | 2017-07-11 | 2.1 LOW | N/A |
| smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT. | |||||
| CVE-2001-1480 | 2 Apple, Sun | 4 Mac Os Runtime For Java, Jdk, Jre and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard. | |||||
| CVE-2001-1481 | 1 Imatix | 1 Xitami | 2017-07-11 | 10.0 HIGH | N/A |
| Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges. | |||||
| CVE-2001-1483 | 1 Nrl | 1 Opie | 2017-07-11 | 5.0 MEDIUM | N/A |
| One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist. | |||||
| CVE-2001-1484 | 1 Alcatel | 2 Adsl Modem 1000, Speed Touch Adsl Modem | 2017-07-11 | 7.5 HIGH | N/A |
| Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication. | |||||
| CVE-2001-1487 | 1 Qualcomm | 1 Qpopper | 2017-07-11 | 4.6 MEDIUM | N/A |
| popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option. | |||||
| CVE-2001-1488 | 1 Open Projects Network | 1 Open Projects Network Ircd | 2017-07-11 | 5.0 MEDIUM | N/A |
| Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet. NOTE: a followup post suggests that this is not an issue in the daemon. | |||||
| CVE-2001-1489 | 1 Microsoft | 1 Ie | 2017-07-11 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | |||||
| CVE-2001-1490 | 1 Mozilla | 1 Mozilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | |||||
| CVE-2001-1491 | 1 Opera Software | 1 Opera Web Browser | 2017-07-11 | 5.0 MEDIUM | N/A |
| Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | |||||
| CVE-2001-1496 | 1 Acme Labs | 1 Thttpd | 2017-07-11 | 7.5 HIGH | N/A |
| Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2001-1499 | 1 Checkpoint | 1 Vpn-1 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks. | |||||
| CVE-2001-1502 | 1 Mountain Network Systems | 1 Webcart | 2017-07-11 | 7.5 HIGH | N/A |
| webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the NEXTPAGE parameter. | |||||
| CVE-2001-1504 | 1 Ibm | 1 Lotus Notes | 2017-07-11 | 7.5 HIGH | N/A |
| Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message. | |||||
| CVE-2001-1505 | 1 Tinc | 1 Tinc | 2017-07-11 | 5.0 MEDIUM | N/A |
| tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets. | |||||
| CVE-2001-1506 | 1 Hp | 1 Secure Os | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files. | |||||
| CVE-2001-1550 | 1 Centra | 3 Asp, Centraone, Smart Connect | 2017-07-11 | 2.1 LOW | N/A |
| CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users. | |||||
| CVE-2001-1563 | 2 Apache, Hp | 2 Tomcat, Secure Os | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers. | |||||
| CVE-2001-1575 | 1 Apple | 1 Personal Web Sharing | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow. | |||||
| CVE-2001-1577 | 1 Caldera | 2 Openunix, Unixware | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 allows an xterm session to gain privileges when the session is reused. | |||||
| CVE-2002-0086 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable. | |||||
| CVE-2002-0087 | 1 Lotus | 1 Domino | 2017-07-11 | 2.1 LOW | N/A |
| bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2002-0145 | 1 Scott Parish | 1 Chuid | 2017-07-11 | 7.5 HIGH | N/A |
| chuid 1.2 and earlier does not properly verify the ownership of files that will be changed, which allows remote attackers to change files owned by other users, such as root. | |||||
| CVE-2002-0164 | 1 Caldera | 2 Openlinux Server, Openlinux Workstation | 2017-07-11 | 4.6 MEDIUM | N/A |
| Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges. | |||||