Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1293 | 1 3com | 1 3cr29223 | 2008-09-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request. | |||||
| CVE-2001-1284 | 1 Ipswitch | 1 Imail | 2008-09-10 | 7.5 HIGH | N/A |
| Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users. | |||||
| CVE-2001-1283 | 1 Ipswitch | 1 Imail | 2008-09-10 | 7.5 HIGH | N/A |
| The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code. | |||||
| CVE-2001-1281 | 1 Ipswitch | 1 Imail | 2008-09-10 | 5.0 MEDIUM | N/A |
| Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form. | |||||
| CVE-2001-1280 | 1 Ipswitch | 1 Imail | 2008-09-10 | 5.0 MEDIUM | N/A |
| POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system. | |||||
| CVE-2001-1279 | 1 Lbl | 1 Tcpdump | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026. | |||||
| CVE-2001-1278 | 1 Zope | 1 Zope | 2008-09-10 | 7.5 HIGH | N/A |
| Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. | |||||
| CVE-2001-1251 | 2 Max Feoktistov, Vwebserver | 2 Small Http Server, Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests. | |||||
| CVE-2001-1250 | 1 Vwebserver | 1 Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow. | |||||
| CVE-2001-1249 | 1 Vwebserver | 1 Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names. | |||||
| CVE-2001-1248 | 1 Vwebserver | 1 Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20). | |||||
| CVE-2001-1239 | 1 Connect Inc. | 1 Powernet Ix | 2008-09-10 | 5.0 MEDIUM | N/A |
| PowerNet IX allows remote attackers to cause a denial of service via a port scan. | |||||
| CVE-2001-1237 | 1 Peaceworks Computer Consulting | 1 Phormation | 2008-09-10 | 7.5 HIGH | N/A |
| Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable. | |||||
| CVE-2001-1492 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-1460. Reason: This candidate is a refinement duplicate of CVE-2001-1460. Notes: All CVE users should reference CVE-2001-1460 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2001-1507 | 1 Openbsd | 1 Openssh | 2008-09-10 | 7.5 HIGH | N/A |
| OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged. | |||||
| CVE-2001-1513 | 1 Macromedia | 1 Jrun | 2008-09-10 | 7.5 HIGH | N/A |
| Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx. | |||||
| CVE-2001-1335 | 1 Aclogic | 1 Cesarftp | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot). | |||||
| CVE-2001-1336 | 1 Aclogic | 1 Cesarftp | 2008-09-10 | 7.5 HIGH | N/A |
| CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges. | |||||
| CVE-2001-1340 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Telnetd Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service. | |||||
| CVE-2001-1254 | 1 Com2001 | 1 Alexis Server | 2008-09-10 | 7.5 HIGH | N/A |
| Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing. | |||||
| CVE-2001-1369 | 1 Leon J Breedt | 1 Pam-pgsql | 2008-09-10 | 7.5 HIGH | N/A |
| Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields. | |||||
| CVE-2001-1246 | 1 Php | 1 Php | 2008-09-10 | 7.5 HIGH | N/A |
| PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2001-1289 | 1 Id Software | 1 Quake 3 Arena | 2008-09-10 | 5.0 MEDIUM | N/A |
| Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters. | |||||
| CVE-2001-1242 | 1 Steve Grimm | 1 Un-cgi | 2008-09-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form. | |||||
| CVE-2001-1285 | 1 Ipswitch | 1 Imail | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter. | |||||
| CVE-2001-1287 | 1 Ipswitch | 1 Imail | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2001-1296 | 1 Marc Logemann | 1 More.groupware | 2008-09-10 | 5.0 MEDIUM | N/A |
| More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1286 | 1 Ipswitch | 1 Imail | 2008-09-10 | 7.5 HIGH | N/A |
| Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control. | |||||
| CVE-2001-1521 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-09-10 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter. | |||||
| CVE-2001-1297 | 1 Actionpoll | 1 Actionpoll | 2008-09-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter. | |||||
| CVE-2001-1524 | 1 Francisco Burzi | 1 Php-nuke | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php. | |||||
| CVE-2001-1298 | 1 Grant Horwood | 1 Webodex | 2008-09-10 | 5.0 MEDIUM | N/A |
| Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1241 | 1 Steve Grimm | 1 Un-cgi | 2008-09-10 | 7.5 HIGH | N/A |
| Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name. | |||||
| CVE-2001-1212 | 1 Aktivate | 1 Aktivate | 2008-09-10 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter. | |||||
| CVE-2001-1173 | 1 Masqmail | 1 Masqmail | 2008-09-10 | 7.2 HIGH | N/A |
| Vulnerability in MasqMail before 0.1.15 allows local users to gain privileges via piped aliases. | |||||
| CVE-2001-1168 | 1 Phpmyexplorer | 2 Phpmyexplorer Classic, Phpmyexplorer Multiuser | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter. | |||||
| CVE-2001-1145 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2008-09-10 | 6.2 MEDIUM | N/A |
| fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories. | |||||
| CVE-2001-1134 | 1 Xerox | 1 Docuprint N40 | 2008-09-10 | 5.0 MEDIUM | N/A |
| Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm. | |||||
| CVE-2001-1121 | 1 Macromedia | 1 Jrun | 2008-09-10 | 7.5 HIGH | N/A |
| DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-2001-1084. | |||||
| CVE-2001-1210 | 1 Cisco | 3 Ubr920, Ubr924, Ubr925 | 2008-09-10 | 6.4 MEDIUM | N/A |
| Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings. | |||||
| CVE-2001-1195 | 1 Novell | 1 Groupwise | 2008-09-10 | 7.5 HIGH | N/A |
| Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges. | |||||
| CVE-2001-1054 | 1 Phpadsnew | 1 Phpadsnew | 2008-09-10 | 7.5 HIGH | N/A |
| PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1049 | 1 Paul M. Jones | 1 Phorecast | 2008-09-10 | 7.5 HIGH | N/A |
| Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1218 | 1 Microsoft | 1 Ie | 2008-09-10 | 2.1 LOW | N/A |
| Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window. | |||||
| CVE-2001-0935 | 1 Washington University | 1 Wu-ftpd | 2008-09-10 | 7.5 HIGH | N/A |
| Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550. | |||||
| CVE-2001-1228 | 1 Gnu | 1 Gzip | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server. | |||||
| CVE-2001-1214 | 1 Marcus S. Xenakis | 1 Unix Manual | 2008-09-10 | 7.5 HIGH | N/A |
| manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters. | |||||
| CVE-2001-1215 | 1 Michael Baumer | 1 Pfinger | 2008-09-10 | 7.5 HIGH | N/A |
| Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file. | |||||
| CVE-2001-0829 | 1 Apache | 1 Tomcat | 2008-09-10 | 5.1 MEDIUM | N/A |
| A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message. | |||||
| CVE-2001-0890 | 1 Sane | 1 Sane | 2008-09-10 | 2.1 LOW | N/A |
| Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files. | |||||