Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-1333 1 Easy Software Products 1 Cups 2008-09-05 1.2 LOW N/A
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
CVE-2001-1332 1 Easy Software Products 1 Cups 2008-09-05 7.5 HIGH N/A
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
CVE-2001-1314 1 Critical Path 2 Injoin Directory Server, Livecontent Directory 2008-09-05 7.5 HIGH N/A
Buffer overflows in Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
CVE-2001-1330 1 Ibm 1 Aix 2008-09-05 7.2 HIGH N/A
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
CVE-2001-1522 1 Francisco Burzi 1 Php-nuke 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.
CVE-2001-1327 1 Berkeley Softworks 1 Pmake 2008-09-05 4.6 MEDIUM N/A
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake.
CVE-2002-0017 1 Sgi 1 Irix 2008-09-05 7.5 HIGH N/A
Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request.
CVE-2001-1299 1 Zorbat 1 Zorbstats 2008-09-05 5.0 MEDIUM N/A
Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
CVE-2001-1306 1 Sun 1 Iplanet Directory Server 2008-09-05 7.5 HIGH N/A
iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite.
CVE-2001-1520 1 Intel 1 Xircom Rex 6000 2008-09-05 2.1 LOW N/A
Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN.
CVE-2002-0031 1 Yahoo 1 Messenger 2008-09-05 4.6 MEDIUM N/A
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.
CVE-2001-1234 1 Gallery Project 1 Gallery 2008-09-05 7.5 HIGH N/A
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
CVE-2001-1270 1 Pkware 1 Pkzip 2008-09-05 2.1 LOW N/A
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files.
CVE-2001-1523 1 Dmozgateway 1 Dmozgateway 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter.
CVE-2001-1271 1 Rarsoft 1 Rar 2008-09-05 2.1 LOW N/A
Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.
CVE-2001-1272 1 Wliang 1 Wmtv 2008-09-05 4.6 MEDIUM N/A
wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.
CVE-2001-1300 1 Dynu Systems Inc. 1 Dynu Ftp Server 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in Dynu FTP server 1.05 and earlier allows remote attackers to read arbitrary files via a .. in the CD (CWD) command.
CVE-2001-1326 1 Qualcomm 1 Eudora 2008-09-05 7.5 HIGH N/A
Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.
CVE-2001-1382 1 Openbsd 1 Openssh 2008-09-05 5.0 MEDIUM N/A
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
CVE-2001-1571 1 Microsoft 1 Windows Xp 2008-09-05 5.0 MEDIUM N/A
The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.
CVE-2001-1579 1 Sco 2 Open Unix, Unixware 2008-09-05 5.0 MEDIUM N/A
The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service.
CVE-2001-1578 1 Sco 1 Openserver 2008-09-05 2.1 LOW N/A
Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local users to modify critical information such as certain CPU registers and segment descriptors.
CVE-2001-1576 1 Caldera 1 Unixware 2008-09-05 4.6 MEDIUM N/A
Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument.
CVE-2001-1574 1 Trend Micro 1 Interscan Viruswall 2008-09-05 10.0 HIGH N/A
Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code.
CVE-2001-1573 1 Trend Micro 1 Interscan Viruswall 2008-09-05 10.0 HIGH N/A
Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter.
CVE-2001-1572 1 Linux 1 Linux Kernel 2008-09-05 7.5 HIGH N/A
The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.
CVE-2001-1570 1 Microsoft 1 Windows Xp 2008-09-05 2.1 LOW N/A
Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out.
CVE-2001-1569 1 Cmg 1 Openwave Wap Gateway 2008-09-05 6.4 MEDIUM N/A
Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.
CVE-2001-1568 1 Cmg 1 Wap Gateway 2008-09-05 6.4 MEDIUM N/A
CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.
CVE-2001-1566 2 Vanessa, Verge 2 Vanessa Logger, Perdition 2008-09-05 7.5 HIGH N/A
Format string vulnerability in libvanessa_logger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the __vanessa_logger_log function.
CVE-2001-1565 1 Apple 1 Mac Os X 2008-09-05 2.1 LOW N/A
Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.
CVE-2001-1519 1 Microsoft 1 Windows 2000 2008-09-05 3.6 LOW N/A
** DISPUTED ** RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it.
CVE-2001-1516 1 Hans Wolters 1 Phpreview 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews.
CVE-2001-1514 1 Macromedia 1 Coldfusion 2008-09-05 10.0 HIGH N/A
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.
CVE-2001-1321 1 Oracle 1 Internet Directory 2008-09-05 7.5 HIGH N/A
Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.
CVE-2001-1360 1 Mostang 1 Sane 2008-09-05 7.2 HIGH N/A
Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned.
CVE-2001-1259 1 Avaya 1 Argent Office 2008-09-05 5.0 MEDIUM N/A
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.
CVE-2001-1260 1 Avaya 1 Argent Office 2008-09-05 10.0 HIGH N/A
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
CVE-2001-1533 1 Microsoft 1 Isa Server 2008-09-05 5.0 MEDIUM N/A
** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
CVE-2001-1534 1 Apache 1 Http Server 2008-09-05 2.1 LOW N/A
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
CVE-2001-1535 1 Open Source Development Network 1 Slashcode 2008-09-05 4.6 MEDIUM N/A
Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack.
CVE-2001-1536 1 Autogalaxy 1 Autogalaxy 2008-09-05 5.0 MEDIUM N/A
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.
CVE-2001-1537 1 Twig 1 Webmail 2008-09-05 5.0 MEDIUM N/A
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
CVE-2001-1538 1 Speedxess 1 Ha-120 Dsl Router 2008-09-05 7.5 HIGH N/A
SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access.
CVE-2001-1540 1 David F. Mischler 1 Iproute 2008-09-05 5.0 MEDIUM N/A
IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a denial of service via fragmented IP packets that split the TCP header.
CVE-2001-1541 1 Bsdi 1 Bsd Os 2008-09-05 7.2 HIGH N/A
Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument.
CVE-2001-1543 1 Axis 5 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 2 more 2008-09-05 7.5 HIGH N/A
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.
CVE-2001-1544 1 Macromedia 1 Jrun 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
CVE-2001-1545 1 Macromedia 1 Jrun 2008-09-05 5.0 MEDIUM N/A
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
CVE-2001-1546 1 Mckesson 1 Pathways Homecare 2008-09-05 4.6 MEDIUM N/A
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.