Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1526 | 1 Easyscripts | 1 Easynews | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter. | |||||
| CVE-2001-1525 | 1 Easyscripts | 1 Easynews | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter. | |||||
| CVE-2001-1465 | 1 Surfcontrol | 1 Superscout Web Filter | 2008-09-05 | 4.6 MEDIUM | N/A |
| SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements. | |||||
| CVE-2001-1382 | 1 Openbsd | 1 Openssh | 2008-09-05 | 5.0 MEDIUM | N/A |
| The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used. | |||||
| CVE-2001-1349 | 1 Sendmail | 1 Sendmail | 2008-09-05 | 3.7 LOW | N/A |
| Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers. | |||||
| CVE-2001-1348 | 1 Twig Development Team | 1 Twig | 2008-09-05 | 7.5 HIGH | N/A |
| TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter. | |||||
| CVE-2001-1304 | 1 Nullsoft | 1 Shoutcast Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header. | |||||
| CVE-2001-1301 | 2 Gnu, Xemacs | 2 Emacs, Xemacs | 2008-09-05 | 1.2 LOW | N/A |
| rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. | |||||
| CVE-2001-1300 | 1 Dynu Systems Inc. | 1 Dynu Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Dynu FTP server 1.05 and earlier allows remote attackers to read arbitrary files via a .. in the CD (CWD) command. | |||||
| CVE-2001-1226 | 1 Adcycle | 1 Adcycle | 2008-09-05 | 5.0 MEDIUM | N/A |
| AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database. | |||||
| CVE-2001-1225 | 1 Hughes | 1 Msql | 2008-09-05 | 2.1 LOW | N/A |
| Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried. | |||||
| CVE-2001-1224 | 1 Les Vanbrunt | 1 Adrotate Pro | 2008-09-05 | 7.5 HIGH | N/A |
| get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack. | |||||
| CVE-2001-1531 | 1 Apple | 1 Claris Emailer | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an email attachment with a long filename. | |||||
| CVE-2001-1579 | 1 Sco | 2 Open Unix, Unixware | 2008-09-05 | 5.0 MEDIUM | N/A |
| The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service. | |||||
| CVE-2001-1578 | 1 Sco | 1 Openserver | 2008-09-05 | 2.1 LOW | N/A |
| Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local users to modify critical information such as certain CPU registers and segment descriptors. | |||||
| CVE-2001-1576 | 1 Caldera | 1 Unixware | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument. | |||||
| CVE-2001-1574 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code. | |||||
| CVE-2001-1573 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter. | |||||
| CVE-2001-1572 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 7.5 HIGH | N/A |
| The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets. | |||||
| CVE-2001-1571 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing. | |||||
| CVE-2001-1570 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 2.1 LOW | N/A |
| Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out. | |||||
| CVE-2001-1569 | 1 Cmg | 1 Openwave Wap Gateway | 2008-09-05 | 6.4 MEDIUM | N/A |
| Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. | |||||
| CVE-2001-1568 | 1 Cmg | 1 Wap Gateway | 2008-09-05 | 6.4 MEDIUM | N/A |
| CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. | |||||
| CVE-2001-1566 | 2 Vanessa, Verge | 2 Vanessa Logger, Perdition | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in libvanessa_logger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the __vanessa_logger_log function. | |||||
| CVE-2001-1565 | 1 Apple | 1 Mac Os X | 2008-09-05 | 2.1 LOW | N/A |
| Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command. | |||||
| CVE-2001-1361 | 1 Twig Development Team | 1 Twig | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links. | |||||
| CVE-2001-1510 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. | |||||
| CVE-2001-1540 | 1 David F. Mischler | 1 Iproute | 2008-09-05 | 5.0 MEDIUM | N/A |
| IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a denial of service via fragmented IP packets that split the TCP header. | |||||
| CVE-2001-1511 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570". | |||||
| CVE-2001-1541 | 1 Bsdi | 1 Bsd Os | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2001-1543 | 1 Axis | 5 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 2 more | 2008-09-05 | 7.5 HIGH | N/A |
| Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera. | |||||
| CVE-2001-1544 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. | |||||
| CVE-2001-1321 | 1 Oracle | 1 Internet Directory | 2008-09-05 | 7.5 HIGH | N/A |
| Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2001-1240 | 1 Engardelinux | 1 Secure Linux | 2008-09-05 | 10.0 HIGH | N/A |
| The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access. | |||||
| CVE-2001-1545 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing. | |||||
| CVE-2001-1245 | 1 Opera Software | 1 Opera Web Browser | 2008-09-05 | 5.0 MEDIUM | N/A |
| Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name. | |||||
| CVE-2001-1292 | 1 Sambar | 1 Sambar Server | 2008-09-05 | 7.5 HIGH | N/A |
| Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password. | |||||
| CVE-2001-1546 | 1 Mckesson | 1 Pathways Homecare | 2008-09-05 | 4.6 MEDIUM | N/A |
| Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file. | |||||
| CVE-2001-1337 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Embedded-webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request. | |||||
| CVE-2001-1338 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Telnetd Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system. | |||||
| CVE-2001-1547 | 1 Microsoft | 1 Outlook Express | 2008-09-05 | 7.5 HIGH | N/A |
| Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code. | |||||
| CVE-2001-1339 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Embedded-webserver | 2008-09-05 | 7.5 HIGH | N/A |
| Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks. | |||||
| CVE-2001-1356 | 1 Netwin | 1 Surgeftp | 2008-09-05 | 10.0 HIGH | N/A |
| NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021. | |||||
| CVE-2001-1357 | 1 Phpheaven | 1 Phpmychat | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables. | |||||
| CVE-2001-1358 | 1 Phpheaven | 1 Phpmychat | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter. | |||||
| CVE-2001-1416 | 1 Aol | 1 Instant Messenger | 2008-09-05 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags. | |||||
| CVE-2001-1360 | 1 Mostang | 1 Sane | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned. | |||||
| CVE-2001-1559 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 2.1 LOW | N/A |
| The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference. | |||||
| CVE-2001-1561 | 2 Debian, John Bovey | 2 Debian Linux, Xvt | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments. | |||||
| CVE-2001-1332 | 1 Easy Software Products | 1 Cups | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code. | |||||