Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1217 | 1 Oracle | 1 Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences. | |||||
| CVE-2001-1216 | 1 Oracle | 1 Application Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. | |||||
| CVE-2001-1185 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 6.2 MEDIUM | N/A |
| Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges. | |||||
| CVE-2001-1155 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 7.5 HIGH | N/A |
| TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing. | |||||
| CVE-2001-1152 | 1 Baltimore Technologies | 1 Websweeper | 2008-09-05 | 7.5 HIGH | N/A |
| Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters. | |||||
| CVE-2001-1184 | 1 Denicomp | 1 Winsock Rshd Nt | 2008-09-05 | 5.0 MEDIUM | N/A |
| wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number, which causes a connection attempt to that port and all ports below 1024, and (2) in 2.21.00, a port number of 1024. | |||||
| CVE-2001-1166 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process. | |||||
| CVE-2001-1165 | 1 Intego | 2 Diskguard, Fileguard | 2008-09-05 | 4.6 MEDIUM | N/A |
| Intego FileGuard 4.0 uses weak encryption to store user information and passwords, which allows local users to gain privileges by decrypting the information, e.g., with the Disengage tool. | |||||
| CVE-2001-1150 | 1 Trend Micro | 2 Officescan, Virus Buster | 2008-09-05 | 5.0 MEDIUM | N/A |
| Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files. | |||||
| CVE-2001-1048 | 1 Topher1kenobe | 1 Awol | 2008-09-05 | 7.5 HIGH | N/A |
| AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-0866 | 1 Cisco | 1 12000 Router | 2008-09-05 | 7.5 HIGH | N/A |
| Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls. | |||||
| CVE-2001-1133 | 1 Bsdi | 1 Bsd Os | 2008-09-05 | 2.1 LOW | N/A |
| Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions. | |||||
| CVE-2001-1131 | 1 Whitsoft Development | 1 Slimftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command. | |||||
| CVE-2001-1025 | 1 Francisco Burzi | 1 Php-nuke | 2008-09-05 | 10.0 HIGH | N/A |
| PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php. | |||||
| CVE-2001-1157 | 1 Baltimore Technologies | 1 Websweeper | 2008-09-05 | 7.5 HIGH | N/A |
| Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode. | |||||
| CVE-2001-1164 | 1 Caldera | 1 Unixware | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt. | |||||
| CVE-2001-1163 | 1 Munica | 1 Netsql | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500. | |||||
| CVE-2001-1207 | 1 Daydream | 1 Daydream Bbs | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA. | |||||
| CVE-2001-0840 | 1 Compaq | 1 Insight Manager Xe | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI. | |||||
| CVE-2001-0943 | 1 Oracle | 1 Database Server | 2008-09-05 | 7.2 HIGH | N/A |
| dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs. | |||||
| CVE-2001-0989 | 1 Richard Everitt | 1 Pileup | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign. | |||||
| CVE-2001-1015 | 1 Snes9x.com | 1 Snes9x | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Snes9x 1.37, when installed setuid root, allows local users to gain root privileges via a long command line argument. | |||||
| CVE-2001-1028 | 1 Redhat | 1 Linux | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges. | |||||
| CVE-2001-1081 | 2 Lucent, Simon Horms | 2 Radius, Radius | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages. | |||||
| CVE-2001-1082 | 2 Lucent, Simon Horms | 2 Radius, Radius | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2001-1169 | 1 Bell Communications Research | 1 S Key | 2008-09-05 | 7.5 HIGH | N/A |
| keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo. | |||||
| CVE-2001-1171 | 1 Checkpoint | 1 Firewall-1 | 2008-09-05 | 7.2 HIGH | N/A |
| Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy. | |||||
| CVE-2001-1188 | 1 Brian Dorricott | 1 Mailto | 2008-09-05 | 7.5 HIGH | N/A |
| mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields. | |||||
| CVE-2001-1189 | 1 Ibm | 1 Websphere Application Server | 2008-09-05 | 4.6 MEDIUM | N/A |
| IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. | |||||
| CVE-2001-1211 | 1 Ipswitch | 1 Imail | 2008-09-05 | 7.5 HIGH | N/A |
| Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain. | |||||
| CVE-2001-0976 | 1 Hp | 1 Process Resource Manager | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables. | |||||
| CVE-2001-1200 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 7.2 HIGH | N/A |
| Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. | |||||
| CVE-2001-1199 | 1 Steve Kneizys | 1 Agora.cgi | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter. | |||||
| CVE-2001-1191 | 1 Ibm | 1 Tivoli Secureway Policy Director | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e. | |||||
| CVE-2001-1190 | 1 Mandrakesoft | 1 Mandrake Linux | 2008-09-05 | 4.6 MEDIUM | N/A |
| The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended. | |||||
| CVE-2001-1179 | 1 Xfree86 Project | 1 X11r6 | 2008-09-05 | 7.2 HIGH | N/A |
| xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters. | |||||
| CVE-2001-1147 | 1 Andries Brouwer | 1 Util-linux | 2008-09-05 | 7.2 HIGH | N/A |
| The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits. | |||||
| CVE-2001-1143 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789. | |||||
| CVE-2001-1142 | 1 Argosoft | 1 Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges. | |||||
| CVE-2001-1139 | 1 Ascii Nt | 1 Winwrapper Professional | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request. | |||||
| CVE-2001-1110 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2008-09-05 | 5.0 MEDIUM | N/A |
| EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection. | |||||
| CVE-2001-1061 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error. | |||||
| CVE-2001-1040 | 1 Hp | 1 Jetadmin | 2008-09-05 | 6.4 MEDIUM | N/A |
| HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password. | |||||
| CVE-2001-1039 | 1 Hp | 1 Jetadmin | 2008-09-05 | 7.5 HIGH | N/A |
| The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to the printer. | |||||
| CVE-2001-1008 | 1 Sun | 2 Java Plug-in, Jre | 2008-09-05 | 7.5 HIGH | N/A |
| Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate. | |||||
| CVE-2001-1007 | 1 Starfish | 1 Truesync Desktop | 2008-09-05 | 5.0 MEDIUM | N/A |
| Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack. | |||||
| CVE-2001-1006 | 1 Starfish | 1 Truesync Desktop | 2008-09-05 | 5.0 MEDIUM | N/A |
| Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application. | |||||
| CVE-2001-1005 | 1 Starfish | 1 Truesync Desktop | 2008-09-05 | 7.5 HIGH | N/A |
| Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges. | |||||
| CVE-2001-1004 | 1 Gnutella | 1 Gnutella Client | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags. | |||||
| CVE-2001-0973 | 1 Fraunhofer Fit | 1 Bscw | 2008-09-05 | 6.4 MEDIUM | N/A |
| BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space. | |||||