Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1161 | 1 Lotus | 1 Domino R5 Server | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script. | |||||
| CVE-2001-1159 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 7.5 HIGH | N/A |
| load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. | |||||
| CVE-2001-1184 | 1 Denicomp | 1 Winsock Rshd Nt | 2008-09-05 | 5.0 MEDIUM | N/A |
| wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number, which causes a connection attempt to that port and all ports below 1024, and (2) in 2.21.00, a port number of 1024. | |||||
| CVE-2001-1157 | 1 Baltimore Technologies | 1 Websweeper | 2008-09-05 | 7.5 HIGH | N/A |
| Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode. | |||||
| CVE-2001-1156 | 1 Typsoft | 1 Typsoft Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR. | |||||
| CVE-2001-1185 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 6.2 MEDIUM | N/A |
| Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges. | |||||
| CVE-2001-1149 | 1 Panda | 1 Panda Antivirus Platinum | 2008-09-05 | 5.0 MEDIUM | N/A |
| Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file. | |||||
| CVE-2001-0398 | 1 Ritlabs | 1 The Bat | 2008-09-05 | 7.5 HIGH | N/A |
| The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon. | |||||
| CVE-2001-0396 | 1 Lightwave | 1 Consoleserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users. | |||||
| CVE-2001-0397 | 1 Silent Runner | 1 Silent Runner Collector Src | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long SMTP HELO command. | |||||
| CVE-2001-0395 | 1 Lightwave | 1 Consoleserver | 2008-09-05 | 7.5 HIGH | N/A |
| Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing. | |||||
| CVE-2001-0790 | 1 Specter | 1 Specter Ids | 2008-09-05 | 5.0 MEDIUM | N/A |
| Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a denial of service (CPU exhaustion) via a port scan, which causes the server to consume CPU while preparing alerts. | |||||
| CVE-2001-0688 | 1 Transsoft | 1 Broker Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial of service by repeatedly issuing an invalid CD or CWD ("CD . .") command. | |||||
| CVE-2001-0432 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands. | |||||
| CVE-2001-0691 | 1 University Of Washington | 1 Imapd | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations. | |||||
| CVE-2001-0425 | 1 Adcycle | 1 Adcycle | 2008-09-05 | 7.5 HIGH | N/A |
| AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information. | |||||
| CVE-2001-0694 | 1 Texas Imperial Software | 1 Wftpd | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command. | |||||
| CVE-2001-0758 | 1 Evolvable Corporation | 1 Shambala Server | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Shambala 4.5 allows remote attackers to escape the FTP root directory via "CWD ..." command. | |||||
| CVE-2001-0759 | 1 Jetico | 1 Bestcrypt | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount. | |||||
| CVE-2001-0713 | 1 Sendmail | 1 Sendmail | 2008-09-05 | 4.6 MEDIUM | N/A |
| Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function. | |||||
| CVE-2001-0406 | 1 Samba | 1 Samba | 2008-09-05 | 2.1 LOW | N/A |
| Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient. | |||||
| CVE-2001-0418 | 1 Ncm | 1 Ncm Content Management System | 2008-09-05 | 5.0 MEDIUM | N/A |
| content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter. | |||||
| CVE-2001-0490 | 1 Nullsoft | 1 Winamp | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file. | |||||
| CVE-2001-0483 | 1 Symantec | 1 Raptor Firewall | 2008-09-05 | 7.5 HIGH | N/A |
| Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set. | |||||
| CVE-2001-0480 | 1 Alex Linde | 1 Alexs Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Alex's FTP Server 0.7 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the (1) GET or (2) CD commands. | |||||
| CVE-2001-0479 | 1 Phppgadmin | 1 Phppgadmin | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. | |||||
| CVE-2001-0478 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. | |||||
| CVE-2001-0477 | 1 Webcalendar | 1 Webcalendar | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in WebCalendar 0.9.26 allows remote command execution. | |||||
| CVE-2001-0471 | 1 Ssh | 1 Ssh | 2008-09-05 | 7.5 HIGH | N/A |
| SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack. | |||||
| CVE-2001-0535 | 1 Macromedia | 1 Coldfusion Server | 2008-09-05 | 7.5 HIGH | N/A |
| Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. | |||||
| CVE-2001-0671 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges. | |||||
| CVE-2001-0453 | 1 Brs | 1 Webweaver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories. | |||||
| CVE-2001-0452 | 1 Brs | 1 Webweaver | 2008-09-05 | 5.0 MEDIUM | N/A |
| BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command. | |||||
| CVE-2001-0568 | 1 Zope | 1 Zope | 2008-09-05 | 2.1 LOW | N/A |
| Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes. | |||||
| CVE-2001-0569 | 1 Zope | 1 Zope | 2008-09-05 | 2.1 LOW | N/A |
| Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet. | |||||
| CVE-2001-0448 | 1 Software602 | 1 602pro Lan Suite | 2008-09-05 | 5.0 MEDIUM | N/A |
| Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories with legacy DOS device names. | |||||
| CVE-2001-0447 | 1 Software602 | 1 602pro Lan Suite | 2008-09-05 | 7.5 HIGH | N/A |
| Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters. | |||||
| CVE-2001-0572 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2008-09-05 | 7.5 HIGH | N/A |
| The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. | |||||
| CVE-2001-0632 | 1 Sun | 1 Chilisoft | 2008-09-05 | 7.5 HIGH | N/A |
| Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges. | |||||
| CVE-2001-0755 | 1 Debian | 1 Debian Linux | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command. | |||||
| CVE-2001-0442 | 1 David Harris | 1 Mercury Nlm | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command. | |||||
| CVE-2001-0633 | 1 Sun | 1 Chilisoft | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'. | |||||
| CVE-2001-0636 | 1 Raytheon | 1 Silentrunner | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. NOTE: It is highly likely that this candidate will be split into multiple candidates. | |||||
| CVE-2001-0800 | 1 Sgi | 1 Irix | 2008-09-05 | 10.0 HIGH | N/A |
| lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2001-0647 | 1 Orange Software | 1 Orange Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version. | |||||
| CVE-2001-0438 | 1 Netopia | 1 Timbuktu Mac | 2008-09-05 | 2.1 LOW | N/A |
| Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu. | |||||
| CVE-2001-0767 | 1 Steve Poulsen | 1 Guildftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a .. in (1) LS or (2) GET. | |||||
| CVE-2001-0689 | 1 Trend Micro | 1 Virus Control System | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in TrendMicro Virus Control System 1.8 allows a remote attacker to view configuration files and change the configuration via a certain CGI program. | |||||
| CVE-2001-0761 | 1 Trend Micro | 1 Interscan Webmanager | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1.2 allows remote attackers to execute arbitrary code via a long value to a certain parameter. | |||||
| CVE-2001-0714 | 1 Sendmail | 1 Sendmail | 2008-09-05 | 2.1 LOW | N/A |
| Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option. | |||||