Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0400 | 1 Matt Tourtillott | 1 Nph-maillist | 2008-09-05 | 7.5 HIGH | N/A |
| nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address. | |||||
| CVE-2001-0786 | 1 Internet Software Solutions | 1 Air Messenger Lan Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 stores user passwords in plaintext in the pUser.Dat file. | |||||
| CVE-2001-0794 | 1 A-ftp | 1 Anonymous Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers to cause a denial of service via a long USER command. | |||||
| CVE-2001-0795 | 1 Perception | 1 Liteserve | 2008-09-05 | 5.0 MEDIUM | N/A |
| Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names. | |||||
| CVE-2001-0572 | 2 Openbsd, Ssh | 2 Openssh, Ssh | 2008-09-05 | 7.5 HIGH | N/A |
| The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands. | |||||
| CVE-2001-0569 | 1 Zope | 1 Zope | 2008-09-05 | 2.1 LOW | N/A |
| Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet. | |||||
| CVE-2001-0395 | 1 Lightwave | 1 Consoleserver | 2008-09-05 | 7.5 HIGH | N/A |
| Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing. | |||||
| CVE-2001-0790 | 1 Specter | 1 Specter Ids | 2008-09-05 | 5.0 MEDIUM | N/A |
| Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a denial of service (CPU exhaustion) via a port scan, which causes the server to consume CPU while preparing alerts. | |||||
| CVE-2001-0791 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 5.0 MEDIUM | N/A |
| Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access. | |||||
| CVE-2001-0398 | 1 Ritlabs | 1 The Bat | 2008-09-05 | 7.5 HIGH | N/A |
| The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon. | |||||
| CVE-2001-0397 | 1 Silent Runner | 1 Silent Runner Collector Src | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long SMTP HELO command. | |||||
| CVE-2001-0396 | 1 Lightwave | 1 Consoleserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users. | |||||
| CVE-2001-0079 | 1 Hp | 1 Support Tools Manager | 2008-09-05 | 2.1 LOW | N/A |
| Support Tools Manager (STM) A.22.00 for HP-UX allows local users to overwrite arbitrary files via a symlink attack on the tool_stat.txt log file. | |||||
| CVE-2001-0210 | 1 Carey Internet Service | 1 Commerce.cgi | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter. | |||||
| CVE-2001-0208 | 1 Microfocus | 1 Cobol | 2008-09-05 | 4.6 MEDIUM | N/A |
| MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the mfaslmf directory and the nolicense file with insecure permissions, which allows local users to gain privileges by modifying files. | |||||
| CVE-2001-0192 | 1 Davide Libenzi | 1 Xmail | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions. | |||||
| CVE-2001-0225 | 1 Lenzo | 1 Infobot | 2008-09-05 | 10.0 HIGH | N/A |
| fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2001-0127 | 1 Oliver Debon | 1 Flash | 2008-09-05 | 7.6 HIGH | N/A |
| Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag. | |||||
| CVE-2001-0264 | 1 Gene6 | 1 G6 Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection. | |||||
| CVE-2001-0272 | 1 W3.org | 1 Sendtemp.pl | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter. | |||||
| CVE-2001-0266 | 1 Hp | 1 Hp-ux | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges. | |||||
| CVE-2001-0232 | 1 Ibrow | 1 News Desk | 2008-09-05 | 5.0 MEDIUM | N/A |
| newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via shell metacharacters. | |||||
| CVE-2001-0074 | 1 Technote Inc | 1 Technote | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in print.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the board parameter. | |||||
| CVE-2001-0075 | 1 Technote Inc | 1 Technote | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter. | |||||
| CVE-2001-0114 | 1 Omnicron | 1 Omnihttpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter. | |||||
| CVE-2001-0084 | 1 Gtk | 1 Gtk\+ | 2008-09-05 | 7.2 HIGH | N/A |
| GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program. | |||||
| CVE-2001-0113 | 1 Omnicron | 1 Omnihttpd | 2008-09-05 | 10.0 HIGH | N/A |
| statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script. | |||||
| CVE-2001-0229 | 1 Sun | 1 Chilisoft | 2008-09-05 | 7.2 HIGH | N/A |
| Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts. | |||||
| CVE-2001-0227 | 1 Biblioscape | 1 Biblioweb Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. | |||||
| CVE-2001-0283 | 1 Sun | 1 Sun Ftp | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT. | |||||
| CVE-2001-0186 | 1 Free Java Web Server | 1 Free Java Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2001-0270 | 1 Marconi | 2 Asx-1000, Forethought | 2008-09-05 | 5.0 MEDIUM | N/A |
| Marconi ASX-1000 ASX switches allow remote attackers to cause a denial of service in the telnet and web management interfaces via a malformed packet with the SYN-FIN and More Fragments attributes set. | |||||
| CVE-2001-0271 | 1 Mailnews.cgi | 1 Mailnews.cgi | 2008-09-05 | 10.0 HIGH | N/A |
| mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitrary commands via a user name that contains shell metacharacters. | |||||
| CVE-2001-0200 | 1 Heat-on Software | 1 Hsweb | 2008-09-05 | 5.0 MEDIUM | N/A |
| HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled. | |||||
| CVE-2001-0202 | 1 Informs | 1 Picserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Picserver web server allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTP GET request. | |||||
| CVE-2001-0306 | 1 Itafrica | 1 Webactive | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ITAfrica WEBactive HTTP Server 1.00 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. | |||||
| CVE-2001-0307 | 1 Bajie | 1 Java Http Server | 2008-09-05 | 7.5 HIGH | N/A |
| Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist. | |||||
| CVE-2001-0206 | 1 Soft Lite | 1 Serverworx | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or ... into the requested pathname of an HTTP GET request. | |||||
| CVE-2001-0262 | 1 Netscape | 1 Smartdownload | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL. | |||||
| CVE-2001-0163 | 1 Cisco | 1 Aironet Ap340 | 2008-09-05 | 4.6 MEDIUM | N/A |
| Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. | |||||
| CVE-2001-0390 | 1 Ibm | 3 Net.commerce, Net.commerce Hosting Server, Websphere Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters. | |||||
| CVE-2001-0389 | 1 Ibm | 2 Net.commerce, Websphere Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. | |||||
| CVE-2001-0384 | 1 Siemens | 1 Reliant Unix | 2008-09-05 | 2.1 LOW | N/A |
| ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file. | |||||
| CVE-2001-0281 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges. | |||||
| CVE-2001-0354 | 1 Thenet | 1 Checkbo | 2008-09-05 | 5.0 MEDIUM | N/A |
| TheNet CheckBO 1.56 allows remote attackers to cause a denial of service via a flood of characters to the TCP ports which it is listening on. | |||||
| CVE-2001-0279 | 2 Debian, Mandrakesoft | 3 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges. | |||||
| CVE-2001-0275 | 1 Moby | 1 Netsuite Web Server | 2008-09-05 | 2.1 LOW | N/A |
| Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request. | |||||
| CVE-2001-0289 | 1 Joseph Allen | 1 Joe | 2008-09-05 | 4.6 MEDIUM | N/A |
| Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory. | |||||
| CVE-2001-0288 | 1 Cisco | 1 Ios | 2008-09-05 | 7.5 HIGH | N/A |
| Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. | |||||
| CVE-2001-0287 | 1 Symantec Veritas | 1 Cluster Server | 2008-09-05 | 2.1 LOW | N/A |
| VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command. | |||||