Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0582 | 1 Ben Spink | 1 Crushftp Ftp Server | 2017-12-19 | 4.6 MEDIUM | N/A |
| Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR. | |||||
| CVE-2001-0583 | 1 Alt-n | 1 Mdaemon | 2017-12-19 | 5.0 MEDIUM | N/A |
| Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001. | |||||
| CVE-2001-0584 | 1 Alt-n | 1 Mdaemon | 2017-12-19 | 2.1 LOW | N/A |
| IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands. | |||||
| CVE-2001-0587 | 1 Sco | 1 Openserver | 2017-12-19 | 7.2 HIGH | N/A |
| deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command. | |||||
| CVE-2001-0592 | 1 Watchguard | 1 Firebox Ii | 2017-12-19 | 5.0 MEDIUM | N/A |
| Watchguard Firebox II prior to 4.6 allows a remote attacker to create a denial of service in the kernel via a large stream (>10,000) of malformed ICMP or TCP packets. | |||||
| CVE-2001-0597 | 1 Zetetic Enterprises | 1 Strip | 2017-12-19 | 7.2 HIGH | N/A |
| Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'. | |||||
| CVE-2001-0598 | 1 Symantec | 1 Norton Ghost | 2017-12-19 | 5.0 MEDIUM | N/A |
| Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled. | |||||
| CVE-2001-0599 | 1 Sybase | 1 Adaptive Server Anywhere | 2017-12-19 | 5.0 MEDIUM | N/A |
| Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier as included with Symantec Ghost 6.5 allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to port 2638. | |||||
| CVE-2001-0600 | 1 Lotus | 1 Domino R5 Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type. | |||||
| CVE-2001-0601 | 1 Lotus | 1 Domino R5 Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters. | |||||
| CVE-2001-0602 | 1 Lotus | 1 Domino R5 Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices. | |||||
| CVE-2001-0603 | 1 Lotus | 1 Domino R5 Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148. | |||||
| CVE-2001-0604 | 1 Lotus | 1 Domino R5 Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters. | |||||
| CVE-2001-0606 | 2 Hp, Sun | 2 Virtualvault, Iplanet Web Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service. | |||||
| CVE-2001-0608 | 1 Hp | 1 Mpe | 2017-12-19 | 7.5 HIGH | N/A |
| HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program. | |||||
| CVE-2001-0609 | 1 Infodrom | 1 Cfingerd | 2017-12-19 | 10.0 HIGH | N/A |
| Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. | |||||
| CVE-2001-0610 | 2 Kde, Suse | 2 Kde, Suse Linux | 2017-12-19 | 4.6 MEDIUM | N/A |
| kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp. | |||||
| CVE-2001-0614 | 1 Carello | 1 E-commerce | 2017-12-19 | 7.5 HIGH | N/A |
| Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL. | |||||
| CVE-2001-0617 | 1 Alliedtelesyn | 1 At-ar220e | 2017-12-19 | 7.5 HIGH | N/A |
| Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled. | |||||
| CVE-2001-0618 | 1 Lucent | 1 Orinoco Rg-1000 | 2017-12-19 | 7.5 HIGH | N/A |
| Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the 'Network Name' or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic. | |||||
| CVE-2001-0620 | 1 Iplanet | 1 Calendar Server | 2017-12-19 | 2.1 LOW | N/A |
| iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions. | |||||
| CVE-2001-0623 | 1 Sendfile | 1 Sendfile | 2017-12-19 | 4.6 MEDIUM | N/A |
| sendfiled, as included with Simple Asynchronous File Transfer (SAFT), on various Linux systems does not properly drop privileges when sending notification emails, which allows local attackers to gain privileges. | |||||
| CVE-2001-0624 | 1 Qnx | 1 Qnx | 2017-12-19 | 2.1 LOW | N/A |
| QNX 2.4 allows a local user to read arbitrary files by directly accessing the mount point for the FAT disk partition, e.g. /fs-dos. | |||||
| CVE-2001-0703 | 1 Arcadia | 1 Arcadia Internet Store | 2017-12-19 | 5.0 MEDIUM | N/A |
| tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter. | |||||
| CVE-2001-0704 | 1 Arcadia | 1 Arcadia Internet Store | 2017-12-19 | 7.5 HIGH | N/A |
| tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist. | |||||
| CVE-2001-0705 | 1 Arcadia | 1 Arcadia Internet Store | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in the template argument. | |||||
| CVE-2001-0707 | 1 Denicomp | 1 Rshd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a denial of service (crash) via a long string to port 514. | |||||
| CVE-2001-0708 | 1 Denicomp | 1 Rexecd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a denial of service (crash) via a long string. | |||||
| CVE-2001-0709 | 1 Microsoft | 1 Internet Information Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | |||||
| CVE-2001-0711 | 1 Cisco | 1 Ios | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. | |||||
| CVE-2001-0734 | 1 Netbsd | 1 Netbsd | 2017-12-19 | 7.2 HIGH | N/A |
| Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local user to gain privileges via modified Status Register contents, which are not properly handled by (1) the sigreturn system call or (2) the process_write_regs kernel routine. | |||||
| CVE-2001-0735 | 1 Infodrom | 1 Cfingerd | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file. | |||||
| CVE-2001-0736 | 5 Engardelinux, Immunix, Mandrakesoft and 2 more | 6 Secure Linux, Immunix, Mandrake Linux and 3 more | 2017-12-19 | 2.1 LOW | N/A |
| Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2001-0737 | 1 Logitech | 4 Cordless Freedom, Cordless Freedom Navigator, Cordless Freedom Pro and 1 more | 2017-12-19 | 7.5 HIGH | N/A |
| A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack. | |||||
| CVE-2001-0746 | 1 Iplanet | 1 Iplanet Web Server | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods. | |||||
| CVE-2001-0768 | 1 Steve Poulsen | 1 Guildftpd | 2017-12-19 | 4.6 MEDIUM | N/A |
| GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file. | |||||
| CVE-2001-0772 | 1 Hp | 1 Hp-ux | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges. | |||||
| CVE-2001-0776 | 1 Dynfx | 1 Dynfx Mailserver | 2017-12-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in DynFX MailServer version 2.10 allows remote attackers to conduct a denial of service via a long username to the POP3 service. | |||||
| CVE-2001-0777 | 1 Omnicron | 1 Omnihttpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests for PHP scripts. | |||||
| CVE-2001-0778 | 1 Omnicron | 1 Omnihttpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20). | |||||
| CVE-2001-0781 | 1 Pi-soft | 1 Spoonftp | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST. | |||||
| CVE-2001-0782 | 1 Kde | 1 Ktv | 2017-12-19 | 7.2 HIGH | N/A |
| KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file. | |||||
| CVE-2001-0783 | 1 Cisco | 1 Tftp Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command. | |||||
| CVE-2001-0808 | 1 Yngve Svendsen | 1 Gnatsweb | 2017-12-19 | 10.0 HIGH | N/A |
| gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter. | |||||
| CVE-2001-0817 | 1 Hp | 1 Hp-ux | 2017-12-19 | 10.0 HIGH | N/A |
| Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request. | |||||
| CVE-2001-0818 | 1 Marty Bochane | 1 Mdbms | 2017-12-19 | 7.5 HIGH | N/A |
| A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data. | |||||
| CVE-2001-0820 | 1 Gaztek | 1 Ghttp | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c. | |||||
| CVE-2001-0821 | 1 Dcscripts | 1 Dcshop | 2017-12-19 | 5.0 MEDIUM | N/A |
| The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt. | |||||
| CVE-2001-0835 | 1 Bradford Barrett | 1 Webalizer | 2017-12-19 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup. | |||||
| CVE-2001-0839 | 1 Ibill Internet Billing Company | 1 Processing Plus | 2017-12-19 | 7.5 HIGH | N/A |
| ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing. | |||||