Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1042 | 1 Transsoft | 1 Broker Ftp Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | |||||
| CVE-2001-1044 | 1 Basilix | 1 Basilix Webmail | 2017-12-19 | 7.5 HIGH | N/A |
| Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file. | |||||
| CVE-2001-1045 | 1 Basilix | 1 Basilix Webmail | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter. | |||||
| CVE-2001-1047 | 1 Openbsd | 1 Openbsd | 2017-12-19 | 1.2 LOW | N/A |
| Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork. | |||||
| CVE-2001-1050 | 1 Cccsoftware | 1 Ccc | 2017-12-19 | 7.5 HIGH | N/A |
| CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1051 | 1 Dark Hart Portal | 1 Darkportal-unix | 2017-12-19 | 7.5 HIGH | N/A |
| Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1052 | 1 Emergenices Personnel Information System | 1 Empris | 2017-12-19 | 7.5 HIGH | N/A |
| Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1057 | 1 Wolfram Research | 1 Mathematica | 2017-12-19 | 5.0 MEDIUM | N/A |
| The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests. | |||||
| CVE-2001-1058 | 1 Wolfram Research | 1 Mathematica | 2017-12-19 | 7.5 HIGH | N/A |
| The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license. | |||||
| CVE-2001-1064 | 1 Cisco | 1 Cbos | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets. | |||||
| CVE-2001-1065 | 1 Cisco | 1 Cbos | 2017-12-19 | 5.0 MEDIUM | N/A |
| Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. | |||||
| CVE-2001-1068 | 1 Qualcomm | 1 Qpopper | 2017-12-19 | 5.0 MEDIUM | N/A |
| qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system. | |||||
| CVE-2001-1070 | 1 Sage Software | 1 Mas 200 | 2017-12-19 | 2.1 LOW | N/A |
| Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters. | |||||
| CVE-2001-1073 | 1 Webridge | 1 Px Application Suite | 2017-12-19 | 5.0 MEDIUM | N/A |
| Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR. | |||||
| CVE-2001-1077 | 1 Rxvt | 1 Rxvt | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument. | |||||
| CVE-2001-1078 | 1 Extremail | 1 Extremail | 2017-12-19 | 10.0 HIGH | N/A |
| Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication. | |||||
| CVE-2001-1086 | 1 Xfree86 Project | 1 X11r6 | 2017-12-19 | 7.5 HIGH | N/A |
| XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack. | |||||
| CVE-2001-1087 | 1 Network Appliance | 1 Netcache | 2017-12-19 | 7.5 HIGH | N/A |
| The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device. | |||||
| CVE-2001-1090 | 1 Alessandro Gardich | 1 Nss Postgresql | 2017-12-19 | 7.5 HIGH | N/A |
| nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request. | |||||
| CVE-2001-1091 | 1 Netbsd | 1 Netbsd | 2017-12-19 | 7.2 HIGH | N/A |
| The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable. | |||||
| CVE-2001-1092 | 1 Compaq | 1 Tru64 | 2017-12-19 | 2.1 LOW | N/A |
| msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file. | |||||
| CVE-2001-1093 | 1 Compaq | 1 Tru64 | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2001-1094 | 1 Crosstec Corporation | 1 Netop School | 2017-12-19 | 4.6 MEDIUM | N/A |
| NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version. | |||||
| CVE-2001-1097 | 1 Cisco | 1 Ios | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. | |||||
| CVE-2001-1101 | 1 Checkpoint | 1 Firewall-1 | 2017-12-19 | 6.4 MEDIUM | N/A |
| The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2001-1102 | 1 Checkpoint | 1 Firewall-1 | 2017-12-19 | 6.2 MEDIUM | N/A |
| Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable. | |||||
| CVE-2001-1107 | 1 Snapstream | 1 Pvs | 2017-12-19 | 5.0 MEDIUM | N/A |
| SnapStream PVS 1.2a stores its passwords in plaintext in the file SSD.ini, which could allow a remote attacker to gain privileges on the server. | |||||
| CVE-2001-1109 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands. | |||||
| CVE-2001-1111 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2017-12-19 | 4.6 MEDIUM | N/A |
| EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file. | |||||
| CVE-2001-1112 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters. | |||||
| CVE-2001-1114 | 1 Netcode | 1 Nc Book | 2017-12-19 | 7.5 HIGH | N/A |
| book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter. | |||||
| CVE-2001-1115 | 1 Sixhead | 1 Six-webboard | 2017-12-19 | 5.0 MEDIUM | N/A |
| generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter. | |||||
| CVE-2001-1120 | 1 Allaire | 1 Coldfusion Server | 2017-12-19 | 6.4 MEDIUM | N/A |
| Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates. | |||||
| CVE-2001-1122 | 1 Microsoft | 1 Windows Nt | 2017-12-19 | 2.1 LOW | N/A |
| Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode. | |||||
| CVE-2001-1123 | 1 Hp | 1 Openview Network Node Manager | 2017-12-19 | 7.2 HIGH | N/A |
| Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID. | |||||
| CVE-2001-1124 | 1 Hp | 1 Hp-ux | 2017-12-19 | 5.0 MEDIUM | N/A |
| rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow. | |||||
| CVE-2001-1125 | 1 Symantec | 1 Liveupdate | 2017-12-19 | 7.5 HIGH | N/A |
| Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. | |||||
| CVE-2001-1126 | 1 Symantec | 1 Liveupdate | 2017-12-19 | 5.0 MEDIUM | N/A |
| Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site. | |||||
| CVE-2001-1127 | 1 Progress | 1 Progress | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. | |||||
| CVE-2001-1128 | 1 Progress | 1 Progress | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. | |||||
| CVE-2001-1129 | 1 Progress | 1 Progress | 2017-12-19 | 7.2 HIGH | N/A |
| Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. | |||||
| CVE-2001-1135 | 1 Zyxel | 1 Prestige | 2017-12-19 | 7.5 HIGH | N/A |
| ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known. | |||||
| CVE-2001-1136 | 1 Hp | 1 Hp-ux | 2017-12-19 | 2.1 LOW | N/A |
| The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service. | |||||
| CVE-2001-1137 | 1 D-link | 1 Dl-704 | 2017-12-19 | 5.0 MEDIUM | N/A |
| D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments. | |||||
| CVE-2001-1138 | 1 Randy Parker | 1 Power Up Html | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter. | |||||
| CVE-2001-1140 | 1 Working Resources Inc. | 1 Badblue | 2017-12-19 | 5.0 MEDIUM | N/A |
| BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request. | |||||
| CVE-2001-1151 | 1 Trend Micro | 2 Officescan, Virus Buster | 2017-12-19 | 5.0 MEDIUM | N/A |
| Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password. | |||||
| CVE-2001-1154 | 2 Bsdi, Carnegie Mellon University | 2 Bsd Os, Cyrus Imap Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients. | |||||
| CVE-2001-1170 | 1 Amtote International | 1 Homebet | 2017-12-19 | 5.0 MEDIUM | N/A |
| AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers. | |||||
| CVE-2001-1178 | 1 Xfree86 Project | 1 X11r6 | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable. | |||||