Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1176 | 1 Checkpoint | 3 Firewall-1, Provider-1, Vpn-1 | 2017-10-10 | 7.5 HIGH | N/A |
| Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection. | |||||
| CVE-2001-1177 | 1 Samsung | 2 Ml-85g Gdi Printer Driver, Ml-85p Printer Driver | 2017-10-10 | 6.2 MEDIUM | N/A |
| ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2001-1180 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 7.2 HIGH | N/A |
| FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child. | |||||
| CVE-2001-1183 | 1 Cisco | 1 Ios | 2017-10-10 | 5.0 MEDIUM | N/A |
| PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. | |||||
| CVE-2001-1193 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command. | |||||
| CVE-2001-1203 | 1 Alessandro Rubini | 1 Gpm | 2017-10-10 | 7.2 HIGH | N/A |
| Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges. | |||||
| CVE-2001-1227 | 1 Zope | 1 Zope | 2017-10-10 | 7.5 HIGH | N/A |
| Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. | |||||
| CVE-2001-1231 | 1 Novell | 1 Groupwise | 2017-10-10 | 5.0 MEDIUM | N/A |
| GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix. | |||||
| CVE-2001-1291 | 1 3com | 1 Superstack Ii Ps Hub | 2017-10-10 | 10.0 HIGH | N/A |
| The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing. | |||||
| CVE-2001-1303 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 5.0 MEDIUM | N/A |
| The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication. | |||||
| CVE-2001-1328 | 1 Sun | 1 Sunos | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code. | |||||
| CVE-2001-1345 | 1 Jetico | 1 Bestcrypt | 2017-10-10 | 4.6 MEDIUM | N/A |
| bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a Trojan horse program. | |||||
| CVE-2001-1351 | 1 Namazu | 1 Namazu | 2017-10-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers. | |||||
| CVE-2001-1352 | 1 Namazu | 1 Namazu | 2017-10-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter. | |||||
| CVE-2001-1359 | 1 Caldera | 1 Volution | 2017-10-10 | 10.0 HIGH | N/A |
| Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server. | |||||
| CVE-2001-1367 | 1 Phpslice | 1 Phpslice | 2017-10-10 | 10.0 HIGH | N/A |
| The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges. | |||||
| CVE-2001-1372 | 1 Oracle | 1 Application Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | |||||
| CVE-2001-1373 | 1 Zonelabs | 1 Zonealarm | 2017-10-10 | 5.0 MEDIUM | N/A |
| MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments. | |||||
| CVE-2001-1374 | 3 Conectiva, Don Libes, Redhat | 3 Linux, Expect, Linux | 2017-10-10 | 7.2 HIGH | N/A |
| expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. | |||||
| CVE-2001-1386 | 1 Texas Imperial Software | 1 Wftpd | 2017-10-10 | 5.0 MEDIUM | N/A |
| WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. | |||||
| CVE-2001-1391 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 2.1 LOW | N/A |
| Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. | |||||
| CVE-2002-0002 | 4 Engardelinux, Mandrakesoft, Redhat and 1 more | 4 Secure Linux, Mandrake Linux, Linux and 1 more | 2017-10-10 | 7.5 HIGH | N/A |
| Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code. | |||||
| CVE-2002-0003 | 1 Gnu | 1 Groff | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system. | |||||
| CVE-2002-0004 | 8 Caldera, Debian, Freebsd and 5 more | 9 Openlinux Server, Openlinux Workstation, Debian Linux and 6 more | 2017-10-10 | 7.2 HIGH | N/A |
| Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. | |||||
| CVE-2002-0005 | 1 Aol | 1 Instant Messenger | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame). | |||||
| CVE-2002-0006 | 1 Xchat | 1 Xchat | 2017-10-10 | 7.5 HIGH | N/A |
| XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set. | |||||
| CVE-2002-0007 | 1 Mozilla | 1 Bugzilla | 2017-10-10 | 10.0 HIGH | N/A |
| CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server. | |||||
| CVE-2002-0028 | 1 Mirabilis | 1 Icq | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request. | |||||
| CVE-2002-0038 | 1 Sgi | 1 Irix | 2017-10-10 | 5.0 MEDIUM | N/A |
| Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk. | |||||
| CVE-2002-0044 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Enscript, Linux | 2017-10-10 | 3.6 LOW | N/A |
| GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files. | |||||
| CVE-2002-0045 | 2 Openldap, Redhat | 2 Openldap, Linux | 2017-10-10 | 7.5 HIGH | N/A |
| slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs. | |||||
| CVE-2002-0046 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 5.0 MEDIUM | N/A |
| Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet. | |||||
| CVE-2002-0047 | 1 Olaf Titz | 1 Cipe | 2017-10-10 | 5.0 MEDIUM | N/A |
| CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet. | |||||
| CVE-2002-0060 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 7.5 HIGH | N/A |
| IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions. | |||||
| CVE-2002-0090 | 1 Sun | 1 Solaris | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option. | |||||
| CVE-2002-0275 | 1 Blueface | 1 Falcon Web Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL. | |||||
| CVE-2002-0302 | 1 Symantec | 1 Enterprise Firewall | 2017-10-10 | 5.0 MEDIUM | N/A |
| The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack. | |||||
| CVE-2002-0379 | 1 University Of Washington | 1 Uw-imap | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request. | |||||
| CVE-2002-0387 | 1 Sun | 1 One Application Server | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL. | |||||
| CVE-2002-0395 | 1 Red-m | 1 1050ap Lan Acess Point | 2017-10-10 | 10.0 HIGH | N/A |
| The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods. | |||||
| CVE-2002-0396 | 1 Red-m | 1 1050ap Lan Acess Point | 2017-10-10 | 7.5 HIGH | N/A |
| The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session. | |||||
| CVE-2002-0397 | 1 Red-m | 1 1050ap Lan Acess Point | 2017-10-10 | 5.0 MEDIUM | N/A |
| Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887. | |||||
| CVE-2002-0398 | 1 Red-m | 1 1050ap Lan Acess Point | 2017-10-10 | 10.0 HIGH | N/A |
| Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name. | |||||
| CVE-2002-0567 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2017-10-10 | 7.5 HIGH | N/A |
| Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. | |||||
| CVE-2002-0651 | 1 Isc | 1 Bind | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers. | |||||
| CVE-2002-0668 | 1 Pingtel | 1 Xpressa | 2017-10-10 | 7.5 HIGH | N/A |
| The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls. | |||||
| CVE-2002-0674 | 1 Pingtel | 1 Xpressa | 2017-10-10 | 7.2 HIGH | N/A |
| Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication. | |||||
| CVE-2002-0830 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 5.0 MEDIUM | N/A |
| Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop. | |||||
| CVE-2002-0844 | 1 Derek Price | 1 Cvsd | 2017-10-10 | 4.6 MEDIUM | N/A |
| Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. | |||||
| CVE-2002-0850 | 1 Pgp | 1 Corporate Desktop | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted. | |||||