Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0939 | 1 Lotus | 1 Domino | 2017-10-10 | 5.0 MEDIUM | N/A |
| Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443. | |||||
| CVE-2001-0940 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name. | |||||
| CVE-2001-0946 | 1 Redhat | 1 Linux | 2017-10-10 | 3.6 LOW | N/A |
| apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins. | |||||
| CVE-2001-0951 | 1 Microsoft | 1 Windows 2000 | 2017-10-10 | 5.0 MEDIUM | N/A |
| Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. | |||||
| CVE-2001-0954 | 1 Lotus | 1 Domino | 2017-10-10 | 5.0 MEDIUM | N/A |
| Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory. | |||||
| CVE-2001-0961 | 1 John E. Davis | 1 Most | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most. | |||||
| CVE-2001-0962 | 1 Ibm | 2 Websphere Application Server, Websphere Commerce Suite | 2017-10-10 | 7.5 HIGH | N/A |
| IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. | |||||
| CVE-2001-0963 | 1 Pi-soft | 1 Spoonftp | 2017-10-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... (modified dot dot) in the CD (CWD) command. | |||||
| CVE-2001-0969 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 10.0 HIGH | N/A |
| ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts. | |||||
| CVE-2001-0977 | 4 Debian, Mandrakesoft, Openldap and 1 more | 6 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 3 more | 2017-10-10 | 5.0 MEDIUM | N/A |
| slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. | |||||
| CVE-2001-0980 | 1 Caldera | 2 Openlinux Server, Openlinux Workstation | 2017-10-10 | 7.5 HIGH | N/A |
| docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page. | |||||
| CVE-2001-0981 | 1 Hp | 1 Cifs-9000 Server | 2017-10-10 | 10.0 HIGH | N/A |
| HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user. | |||||
| CVE-2001-0982 | 1 Ibm | 1 Tivoli Secureway Policy Director | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings. | |||||
| CVE-2001-0987 | 1 Nathan Neulinger | 1 Cgiwrap | 2017-10-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap. | |||||
| CVE-2001-0993 | 1 Netbsd | 1 Netbsd | 2017-10-10 | 2.1 LOW | N/A |
| sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length. | |||||
| CVE-2001-0995 | 1 Phpprojekt | 1 Phpprojekt | 2017-10-10 | 7.5 HIGH | N/A |
| PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs. | |||||
| CVE-2001-0998 | 1 Ibm | 2 Aix, Hacmp | 2017-10-10 | 5.0 MEDIUM | N/A |
| IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd. | |||||
| CVE-2001-1002 | 1 Redhat | 1 Linux | 2017-10-10 | 7.5 HIGH | N/A |
| The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands. | |||||
| CVE-2001-1010 | 1 Sambar | 1 Sambar Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter. | |||||
| CVE-2001-1011 | 1 Mambo | 1 Mambo Site Server | 2017-10-10 | 10.0 HIGH | N/A |
| index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters. | |||||
| CVE-2001-1016 | 1 Pgp | 5 Corporate Desktop, E-business Server, Freeware and 2 more | 2017-10-10 | 7.5 HIGH | N/A |
| PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability." | |||||
| CVE-2001-1017 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 7.2 HIGH | N/A |
| rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords. | |||||
| CVE-2001-1020 | 1 Vibechild | 1 Directory Manager | 2017-10-10 | 7.5 HIGH | N/A |
| edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function. | |||||
| CVE-2001-1022 | 2 Gnu, Jgroff | 2 Groff, Jgroff | 2017-10-10 | 7.5 HIGH | N/A |
| Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command. | |||||
| CVE-2001-1027 | 1 Windowmaker | 1 Windowmaker | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title. | |||||
| CVE-2001-1029 | 2 Freebsd, Openbsd | 2 Freebsd, Openssh | 2017-10-10 | 2.1 LOW | N/A |
| libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. | |||||
| CVE-2001-1030 | 6 Caldera, Immunix, Mandrakesoft and 3 more | 8 Openlinux Server, Immunix, Mandrake Linux and 5 more | 2017-10-10 | 7.5 HIGH | N/A |
| Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. | |||||
| CVE-2001-1032 | 1 Francisco Burzi | 1 Php-nuke | 2017-10-10 | 7.5 HIGH | N/A |
| admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. | |||||
| CVE-2001-1035 | 1 Slrn Development Team | 1 Slrn | 2017-10-10 | 7.5 HIGH | N/A |
| Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post. | |||||
| CVE-2001-1036 | 2 Gnu, Slackware | 2 Findutils, Slackware Linux | 2017-10-10 | 7.2 HIGH | N/A |
| GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory. | |||||
| CVE-2001-1043 | 1 Argosoft | 1 Ftp Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | |||||
| CVE-2001-1046 | 1 Qualcomm | 1 Qpopper | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username. | |||||
| CVE-2001-1053 | 1 Adcycle | 1 Adcycle | 2017-10-10 | 10.0 HIGH | N/A |
| AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument. | |||||
| CVE-2001-1055 | 1 Microsoft | 2 Windows 98, Windows 98se | 2017-10-10 | 5.0 MEDIUM | N/A |
| The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. | |||||
| CVE-2001-1059 | 1 Vmware | 1 Workstation | 2017-10-10 | 3.6 LOW | N/A |
| VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. | |||||
| CVE-2001-1063 | 1 Caldera | 2 Openunix, Unixware | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument. | |||||
| CVE-2001-1067 | 1 Aol | 1 Aol Server | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header. | |||||
| CVE-2001-1069 | 1 Adobe | 1 Acrobat Reader | 2017-10-10 | 7.2 HIGH | N/A |
| libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior. | |||||
| CVE-2001-1071 | 1 Cisco | 2 Catos, Ios | 2017-10-10 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements. | |||||
| CVE-2001-1072 | 1 Apache | 1 Http Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. | |||||
| CVE-2001-1074 | 1 Webmin | 1 Webmin | 2017-10-10 | 7.2 HIGH | N/A |
| Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. | |||||
| CVE-2001-1075 | 1 Sun | 1 Cobalt Raq 3i | 2017-10-10 | 5.0 MEDIUM | N/A |
| poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file. | |||||
| CVE-2001-1079 | 1 Ibm | 1 Aix | 2017-10-10 | 3.6 LOW | N/A |
| create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service. | |||||
| CVE-2001-1080 | 1 Ibm | 1 Aix | 2017-10-10 | 10.0 HIGH | N/A |
| diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program. | |||||
| CVE-2001-1083 | 1 Icecast | 1 Icecast | 2017-10-10 | 5.0 MEDIUM | N/A |
| Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash). | |||||
| CVE-2001-1084 | 1 Macromedia | 1 Jrun | 2017-10-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. | |||||
| CVE-2001-1085 | 1 Jon Zeeff | 1 Lmail | 2017-10-10 | 3.7 LOW | N/A |
| Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2001-1088 | 1 Microsoft | 2 Outlook, Outlook Express | 2017-10-10 | 7.5 HIGH | N/A |
| Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user. | |||||
| CVE-2015-0359 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2017-10-07 | 10.0 HIGH | N/A |
| Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346. | |||||
| CVE-2015-7748 | 1 Juniper | 1 Junos | 2017-10-06 | 5.0 MEDIUM | N/A |
| Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet. | |||||