Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0687 | 1 Transsoft | 1 Broker Ftp Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename). | |||||
| CVE-2001-1097 | 1 Cisco | 1 Ios | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. | |||||
| CVE-2001-0870 | 2 Alchemy Lab, Dek Software | 2 Alchemy Eye, Alchemy Network Monitor | 2017-12-19 | 5.0 MEDIUM | N/A |
| HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file. | |||||
| CVE-2001-0871 | 2 Alchemy Lab, Dek Software | 2 Alchemy Eye, Alchemy Network Monitor | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10. | |||||
| CVE-2000-0950 | 1 Tis | 1 Internet Firewall Toolkit | 2017-12-19 | 7.2 HIGH | N/A |
| Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name. | |||||
| CVE-2001-0693 | 1 Webtrends | 2 Webtrends Enterprise Reporting Server, Webtrends Enterprise Reporting Server Nt | 2017-12-19 | 5.0 MEDIUM | N/A |
| WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20). | |||||
| CVE-2001-1094 | 1 Crosstec Corporation | 1 Netop School | 2017-12-19 | 4.6 MEDIUM | N/A |
| NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version. | |||||
| CVE-2001-0695 | 1 Texas Imperial Software | 1 Wftpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by making repeated requests to cd to the floppy drive (A:\). | |||||
| CVE-2001-1093 | 1 Compaq | 1 Tru64 | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2000-1020 | 1 Alt-n | 1 Mdaemon | 2017-12-19 | 7.5 HIGH | N/A |
| Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. | |||||
| CVE-2000-1021 | 1 Alt-n | 1 Mdaemon | 2017-12-19 | 7.5 HIGH | N/A |
| Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. | |||||
| CVE-2001-0703 | 1 Arcadia | 1 Arcadia Internet Store | 2017-12-19 | 5.0 MEDIUM | N/A |
| tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter. | |||||
| CVE-2001-0704 | 1 Arcadia | 1 Arcadia Internet Store | 2017-12-19 | 7.5 HIGH | N/A |
| tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist. | |||||
| CVE-2001-0705 | 1 Arcadia | 1 Arcadia Internet Store | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in the template argument. | |||||
| CVE-2001-0707 | 1 Denicomp | 1 Rshd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a denial of service (crash) via a long string to port 514. | |||||
| CVE-2001-0708 | 1 Denicomp | 1 Rexecd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a denial of service (crash) via a long string. | |||||
| CVE-2001-0711 | 1 Cisco | 1 Ios | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. | |||||
| CVE-2001-1092 | 1 Compaq | 1 Tru64 | 2017-12-19 | 2.1 LOW | N/A |
| msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file. | |||||
| CVE-2001-1091 | 1 Netbsd | 1 Netbsd | 2017-12-19 | 7.2 HIGH | N/A |
| The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable. | |||||
| CVE-2001-1090 | 1 Alessandro Gardich | 1 Nss Postgresql | 2017-12-19 | 7.5 HIGH | N/A |
| nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request. | |||||
| CVE-2001-0734 | 1 Netbsd | 1 Netbsd | 2017-12-19 | 7.2 HIGH | N/A |
| Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local user to gain privileges via modified Status Register contents, which are not properly handled by (1) the sigreturn system call or (2) the process_write_regs kernel routine. | |||||
| CVE-2001-0735 | 1 Infodrom | 1 Cfingerd | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file. | |||||
| CVE-2001-0736 | 5 Engardelinux, Immunix, Mandrakesoft and 2 more | 6 Secure Linux, Immunix, Mandrake Linux and 3 more | 2017-12-19 | 2.1 LOW | N/A |
| Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2001-0737 | 1 Logitech | 4 Cordless Freedom, Cordless Freedom Navigator, Cordless Freedom Pro and 1 more | 2017-12-19 | 7.5 HIGH | N/A |
| A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack. | |||||
| CVE-2001-1087 | 1 Network Appliance | 1 Netcache | 2017-12-19 | 7.5 HIGH | N/A |
| The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device. | |||||
| CVE-2001-1086 | 1 Xfree86 Project | 1 X11r6 | 2017-12-19 | 7.5 HIGH | N/A |
| XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack. | |||||
| CVE-2001-1078 | 1 Extremail | 1 Extremail | 2017-12-19 | 10.0 HIGH | N/A |
| Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication. | |||||
| CVE-2001-1077 | 1 Rxvt | 1 Rxvt | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument. | |||||
| CVE-2001-0746 | 1 Iplanet | 1 Iplanet Web Server | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods. | |||||
| CVE-2001-1073 | 1 Webridge | 1 Px Application Suite | 2017-12-19 | 5.0 MEDIUM | N/A |
| Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR. | |||||
| CVE-2000-1023 | 1 Alabanza | 1 Control Panel | 2017-12-19 | 7.5 HIGH | N/A |
| The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program. | |||||
| CVE-2001-0022 | 1 Leif M. Wright | 1 Simplestguest.cgi | 2017-12-19 | 10.0 HIGH | N/A |
| simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter. | |||||
| CVE-2001-1070 | 1 Sage Software | 1 Mas 200 | 2017-12-19 | 2.1 LOW | N/A |
| Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters. | |||||
| CVE-2001-0023 | 1 Leif M. Wright | 1 Everythingform.cgi | 2017-12-19 | 10.0 HIGH | N/A |
| everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. | |||||
| CVE-2001-1065 | 1 Cisco | 1 Cbos | 2017-12-19 | 5.0 MEDIUM | N/A |
| Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. | |||||
| CVE-2001-0024 | 1 Leif M. Wright | 1 Simplestmail.cgi | 2017-12-19 | 10.0 HIGH | N/A |
| simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter. | |||||
| CVE-2001-1064 | 1 Cisco | 1 Cbos | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets. | |||||
| CVE-2001-1058 | 1 Wolfram Research | 1 Mathematica | 2017-12-19 | 7.5 HIGH | N/A |
| The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license. | |||||
| CVE-2001-0772 | 1 Hp | 1 Hp-ux | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges. | |||||
| CVE-2001-0029 | 1 Igor Khasilev | 1 Oops Proxy Server | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other versions) allows remote attackers to execute arbitrary commands via a long host or domain name that is obtained from a reverse DNS lookup. | |||||
| CVE-2001-0030 | 1 Smartstuff | 1 Foolproof Security | 2017-12-19 | 7.2 HIGH | N/A |
| FoolProof 3.9 allows local users to bypass program execution restrictions by downloading the restricted executables from another source and renaming them. | |||||
| CVE-2001-0031 | 1 Broadvision | 1 One-to-one Enterprise Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist. | |||||
| CVE-2001-0768 | 1 Steve Poulsen | 1 Guildftpd | 2017-12-19 | 4.6 MEDIUM | N/A |
| GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file. | |||||
| CVE-2001-0032 | 1 Eric Rescorla | 1 Ssldump | 2017-12-19 | 10.0 HIGH | N/A |
| Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL. | |||||
| CVE-2001-1057 | 1 Wolfram Research | 1 Mathematica | 2017-12-19 | 5.0 MEDIUM | N/A |
| The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests. | |||||
| CVE-2000-1025 | 1 Unify | 1 Ewave Servletexec | 2017-12-19 | 5.0 MEDIUM | N/A |
| eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running. | |||||
| CVE-2001-0776 | 1 Dynfx | 1 Dynfx Mailserver | 2017-12-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in DynFX MailServer version 2.10 allows remote attackers to conduct a denial of service via a long username to the POP3 service. | |||||
| CVE-2001-0777 | 1 Omnicron | 1 Omnihttpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests for PHP scripts. | |||||
| CVE-2001-0778 | 1 Omnicron | 1 Omnihttpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20). | |||||
| CVE-2001-0782 | 1 Kde | 1 Ktv | 2017-12-19 | 7.2 HIGH | N/A |
| KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file. | |||||