Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0783 | 1 Cisco | 1 Tftp Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command. | |||||
| CVE-2001-1052 | 1 Emergenices Personnel Information System | 1 Empris | 2017-12-19 | 7.5 HIGH | N/A |
| Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1051 | 1 Dark Hart Portal | 1 Darkportal-unix | 2017-12-19 | 7.5 HIGH | N/A |
| Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1050 | 1 Cccsoftware | 1 Ccc | 2017-12-19 | 7.5 HIGH | N/A |
| CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1047 | 1 Openbsd | 1 Openbsd | 2017-12-19 | 1.2 LOW | N/A |
| Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork. | |||||
| CVE-2001-0037 | 1 Keware Technologies | 1 Homeseer | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers. | |||||
| CVE-2001-0038 | 1 Metaproducts | 1 Offline Explorer | 2017-12-19 | 5.0 MEDIUM | N/A |
| Offline Explorer 1.4 before Service Release 2 allows remote attackers to read arbitrary files by specifying the drive letter (e.g. C:) in the requested URL. | |||||
| CVE-2001-0808 | 1 Yngve Svendsen | 1 Gnatsweb | 2017-12-19 | 10.0 HIGH | N/A |
| gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter. | |||||
| CVE-2001-0818 | 1 Marty Bochane | 1 Mdbms | 2017-12-19 | 7.5 HIGH | N/A |
| A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data. | |||||
| CVE-2001-0820 | 1 Gaztek | 1 Ghttp | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c. | |||||
| CVE-2001-0821 | 1 Dcscripts | 1 Dcshop | 2017-12-19 | 5.0 MEDIUM | N/A |
| The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt. | |||||
| CVE-2001-1045 | 1 Basilix | 1 Basilix Webmail | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter. | |||||
| CVE-2001-1044 | 1 Basilix | 1 Basilix Webmail | 2017-12-19 | 7.5 HIGH | N/A |
| Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file. | |||||
| CVE-2001-1042 | 1 Transsoft | 1 Broker Ftp Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | |||||
| CVE-2001-0044 | 1 Lexmark | 1 Markvision | 2017-12-19 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Lexmark MarkVision printer driver programs allows local users to gain privileges via long arguments to the cat_network, cat_paraller, and cat_serial commands. | |||||
| CVE-2001-0835 | 1 Bradford Barrett | 1 Webalizer | 2017-12-19 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup. | |||||
| CVE-2001-0839 | 1 Ibill Internet Billing Company | 1 Processing Plus | 2017-12-19 | 7.5 HIGH | N/A |
| ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing. | |||||
| CVE-2001-1034 | 1 Freebsd | 1 Freebsd | 2017-12-19 | 7.2 HIGH | N/A |
| Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter. | |||||
| CVE-2001-1033 | 1 Compaq | 2 Tru64, Trucluster | 2017-12-19 | 5.0 MEDIUM | N/A |
| Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state. | |||||
| CVE-2001-1031 | 1 Charles Clark | 1 Meteor Ftpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Meteor FTP 1.0 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the ls/LIST command, or (2) a ... in the cd/CWD command. | |||||
| CVE-2001-1026 | 1 Trend Micro | 1 Interscan Applettrap | 2017-12-19 | 7.5 HIGH | N/A |
| Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address. | |||||
| CVE-2001-0845 | 1 Dec | 4 Dec Openvms, Dec Openvms Alpha, Sevms and 1 more | 2017-12-19 | 4.6 MEDIUM | N/A |
| Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources. | |||||
| CVE-2001-0049 | 1 Watchguard | 1 Soho Firewall | 2017-12-19 | 5.0 MEDIUM | N/A |
| WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to cause a denial of service via a large number of GET requests. | |||||
| CVE-2001-0847 | 1 Lotus | 1 Domino Web Server | 2017-12-19 | 7.5 HIGH | N/A |
| Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID. | |||||
| CVE-2001-1024 | 1 Entrust | 1 Getaccess | 2017-12-19 | 7.5 HIGH | N/A |
| login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument. | |||||
| CVE-2001-0849 | 1 Duncan Hall | 1 Viralator | 2017-12-19 | 7.5 HIGH | N/A |
| viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget. | |||||
| CVE-2001-0051 | 1 Ibm | 1 Db2 Universal Database | 2017-12-19 | 7.5 HIGH | N/A |
| IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database. | |||||
| CVE-2001-0052 | 1 Ibm | 1 Db2 Universal Database | 2017-12-19 | 2.1 LOW | N/A |
| IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query. | |||||
| CVE-2001-1023 | 1 Xcache Technologies | 1 Xcache | 2017-12-19 | 5.0 MEDIUM | N/A |
| Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header. | |||||
| CVE-2001-1019 | 1 Seaglass Technologies Inc. | 1 Sglmerchant | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter. | |||||
| CVE-2001-1018 | 1 Lotus | 1 Domino | 2017-12-19 | 5.0 MEDIUM | N/A |
| Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters. | |||||
| CVE-2001-1014 | 1 Michael Boehme | 1 Webdiscount E Shop Online Shop System | 2017-12-19 | 7.5 HIGH | N/A |
| eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter. | |||||
| CVE-2001-1013 | 1 Redhat | 1 Linux | 2017-12-19 | 5.0 MEDIUM | N/A |
| Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server. | |||||
| CVE-2001-1012 | 1 Suse | 1 Suse Linux | 2017-12-19 | 7.2 HIGH | N/A |
| Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/. | |||||
| CVE-2000-1033 | 1 Cat Soft | 1 Serv-u | 2017-12-19 | 7.5 HIGH | N/A |
| Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users. | |||||
| CVE-2000-0902 | 1 Nathan Purciful | 1 Phpphotoalbum | 2017-12-19 | 5.0 MEDIUM | N/A |
| getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2001-1000 | 1 Merit | 1 Aaa Radius Server | 2017-12-19 | 2.1 LOW | N/A |
| rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file. | |||||
| CVE-2000-0954 | 1 Evolvable Corporation | 1 Shambala Server | 2017-12-19 | 10.0 HIGH | N/A |
| Shambala Server 4.5 stores passwords in plaintext, which could allow local users to obtain the passwords and compromise the server. | |||||
| CVE-2001-0868 | 1 Redhat | 1 Stronghold | 2017-12-19 | 5.0 MEDIUM | N/A |
| Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status. | |||||
| CVE-2001-0999 | 1 Microsoft | 1 Outlook Express | 2017-12-19 | 7.5 HIGH | N/A |
| Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. | |||||
| CVE-2000-0955 | 1 Cisco | 1 Virtual Central Office 4000 | 2017-12-19 | 7.5 HIGH | N/A |
| Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges. | |||||
| CVE-2001-0065 | 1 Max-wilhelm Bruker | 1 Bftpd | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command. | |||||
| CVE-2001-0997 | 1 Textor Webmasters Ltd. | 1 Listrec.pl | 2017-12-19 | 7.5 HIGH | N/A |
| Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter. | |||||
| CVE-2001-0996 | 1 Pop3lite | 1 Pop3lite | 2017-12-19 | 6.4 MEDIUM | N/A |
| POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly. | |||||
| CVE-2001-0067 | 1 Judd Montgomery | 1 Jpilot | 2017-12-19 | 2.1 LOW | N/A |
| The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set. | |||||
| CVE-2001-0994 | 1 Marconi | 1 Forethought | 2017-12-19 | 5.0 MEDIUM | N/A |
| Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents others from logging into the device. | |||||
| CVE-2001-0070 | 1 Upland Solutions | 1 1st Up Mail Server | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long MAIL FROM command. | |||||
| CVE-2001-0908 | 1 Citrix | 1 Metaframe | 2017-12-19 | 7.5 HIGH | N/A |
| CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT). | |||||
| CVE-2001-0910 | 1 Emc | 1 Networker | 2017-12-19 | 7.5 HIGH | N/A |
| Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup. | |||||
| CVE-2001-0911 | 2 Francisco Burzi, Postnuke Software Foundation | 2 Php-nuke, Postnuke | 2017-12-19 | 7.5 HIGH | N/A |
| PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. | |||||