Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0992 | 1 Kabotie Software Technologies | 1 Shopplus Cart | 2017-12-19 | 7.5 HIGH | N/A |
| shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter. | |||||
| CVE-2001-0991 | 1 Scott R. Lemmon | 1 Proxomitron Naoko-4 | 2017-12-19 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message. | |||||
| CVE-2001-0990 | 1 Inter7 | 1 Vpopmail | 2017-12-19 | 4.6 MEDIUM | N/A |
| Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library. | |||||
| CVE-2001-0988 | 1 Knox Software | 1 Arkeia | 2017-12-19 | 7.2 HIGH | N/A |
| Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information. | |||||
| CVE-2001-0076 | 1 Ikonboard.com | 1 Ikonboard | 2017-12-19 | 10.0 HIGH | N/A |
| register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed. | |||||
| CVE-2001-0922 | 1 Sun | 1 Netdynamics | 2017-12-19 | 7.5 HIGH | N/A |
| ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in. | |||||
| CVE-2001-0949 | 1 Valicert | 1 Enterprise Validation Authority | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length. | |||||
| CVE-2001-0950 | 1 Valicert | 1 Enterprise Validation Authority | 2017-12-19 | 7.5 HIGH | N/A |
| ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing. | |||||
| CVE-2001-0923 | 1 Redhat | 1 Redhat Package Manager | 2017-12-19 | 7.2 HIGH | N/A |
| RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried. | |||||
| CVE-2001-0924 | 1 Ibm | 1 Informix Web Datablade | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter. | |||||
| CVE-2001-0926 | 1 Macromedia | 1 Jrun | 2017-12-19 | 5.0 MEDIUM | N/A |
| SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement. | |||||
| CVE-2001-0986 | 1 Microsoft | 1 Index Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. | |||||
| CVE-2001-0985 | 1 Hassan Consulting | 1 Shopping Cart | 2017-12-19 | 7.5 HIGH | N/A |
| shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter. | |||||
| CVE-2001-0975 | 1 Oracle | 1 Internet Directory | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2001-0931 | 1 Cooolsoft | 1 Powerftp | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET. | |||||
| CVE-2001-0932 | 1 Cooolsoft | 1 Powerftp | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command. | |||||
| CVE-2001-0974 | 1 Oracle | 1 Internet Directory | 2017-12-19 | 7.5 HIGH | N/A |
| Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2001-0979 | 1 Hp | 1 Hp-ux | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument. | |||||
| CVE-2001-0964 | 1 Valve Software | 1 Half-life | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command. | |||||
| CVE-2001-0958 | 1 Trend Micro | 2 Interscan Emanager, Interscan Viruswall | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll. | |||||
| CVE-2000-0906 | 1 Moreover.com | 1 Cached Feed.cgi Script | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters. | |||||
| CVE-2001-0956 | 1 Speechio | 1 Speechd | 2017-12-19 | 7.2 HIGH | N/A |
| speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2001-0955 | 1 Xfree86 Project | 1 X11r6 | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title. | |||||
| CVE-2001-0953 | 1 Nara Vision | 1 Kebi Community | 2017-12-19 | 10.0 HIGH | N/A |
| Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root. | |||||
| CVE-2001-0952 | 1 Volition | 1 Red Faction | 2017-12-19 | 5.0 MEDIUM | N/A |
| THQ Volition Red Faction Game allows remote attackers to cause a denial of service (hang) of a client or server via packets to UDP port 7755. | |||||
| CVE-2001-0948 | 1 Valicert | 1 Enterprise Validation Authority | 2017-12-19 | 7.5 HIGH | N/A |
| Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed. | |||||
| CVE-2001-0947 | 1 Valicert | 1 Enterprise Validation Authority | 2017-12-19 | 7.5 HIGH | N/A |
| Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path. | |||||
| CVE-2001-0086 | 1 Cgi Script Center | 1 Subscribe Me Lite | 2017-12-19 | 5.0 MEDIUM | N/A |
| CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter. | |||||
| CVE-2001-0087 | 1 Michael Glickman | 1 Itetris | 2017-12-19 | 7.2 HIGH | N/A |
| itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program. | |||||
| CVE-2001-0088 | 1 Jason Hines | 1 Phpweblog | 2017-12-19 | 7.5 HIGH | N/A |
| common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog. | |||||
| CVE-2001-0097 | 1 Infinite | 1 Infinite Interchange | 2017-12-19 | 5.0 MEDIUM | N/A |
| The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request. | |||||
| CVE-2001-0098 | 1 Bea | 1 Weblogic Server | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. | |||||
| CVE-2001-0101 | 1 Fetchmail | 1 Fetchmail | 2017-12-19 | 10.0 HIGH | N/A |
| Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command. | |||||
| CVE-2001-0104 | 1 Alt-n | 1 Mdaemon | 2017-12-19 | 7.2 HIGH | N/A |
| MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key. | |||||
| CVE-2000-1048 | 1 Qbik | 1 Wingate | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL. | |||||
| CVE-2000-1053 | 1 Macromedia | 1 Jrun | 2017-12-19 | 10.0 HIGH | N/A |
| Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. | |||||
| CVE-2000-1186 | 1 Phf | 1 Phf | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header. | |||||
| CVE-2001-0484 | 1 Tek | 1 Phaserlink | 2017-12-19 | 6.4 MEDIUM | N/A |
| Tektronix PhaserLink 850 does not require authentication for access to configuration pages such as _ncl_subjects.shtml and _ncl_items.shtml, which allows remote attackers to modify configuration information and cause a denial of service by accessing the pages. | |||||
| CVE-2000-1062 | 1 Hp | 1 Jetdirect | 2017-12-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in the FTP service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | |||||
| CVE-2001-0209 | 1 Shoutcast | 1 Dnas | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) 1.7.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long description. | |||||
| CVE-2000-1063 | 1 Hp | 1 Jetdirect | 2017-12-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Telnet service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | |||||
| CVE-2000-1064 | 1 Hp | 1 Jetdirect | 2017-12-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in the LPD service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | |||||
| CVE-2000-1065 | 1 Hp | 1 Jetdirect | 2017-12-19 | 5.0 MEDIUM | N/A |
| Vulnerability in IP implementation of HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service (printer crash) via a malformed packet. | |||||
| CVE-2000-0879 | 1 Plus Technologies | 1 Lpplus | 2017-12-19 | 2.1 LOW | N/A |
| LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services. | |||||
| CVE-2001-0213 | 1 Planet Intra | 1 Planet Intra | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in pi program in PlanetIntra 2.5 allows remote attackers to execute arbitrary commands. | |||||
| CVE-2001-0167 | 1 Att | 1 Winvnc | 2017-12-19 | 7.6 HIGH | N/A |
| Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string. | |||||
| CVE-2001-0168 | 1 Att | 1 Winvnc | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0. | |||||
| CVE-2001-0171 | 1 Whitsoft | 1 Slimserve | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long GET request. | |||||
| CVE-2001-0172 | 2 Hans Reiser, Suse | 2 Reiserfs, Suse Linux | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to cause a denial of service and possibly execute arbitrary commands by via a long directory name. | |||||
| CVE-2001-0173 | 2 Nobreak Technologies, Qdecoder | 2 Crazywwwboard, Qdecoder | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header. | |||||