Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0466 | 1 Hosting Controller | 1 Hosting Controller | 2017-12-19 | 5.0 MEDIUM | N/A |
| Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp. | |||||
| CVE-2001-0323 | 2017-12-19 | 6.4 MEDIUM | N/A | ||
| The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set" packets between two target hosts, which could cause one host to lower its MTU when transmitting to the other host. | |||||
| CVE-2001-1290 | 1 Active Web Suite Technologies | 1 Active Classifieds | 2017-12-19 | 5.0 MEDIUM | N/A |
| admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter. | |||||
| CVE-2002-0465 | 1 Hosting Controller | 1 Hosting Controller | 2017-12-19 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter. | |||||
| CVE-2000-0880 | 1 Plus Technologies | 1 Lpplus | 2017-12-19 | 3.6 LOW | N/A |
| LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file. | |||||
| CVE-2001-1265 | 1 Ibm | 1 Alphaworks Tftp Server | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2001-1264 | 1 Hp | 2 Hp-ux, Vvos | 2017-12-19 | 10.0 HIGH | N/A |
| Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges. | |||||
| CVE-2001-0357 | 1 Matt Wright | 1 Formmail | 2017-12-19 | 7.5 HIGH | N/A |
| FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters. | |||||
| CVE-2001-0358 | 2 Sierra, Valve Software | 2 Half-life, Half-life | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in Sierra Half-Life build 1573 and earlier allow remote attackers to execute arbitrary code via (1) a long map command, (2) a long exec command, or (3) long input in a configuration file. | |||||
| CVE-2001-0359 | 2 Sierra, Valve Software | 2 Half-life, Half-life Dedicated Server | 2017-12-19 | 7.5 HIGH | N/A |
| Format string vulnerability in Sierra Half-Life build 1573 and earlier allows a remote attacker to execute arbitrary code via the map command. | |||||
| CVE-2001-0360 | 1 Ikonboard.com | 1 Ikonboard | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and earlier allows a remote attacker to read arbitrary files via a .. (dot dot) attack in the helpon parameter. | |||||
| CVE-2000-0939 | 1 Samba | 1 Samba | 2017-12-19 | 5.0 MEDIUM | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart. | |||||
| CVE-2001-1256 | 1 Hp | 1 Hp-ux | 2017-12-19 | 1.2 LOW | N/A |
| kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files. | |||||
| CVE-2001-0369 | 1 Digital | 1 Unix | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a local attacker to obtain root access via a long command line argument (non-existent printer name). | |||||
| CVE-2001-0370 | 1 Michael A. Gumienny | 1 Fcheck | 2017-12-19 | 4.6 MEDIUM | N/A |
| fcheck prior to 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters. | |||||
| CVE-2001-0372 | 1 Akopia | 1 Akopia Interchange | 2017-12-19 | 10.0 HIGH | N/A |
| Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores (1) barry, (2) basic, or (3) construct. | |||||
| CVE-2001-0374 | 1 Compaq | 1 Web-enabled Management | 2017-12-19 | 7.5 HIGH | N/A |
| The HTTP server in Compaq web-enabled management software for (1) Foundation Agents, (2) Survey, (3) Power Manager, (4) Availability Agents, (5) Intelligent Cluster Administrator, and (6) Insight Manager can be used as a generic proxy server, which allows remote attackers to bypass access restrictions via the management port, 2301. | |||||
| CVE-2000-0940 | 1 Metertek | 1 Pagelog.cgi | 2017-12-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. (dot dot) attack on the "name" or "display" parameter. | |||||
| CVE-2001-1232 | 1 Novell | 1 Groupwise | 2017-12-19 | 5.0 MEDIUM | N/A |
| GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get". | |||||
| CVE-2001-0415 | 1 Redi | 1 Rediplus | 2017-12-19 | 4.6 MEDIUM | N/A |
| REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts. | |||||
| CVE-2000-0881 | 1 Plus Technologies | 1 Lpplus | 2017-12-19 | 2.1 LOW | N/A |
| The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files. | |||||
| CVE-2001-1181 | 1 Hp | 1 Hp-ux | 2017-12-19 | 7.2 HIGH | N/A |
| Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges. | |||||
| CVE-2001-0436 | 1 Dcscripts | 2 Dcforum, Dcforum 2000 | 2017-12-19 | 7.5 HIGH | N/A |
| dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program. | |||||
| CVE-2001-0437 | 1 Dcscripts | 2 Dcforum, Dcforum 2000 | 2017-12-19 | 5.0 MEDIUM | N/A |
| upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file. | |||||
| CVE-2001-1178 | 1 Xfree86 Project | 1 X11r6 | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable. | |||||
| CVE-2000-1147 | 1 Microsoft | 1 Internet Information Server | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag. | |||||
| CVE-2001-0441 | 3 Debian, Mandrakesoft, Redhat | 4 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. | |||||
| CVE-2001-0025 | 1 Leif M. Wright | 1 Ad.cgi | 2017-12-19 | 10.0 HIGH | N/A |
| ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter. | |||||
| CVE-2001-0450 | 1 Transsoft | 1 Broker Ftp Server | 2017-12-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Transsoft FTP Broker before 5.5 allows attackers to (1) delete arbitrary files via DELETE, or (2) list arbitrary directories via LIST, via a .. (dot dot) in the file name. | |||||
| CVE-2001-0451 | 1 Sentraweb | 1 Indexu | 2017-12-19 | 7.5 HIGH | N/A |
| INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1. | |||||
| CVE-2001-1170 | 1 Amtote International | 1 Homebet | 2017-12-19 | 5.0 MEDIUM | N/A |
| AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers. | |||||
| CVE-1999-1225 | 5 Digital, Linux, Netbsd and 2 more | 5 Ultrix, Linux Kernel, Netbsd and 2 more | 2017-12-19 | 5.0 MEDIUM | N/A |
| rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not. | |||||
| CVE-1999-1224 | 1 University Of Washington | 1 Imapd | 2017-12-19 | 3.6 LOW | N/A |
| IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information. | |||||
| CVE-1999-1221 | 1 Digital | 1 Unix | 2017-12-19 | 2.1 LOW | N/A |
| dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file. | |||||
| CVE-1999-1240 | 1 Gracenote | 1 Cddbd | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in cddbd CD database server allows remote attackers to execute arbitrary commands via a long log message. | |||||
| CVE-1999-1218 | 1 Commodore | 1 Amiga Unix | 2017-12-19 | 2.1 LOW | N/A |
| Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier allows local users to read arbitrary files. | |||||
| CVE-1999-1216 | 1 Cisco | 1 Router | 2017-12-19 | 7.5 HIGH | N/A |
| Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command. | |||||
| CVE-1999-1239 | 1 Hp | 1 Hp-ux | 2017-12-19 | 4.6 MEDIUM | N/A |
| HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X display even when they have not explicitly been authorized to do so. | |||||
| CVE-1999-1213 | 1 Hp | 1 Hp-ux | 2017-12-19 | 5.0 MEDIUM | N/A |
| Vulnerability in telnet service in HP-UX 10.30 allows attackers to cause a denial of service. | |||||
| CVE-1999-1212 | 1 Sun | 1 Sunos | 2017-12-19 | 7.2 HIGH | N/A |
| Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local users to gain root privileges. | |||||
| CVE-1999-1211 | 1 Sun | 1 Sunos | 2017-12-19 | 7.2 HIGH | N/A |
| Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local users to gain root privileges. | |||||
| CVE-1999-1210 | 1 Digital | 1 Unix | 2017-12-19 | 7.2 HIGH | N/A |
| xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm is called with a DISPLAY environmental variable set to a display that xterm cannot access. | |||||
| CVE-1999-1238 | 1 Hp | 1 Hp-ux | 2017-12-19 | 4.6 MEDIUM | N/A |
| Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 and earlier allows local users to gain privileges. | |||||
| CVE-1999-1207 | 1 Network General | 1 Netxray | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in web-admin tool in NetXRay 2.6 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request. | |||||
| CVE-1999-1202 | 1 Startech | 2 Pop3 Proxy Server, Telnet Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| StarTech (1) POP3 proxy server and (2) telnet server allows remote attackers to cause a denial of service via a long USER command. | |||||
| CVE-1999-1200 | 1 Vintra Systems | 1 Smtp Mailserver | 2017-12-19 | 5.0 MEDIUM | N/A |
| Vintra SMTP MailServer allows remote attackers to cause a denial of service via a malformed "EXPN *@" command. | |||||
| CVE-2001-0604 | 1 Lotus | 1 Domino R5 Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters. | |||||
| CVE-2001-0603 | 1 Lotus | 1 Domino R5 Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148. | |||||
| CVE-2001-0602 | 1 Lotus | 1 Domino R5 Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices. | |||||
| CVE-2001-0601 | 1 Lotus | 1 Domino R5 Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters. | |||||