Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0060 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 7.5 HIGH | N/A |
| IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions. | |||||
| CVE-2002-0844 | 1 Derek Price | 1 Cvsd | 2017-10-10 | 4.6 MEDIUM | N/A |
| Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code. | |||||
| CVE-2002-0668 | 1 Pingtel | 1 Xpressa | 2017-10-10 | 7.5 HIGH | N/A |
| The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls. | |||||
| CVE-2002-0674 | 1 Pingtel | 1 Xpressa | 2017-10-10 | 7.2 HIGH | N/A |
| Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication. | |||||
| CVE-2001-1141 | 2 Openssl, Ssleay | 2 Openssl, Ssleay | 2017-10-10 | 5.0 MEDIUM | N/A |
| The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers. | |||||
| CVE-2001-1146 | 1 Lee Herron | 1 Allcommerce | 2017-10-10 | 1.2 LOW | N/A |
| AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack. | |||||
| CVE-2001-1158 | 1 Checkpoint | 1 Firewall-1 | 2017-10-10 | 7.5 HIGH | N/A |
| Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts. | |||||
| CVE-2002-0302 | 1 Symantec | 1 Enterprise Firewall | 2017-10-10 | 5.0 MEDIUM | N/A |
| The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack. | |||||
| CVE-2001-1160 | 1 Microburst | 1 Udirectory | 2017-10-10 | 7.5 HIGH | N/A |
| udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the category_file field. | |||||
| CVE-2001-1351 | 1 Namazu | 1 Namazu | 2017-10-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers. | |||||
| CVE-2001-1352 | 1 Namazu | 1 Namazu | 2017-10-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter. | |||||
| CVE-2001-1180 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 7.2 HIGH | N/A |
| FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child. | |||||
| CVE-2001-1175 | 1 Andries Brouwer | 1 Util-linux | 2017-10-10 | 7.2 HIGH | N/A |
| vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing. | |||||
| CVE-2001-1391 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 2.1 LOW | N/A |
| Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. | |||||
| CVE-2001-1174 | 1 Elm Development Group | 1 Elm | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header. | |||||
| CVE-2001-1172 | 1 Omnisecure | 1 Httprotect | 2017-10-10 | 4.6 MEDIUM | N/A |
| OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file. | |||||
| CVE-2001-1098 | 1 Cisco | 1 Pix Firewall Manager | 2017-10-10 | 2.1 LOW | N/A |
| Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file. | |||||
| CVE-2002-0090 | 1 Sun | 1 Solaris | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option. | |||||
| CVE-2001-1100 | 1 Spencer Miles | 1 W3mail | 2017-10-10 | 7.5 HIGH | N/A |
| sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page. | |||||
| CVE-2002-0387 | 1 Sun | 1 One Application Server | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL. | |||||
| CVE-2001-1162 | 2 Hp, Samba | 2 Cifs-9000 Server, Samba | 2017-10-10 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file. | |||||
| CVE-2001-1103 | 1 Rhinosoft | 1 Ftp Voyager | 2017-10-10 | 7.5 HIGH | N/A |
| FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands. | |||||
| CVE-2001-1106 | 1 Sambar | 1 Sambar Server | 2017-10-10 | 7.5 HIGH | N/A |
| The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure. | |||||
| CVE-2001-1386 | 1 Texas Imperial Software | 1 Wftpd | 2017-10-10 | 5.0 MEDIUM | N/A |
| WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. | |||||
| CVE-2001-1231 | 1 Novell | 1 Groupwise | 2017-10-10 | 5.0 MEDIUM | N/A |
| GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix. | |||||
| CVE-2001-1374 | 3 Conectiva, Don Libes, Redhat | 3 Linux, Expect, Linux | 2017-10-10 | 7.2 HIGH | N/A |
| expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. | |||||
| CVE-2002-1349 | 1 Trend Micro | 2 Officescan, Pc-cillin | 2017-10-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3). | |||||
| CVE-2001-1373 | 1 Zonelabs | 1 Zonealarm | 2017-10-10 | 5.0 MEDIUM | N/A |
| MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments. | |||||
| CVE-2002-0830 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 5.0 MEDIUM | N/A |
| Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop. | |||||
| CVE-2001-1372 | 1 Oracle | 1 Application Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | |||||
| CVE-2002-0567 | 1 Oracle | 3 Database Server, Oracle8i, Oracle9i | 2017-10-10 | 7.5 HIGH | N/A |
| Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. | |||||
| CVE-2001-1367 | 1 Phpslice | 1 Phpslice | 2017-10-10 | 10.0 HIGH | N/A |
| The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges. | |||||
| CVE-2001-1359 | 1 Caldera | 1 Volution | 2017-10-10 | 10.0 HIGH | N/A |
| Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server. | |||||
| CVE-2002-0379 | 1 University Of Washington | 1 Uw-imap | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request. | |||||
| CVE-2001-1108 | 1 Snapstream | 1 Pvs | 2017-10-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. (dot dot) attack in the requested URL. | |||||
| CVE-2001-1113 | 1 Trolltech | 1 Trollftpd | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command. | |||||
| CVE-2001-1345 | 1 Jetico | 1 Bestcrypt | 2017-10-10 | 4.6 MEDIUM | N/A |
| bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a Trojan horse program. | |||||
| CVE-2001-1227 | 1 Zope | 1 Zope | 2017-10-10 | 7.5 HIGH | N/A |
| Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. | |||||
| CVE-2001-1116 | 1 Identix | 1 Biologon | 2017-10-10 | 4.6 MEDIUM | N/A |
| Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display. | |||||
| CVE-2001-1117 | 1 Linksys | 1 Befsr41 | 2017-10-10 | 5.0 MEDIUM | N/A |
| LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. | |||||
| CVE-2001-1328 | 1 Sun | 1 Sunos | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code. | |||||
| CVE-2002-1361 | 1 Sun | 1 Cobalt Raq 4 | 2017-10-10 | 10.0 HIGH | N/A |
| overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter. | |||||
| CVE-2004-0159 | 1 Samhain Labs | 1 Hsftp | 2017-10-10 | 7.5 HIGH | N/A |
| Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command. | |||||
| CVE-2004-0160 | 1 Synaesthesia | 1 Synaesthesia | 2017-10-10 | 7.2 HIGH | N/A |
| Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file. | |||||
| CVE-2004-0173 | 1 Apache | 1 Http Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. | |||||
| CVE-2004-0171 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2017-10-10 | 5.0 MEDIUM | N/A |
| FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections. | |||||
| CVE-2004-0190 | 1 Symantec | 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r | 2017-10-10 | 7.5 HIGH | N/A |
| Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. | |||||
| CVE-2004-0336 | 1 Software602 | 1 602pro Lan Suite | 2017-10-10 | 5.0 MEDIUM | N/A |
| LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory. | |||||
| CVE-2004-0189 | 1 Squid | 1 Squid | 2017-10-10 | 7.5 HIGH | N/A |
| The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. | |||||
| CVE-2004-0297 | 1 Ipswitch | 1 Imail | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length. | |||||