Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0972 | 1 Surf-net | 1 Asp Forum | 2017-07-11 | 10.0 HIGH | N/A |
| Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888." | |||||
| CVE-2001-0970 | 1 Tdavid | 1 Td Forum | 2017-07-11 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script. | |||||
| CVE-2001-0941 | 1 Oracle | 1 Database Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. | |||||
| CVE-2001-0853 | 1 Entrust | 1 Getaccess | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat. | |||||
| CVE-2001-0942 | 1 Oracle | 1 Database Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp. | |||||
| CVE-2000-0963 | 3 Freebsd, Immunix, Redhat | 3 Freebsd, Immunix, Linux | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. | |||||
| CVE-2002-0712 | 1 Entrust | 1 Entrust Authority Security Manager | 2017-07-11 | 2.1 LOW | N/A |
| Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations. | |||||
| CVE-2001-0799 | 1 Sgi | 1 Irix | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument. | |||||
| CVE-2000-1028 | 1 Hp | 1 Hp-ux | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument. | |||||
| CVE-2000-1029 | 1 Isc | 1 Bind | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query. | |||||
| CVE-2000-1030 | 1 Csandt | 1 Corporatetime For The Web | 2017-07-11 | 5.0 MEDIUM | N/A |
| CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server. | |||||
| CVE-2001-0753 | 1 Cisco | 1 Cbos | 2017-07-11 | 7.5 HIGH | N/A |
| Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. | |||||
| CVE-2002-0628 | 1 Polycom | 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack. | |||||
| CVE-2000-1066 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname. | |||||
| CVE-2000-1093 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command. | |||||
| CVE-2002-0602 | 1 Snapgear | 1 Snapgear Lite\+ Firewall | 2017-07-11 | 5.0 MEDIUM | N/A |
| Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash) via a large number of connections to (1) the HTTP web management port, or (2) the PPTP port. | |||||
| CVE-2002-0592 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 7.5 HIGH | N/A |
| AOL Instant Messenger (AIM) allows remote attackers to steal files that are being transferred to other clients by connecting to port 4443 (Direct Connection) or port 5190 (file transfer) before the intended user. | |||||
| CVE-2002-0180 | 1 Bradford Barrett | 1 Webalizer | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Webalizer 2.01-06, when configured to use reverse DNS lookups, allows remote attackers to execute arbitrary code by connecting to the monitored web server from an IP address that resolves to a long hostname. | |||||
| CVE-2002-0535 | 2 Postboard, Postnuke Software Foundation | 2 Postboard, Postnuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier allows remote attackers to execute script as other users via (1) an [IMG] tag when BBCode is enabled, or (2) in a topic title. | |||||
| CVE-2001-0199 | 1 Guido Frassetto | 1 Sedum | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request. | |||||
| CVE-2002-0486 | 1 Workforceroi | 1 Xpede | 2017-07-11 | 7.2 HIGH | N/A |
| Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges. | |||||
| CVE-2001-0555 | 1 Screaming Media | 1 Siteware | 2017-07-11 | 10.0 HIGH | N/A |
| ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet. | |||||
| CVE-2001-0499 | 1 Oracle | 1 Oracle8i | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD. | |||||
| CVE-2001-1148 | 1 Sco | 1 Openserver | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh. | |||||
| CVE-2002-0385 | 1 Vignette | 2 Storyserver, Vignette | 2017-07-11 | 5.0 MEDIUM | N/A |
| Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain sensitive information via a request that contains a large number of '"' (double quote) and and '>' characters, which causes the TCL interpreter to crash and include stack data in the output. | |||||
| CVE-2002-0375 | 1 Ecometry | 1 Sgdynamo | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter. | |||||
| CVE-2001-1192 | 1 Citrix | 1 Ica Client | 2017-07-11 | 7.5 HIGH | N/A |
| Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client. | |||||
| CVE-2001-1194 | 1 Zyxel | 2 Prestige 1600, Prestige 681 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly. | |||||
| CVE-2001-1197 | 1 Kde | 1 Kdeutils | 2017-07-11 | 4.6 MEDIUM | N/A |
| klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file. | |||||
| CVE-2001-1204 | 1 Total Pc Solutions | 1 Php Rocket Add-in | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2002-0310 | 1 Netwin | 1 Webnews | 2017-07-11 | 7.5 HIGH | N/A |
| Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879. | |||||
| CVE-2002-0308 | 1 Stefan Holmberg | 1 Admentor | 2017-07-11 | 10.0 HIGH | N/A |
| admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments. | |||||
| CVE-2002-0305 | 1 Zero One Tech | 1 P100s | 2017-07-11 | 5.0 MEDIUM | N/A |
| Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's knowledge. | |||||
| CVE-2002-0296 | 1 Tarantella | 1 Tarantella Enterprise | 2017-07-11 | 1.2 LOW | N/A |
| The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file. | |||||
| CVE-2002-0282 | 1 Codeworx Technologies | 1 Dcp-portal | 2017-07-11 | 5.0 MEDIUM | N/A |
| DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message. | |||||
| CVE-2002-0281 | 1 Codeworx Technologies | 1 Dcp-portal | 2017-07-11 | 5.1 MEDIUM | N/A |
| Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php. | |||||
| CVE-2001-0381 | 1 Pgp | 1 Openpgp | 2017-07-11 | 4.6 MEDIUM | N/A |
| The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key. | |||||
| CVE-2001-1475 | 1 Ssh | 1 Ssh | 2017-07-11 | 7.5 HIGH | N/A |
| SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated. | |||||
| CVE-2002-0244 | 1 Atheos | 1 Atheos | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir. | |||||
| CVE-2002-0293 | 1 Alcatel-lucent | 1 Omnipcx | 2017-07-11 | 6.2 MEDIUM | N/A |
| FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file. | |||||
| CVE-2002-0206 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter. | |||||
| CVE-2001-0300 | 1 Oracle | 1 Internet Directory | 2017-07-11 | 2.1 LOW | N/A |
| oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack. | |||||
| CVE-2002-0286 | 1 Sitenews | 1 Sitenews | 2017-07-11 | 7.5 HIGH | N/A |
| The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user. | |||||
| CVE-2002-0164 | 1 Caldera | 2 Openlinux Server, Openlinux Workstation | 2017-07-11 | 4.6 MEDIUM | N/A |
| Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges. | |||||
| CVE-2000-1220 | 2 Redhat, Sgi | 2 Linux, Irix | 2017-07-11 | 10.0 HIGH | N/A |
| The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file. | |||||
| CVE-2000-1221 | 3 Debian, Redhat, Sgi | 3 Debian Linux, Linux, Irix | 2017-07-11 | 10.0 HIGH | N/A |
| The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP. | |||||
| CVE-2000-1222 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program. | |||||
| CVE-2000-1224 | 1 Caucho Technology | 1 Resin | 2017-07-11 | 5.0 MEDIUM | N/A |
| Caucho Technology Resin 1.2 and possibly earlier allows remote attackers to view JSP source via an HTTP request to a .jsp file with certain characters appended to the file name, such as (1) "..", (2) "%2e..", (3) "%81", (4) "%82", and others. | |||||
| CVE-2002-0145 | 1 Scott Parish | 1 Chuid | 2017-07-11 | 7.5 HIGH | N/A |
| chuid 1.2 and earlier does not properly verify the ownership of files that will be changed, which allows remote attackers to change files owned by other users, such as root. | |||||
| CVE-2001-1474 | 1 Ssh | 1 Ssh | 2017-07-11 | 5.0 MEDIUM | N/A |
| SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache. | |||||