Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1238 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 7.5 HIGH | N/A |
| BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. | |||||
| CVE-2002-0087 | 1 Lotus | 1 Domino | 2017-07-11 | 2.1 LOW | N/A |
| bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2001-0273 | 1 Holger Lamm | 1 Pgp4pine | 2017-07-11 | 2.6 LOW | N/A |
| pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext. | |||||
| CVE-2001-1379 | 1 Guiseppe Tanzilli And Matthias Eckermann | 1 Mod Auth Pgsql | 2017-07-11 | 7.5 HIGH | N/A |
| The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name. | |||||
| CVE-2002-0086 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable. | |||||
| CVE-2001-1413 | 1 Ncompress | 1 Ncompress | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument. | |||||
| CVE-2001-1415 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 4.6 MEDIUM | N/A |
| vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes. | |||||
| CVE-2001-1417 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data. | |||||
| CVE-2001-1418 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file. | |||||
| CVE-2001-1419 | 2 Aol, Cerulean Studios | 2 Instant Messenger, Trillian | 2017-07-11 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments. | |||||
| CVE-2001-1420 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow. | |||||
| CVE-2001-1421 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag. | |||||
| CVE-2001-1422 | 1 Att | 1 Winvnc | 2017-07-11 | 7.5 HIGH | N/A |
| WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. | |||||
| CVE-2001-1423 | 1 Advanced Poll | 1 Advanced Poll | 2017-07-11 | 7.5 HIGH | N/A |
| Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter. | |||||
| CVE-2001-1424 | 1 Alcatel | 1 Speed Touch Home | 2017-07-11 | 7.5 HIGH | N/A |
| Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2001-1425 | 1 Alcatel | 1 Speed Touch Home | 2017-07-11 | 7.5 HIGH | N/A |
| The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login. | |||||
| CVE-2001-1426 | 1 Alcatel | 1 Speed Touch Home | 2017-07-11 | 7.5 HIGH | N/A |
| Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations. | |||||
| CVE-2001-1427 | 1 Macromedia | 1 Coldfusion | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. | |||||
| CVE-2001-1428 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Embedded-webserver | 2017-07-11 | 7.5 HIGH | N/A |
| The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped with a default password, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2001-1429 | 1 Midnight Commander | 1 Midnight Commander | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file. | |||||
| CVE-2001-1430 | 1 Cayman | 1 3220-h Dsl Router | 2017-07-11 | 7.5 HIGH | N/A |
| Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2001-1431 | 2 Checkpoint, Nokia | 3 Firewall-1, Vpn-1, Firewall Appliance | 2017-07-11 | 5.0 MEDIUM | N/A |
| Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information. | |||||
| CVE-2002-1347 | 1 Cyrus | 1 Sasl | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string. | |||||
| CVE-2001-1433 | 1 Cherokee | 1 Cherokee Httpd | 2017-07-11 | 7.5 HIGH | N/A |
| Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities. | |||||
| CVE-2001-1434 | 1 Cisco | 1 Ios | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created. | |||||
| CVE-2001-1435 | 1 Compaq | 1 Tru64 | 2017-07-11 | 5.0 MEDIUM | N/A |
| inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of service (network connection loss) by causing one of the services handled by inetd to core dump during startup, which causes inetd to stop accepting connections to all of its services. | |||||
| CVE-2001-1436 | 1 Dallas Semiconductor | 1 Ibutton | 2017-07-11 | 4.6 MEDIUM | N/A |
| Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device password. | |||||
| CVE-2001-1437 | 1 Easyscripts | 1 Easynews | 2017-07-11 | 7.5 HIGH | N/A |
| easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out. | |||||
| CVE-2001-1438 | 2 Handspring, Palm | 2 Visor, Palm Os | 2017-07-11 | 5.0 MEDIUM | N/A |
| Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image. | |||||
| CVE-2001-1439 | 1 Hp | 1 Hp-ux | 2017-07-11 | 2.1 LOW | N/A |
| Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit. | |||||
| CVE-2001-1440 | 1 Ibm | 1 Aix | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system. | |||||
| CVE-2001-1441 | 1 Ibm | 1 Visualage For Java | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message. | |||||
| CVE-2001-1442 | 1 Isc | 1 Inn | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument. | |||||
| CVE-2001-1443 | 1 Kth | 1 Kth Kerberos | 2017-07-11 | 5.0 MEDIUM | N/A |
| KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack. | |||||
| CVE-2001-1444 | 1 Kth | 1 Kth Kerberos | 2017-07-11 | 7.5 HIGH | N/A |
| The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack. | |||||
| CVE-2001-1445 | 1 Lotus | 1 Domino Mail Server | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in "RCPT TO" commands. | |||||
| CVE-2001-1446 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.5 HIGH | N/A |
| Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories. | |||||
| CVE-2001-1447 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.2 HIGH | N/A |
| NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges. | |||||
| CVE-2001-1448 | 1 Magic | 1 Edeveloper | 2017-07-11 | 4.6 MEDIUM | N/A |
| Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts. | |||||
| CVE-2001-1449 | 2 Apache, Mandrakesoft | 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. | |||||
| CVE-2001-1455 | 1 Netegrity | 1 Siteminder | 2017-07-11 | 7.5 HIGH | N/A |
| Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters. | |||||
| CVE-2001-1457 | 1 Nobreak Technologies | 1 Crazywwwboard | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable. | |||||
| CVE-2001-1459 | 1 Openbsd | 1 Openssh | 2017-07-11 | 7.5 HIGH | N/A |
| OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d. | |||||
| CVE-2001-1460 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter. | |||||
| CVE-2001-1461 | 1 Rsa | 1 Securid | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences. | |||||
| CVE-2001-1462 | 1 Rsa | 1 Securid | 2017-07-11 | 7.5 HIGH | N/A |
| WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information. | |||||
| CVE-2001-1464 | 1 Businessobjects | 1 Crystal Reports | 2017-07-11 | 7.5 HIGH | N/A |
| Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords. | |||||
| CVE-2001-1577 | 1 Caldera | 2 Openunix, Unixware | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 allows an xterm session to gain privileges when the session is reused. | |||||
| CVE-2001-1466 | 1 Van Dyke Technologies | 1 Securecrt | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | |||||
| CVE-2001-1469 | 1 Ssh | 1 Ssh | 2017-07-11 | 5.0 MEDIUM | N/A |
| The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check (CRC) with the CRC of a mask consisting of all the bits of the original message that were modified. | |||||