Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0420 | 1 Claymore Systems Inc | 1 Puretls | 2008-09-05 | 7.5 HIGH | N/A |
| Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions. | |||||
| CVE-2002-0039 | 1 Sgi | 1 Irix | 2008-09-05 | 5.0 MEDIUM | N/A |
| rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths. | |||||
| CVE-2002-0421 | 1 Microsoft | 1 Windows Nt | 2008-09-05 | 5.0 MEDIUM | N/A |
| IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr. | |||||
| CVE-2002-0406 | 1 Menasoft | 1 Sphereserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in. | |||||
| CVE-2002-0037 | 1 Ibm | 1 Lotus Domino Server | 2008-09-05 | 7.5 HIGH | N/A |
| Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object. | |||||
| CVE-2002-0032 | 1 Yahoo | 1 Messenger | 2008-09-05 | 7.5 HIGH | N/A |
| Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI. | |||||
| CVE-2002-0241 | 1 Cisco | 1 Secure Access Control Server | 2008-09-05 | 7.5 HIGH | N/A |
| NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server. | |||||
| CVE-2002-0358 | 1 Sgi | 1 Mediamail | 2008-09-05 | 4.6 MEDIUM | N/A |
| MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows local users to force the program to dump core via certain arguments, which could allow the users to read sensitive data or gain privileges. | |||||
| CVE-2002-0091 | 1 Nswc | 1 Cider Shadow | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields. | |||||
| CVE-2002-0413 | 1 Rebb | 1 Rebb | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script. | |||||
| CVE-2002-0426 | 1 Linksys | 1 Befvp41 | 2008-09-05 | 7.5 HIGH | N/A |
| VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys. | |||||
| CVE-2002-0062 | 4 Debian, Freebsd, Redhat and 1 more | 4 Debian Linux, Freebsd, Linux and 1 more | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." | |||||
| CVE-2002-0363 | 1 Aladdin Enterprises | 1 Ghostscript | 2008-09-05 | 7.5 HIGH | N/A |
| ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice. | |||||
| CVE-2001-1266 | 1 Doug Neal | 1 Dnhttpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'. | |||||
| CVE-2001-1523 | 1 Dmozgateway | 1 Dmozgateway | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter. | |||||
| CVE-2001-1525 | 1 Easyscripts | 1 Easynews | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter. | |||||
| CVE-2001-1526 | 1 Easyscripts | 1 Easynews | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter. | |||||
| CVE-2001-1528 | 1 Amtote International | 1 Homebet | 2008-09-05 | 5.0 MEDIUM | N/A |
| AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack. | |||||
| CVE-2001-1529 | 1 Ibm | 1 Aix | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779. | |||||
| CVE-2001-1530 | 1 Webmin | 1 Webmin | 2008-09-05 | 4.6 MEDIUM | N/A |
| run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands. | |||||
| CVE-2001-1531 | 1 Apple | 1 Claris Emailer | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an email attachment with a long filename. | |||||
| CVE-2001-1532 | 1 Web Crossing | 1 Webx | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebX stores authentication information in the HTTP_REFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions. | |||||
| CVE-2001-1533 | 1 Microsoft | 1 Isa Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE. | |||||
| CVE-2001-1534 | 1 Apache | 1 Http Server | 2008-09-05 | 2.1 LOW | N/A |
| mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. | |||||
| CVE-2001-1535 | 1 Open Source Development Network | 1 Slashcode | 2008-09-05 | 4.6 MEDIUM | N/A |
| Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack. | |||||
| CVE-2001-1536 | 1 Autogalaxy | 1 Autogalaxy | 2008-09-05 | 5.0 MEDIUM | N/A |
| Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack. | |||||
| CVE-2001-1537 | 1 Twig | 1 Webmail | 2008-09-05 | 5.0 MEDIUM | N/A |
| The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. | |||||
| CVE-2001-1538 | 1 Speedxess | 1 Ha-120 Dsl Router | 2008-09-05 | 7.5 HIGH | N/A |
| SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access. | |||||
| CVE-2001-1540 | 1 David F. Mischler | 1 Iproute | 2008-09-05 | 5.0 MEDIUM | N/A |
| IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a denial of service via fragmented IP packets that split the TCP header. | |||||
| CVE-2001-1541 | 1 Bsdi | 1 Bsd Os | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2001-1543 | 1 Axis | 5 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 2 more | 2008-09-05 | 7.5 HIGH | N/A |
| Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera. | |||||
| CVE-2001-1544 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. | |||||
| CVE-2001-1545 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing. | |||||
| CVE-2001-1546 | 1 Mckesson | 1 Pathways Homecare | 2008-09-05 | 4.6 MEDIUM | N/A |
| Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file. | |||||
| CVE-2001-1547 | 1 Microsoft | 1 Outlook Express | 2008-09-05 | 7.5 HIGH | N/A |
| Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code. | |||||
| CVE-2001-1548 | 1 Zonelabs | 1 Zonealarm | 2008-09-05 | 2.1 LOW | N/A |
| ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. | |||||
| CVE-2001-1549 | 1 Tiny Software | 1 Tiny Personal Firewall | 2008-09-05 | 2.1 LOW | N/A |
| Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. | |||||
| CVE-2001-1511 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570". | |||||
| CVE-2001-1551 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs. | |||||
| CVE-2001-1553 | 1 University Of California | 1 Seti At Home | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, could allow local users to execute arbitrary code via long command line options (1) socks_server, (2) socks_user, and (3) socks_passwd. NOTE: since the default configuration of setiathome is not setuid, perhaps this issue should not be included in CVE. | |||||
| CVE-2001-1554 | 1 Ibm | 1 Aix | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets. | |||||
| CVE-2001-1557 | 1 Ibm | 1 Aix | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges. | |||||
| CVE-2001-1558 | 1 Snort | 1 Snort | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 allows attackers to cause a denial of service (crash). | |||||
| CVE-2001-1559 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 2.1 LOW | N/A |
| The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference. | |||||
| CVE-2001-1561 | 2 Debian, John Bovey | 2 Debian Linux, Xvt | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments. | |||||
| CVE-2001-1510 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. | |||||
| CVE-2001-1565 | 1 Apple | 1 Mac Os X | 2008-09-05 | 2.1 LOW | N/A |
| Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command. | |||||
| CVE-2001-1566 | 2 Vanessa, Verge | 2 Vanessa Logger, Perdition | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in libvanessa_logger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the __vanessa_logger_log function. | |||||
| CVE-2001-1568 | 1 Cmg | 1 Wap Gateway | 2008-09-05 | 6.4 MEDIUM | N/A |
| CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. | |||||
| CVE-2001-1569 | 1 Cmg | 1 Openwave Wap Gateway | 2008-09-05 | 6.4 MEDIUM | N/A |
| Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. | |||||