Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0606 | 2 Hp, Sun | 2 Virtualvault, Iplanet Web Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service. | |||||
| CVE-2001-0608 | 1 Hp | 1 Mpe | 2017-12-19 | 7.5 HIGH | N/A |
| HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program. | |||||
| CVE-2001-0609 | 1 Infodrom | 1 Cfingerd | 2017-12-19 | 10.0 HIGH | N/A |
| Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. | |||||
| CVE-2001-0610 | 2 Kde, Suse | 2 Kde, Suse Linux | 2017-12-19 | 4.6 MEDIUM | N/A |
| kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp. | |||||
| CVE-2001-0614 | 1 Carello | 1 E-commerce | 2017-12-19 | 7.5 HIGH | N/A |
| Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL. | |||||
| CVE-2001-0617 | 1 Alliedtelesyn | 1 At-ar220e | 2017-12-19 | 7.5 HIGH | N/A |
| Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled. | |||||
| CVE-2001-0618 | 1 Lucent | 1 Orinoco Rg-1000 | 2017-12-19 | 7.5 HIGH | N/A |
| Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the 'Network Name' or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic. | |||||
| CVE-2001-0620 | 1 Iplanet | 1 Calendar Server | 2017-12-19 | 2.1 LOW | N/A |
| iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions. | |||||
| CVE-2001-0623 | 1 Sendfile | 1 Sendfile | 2017-12-19 | 4.6 MEDIUM | N/A |
| sendfiled, as included with Simple Asynchronous File Transfer (SAFT), on various Linux systems does not properly drop privileges when sending notification emails, which allows local attackers to gain privileges. | |||||
| CVE-2001-0624 | 1 Qnx | 1 Qnx | 2017-12-19 | 2.1 LOW | N/A |
| QNX 2.4 allows a local user to read arbitrary files by directly accessing the mount point for the FAT disk partition, e.g. /fs-dos. | |||||
| CVE-2001-0703 | 1 Arcadia | 1 Arcadia Internet Store | 2017-12-19 | 5.0 MEDIUM | N/A |
| tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter. | |||||
| CVE-2001-0704 | 1 Arcadia | 1 Arcadia Internet Store | 2017-12-19 | 7.5 HIGH | N/A |
| tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist. | |||||
| CVE-2001-0705 | 1 Arcadia | 1 Arcadia Internet Store | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in the template argument. | |||||
| CVE-2001-0707 | 1 Denicomp | 1 Rshd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a denial of service (crash) via a long string to port 514. | |||||
| CVE-2001-0708 | 1 Denicomp | 1 Rexecd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a denial of service (crash) via a long string. | |||||
| CVE-2001-0709 | 1 Microsoft | 1 Internet Information Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | |||||
| CVE-2001-0711 | 1 Cisco | 1 Ios | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. | |||||
| CVE-2001-0734 | 1 Netbsd | 1 Netbsd | 2017-12-19 | 7.2 HIGH | N/A |
| Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local user to gain privileges via modified Status Register contents, which are not properly handled by (1) the sigreturn system call or (2) the process_write_regs kernel routine. | |||||
| CVE-2001-0735 | 1 Infodrom | 1 Cfingerd | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file. | |||||
| CVE-2001-0736 | 5 Engardelinux, Immunix, Mandrakesoft and 2 more | 6 Secure Linux, Immunix, Mandrake Linux and 3 more | 2017-12-19 | 2.1 LOW | N/A |
| Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2001-0737 | 1 Logitech | 4 Cordless Freedom, Cordless Freedom Navigator, Cordless Freedom Pro and 1 more | 2017-12-19 | 7.5 HIGH | N/A |
| A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack. | |||||
| CVE-2001-0746 | 1 Iplanet | 1 Iplanet Web Server | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods. | |||||
| CVE-2001-0768 | 1 Steve Poulsen | 1 Guildftpd | 2017-12-19 | 4.6 MEDIUM | N/A |
| GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file. | |||||
| CVE-2001-0772 | 1 Hp | 1 Hp-ux | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges. | |||||
| CVE-2001-0776 | 1 Dynfx | 1 Dynfx Mailserver | 2017-12-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in DynFX MailServer version 2.10 allows remote attackers to conduct a denial of service via a long username to the POP3 service. | |||||
| CVE-2001-0777 | 1 Omnicron | 1 Omnihttpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests for PHP scripts. | |||||
| CVE-2001-0778 | 1 Omnicron | 1 Omnihttpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20). | |||||
| CVE-2001-0781 | 1 Pi-soft | 1 Spoonftp | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST. | |||||
| CVE-2001-0782 | 1 Kde | 1 Ktv | 2017-12-19 | 7.2 HIGH | N/A |
| KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file. | |||||
| CVE-2001-0783 | 1 Cisco | 1 Tftp Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command. | |||||
| CVE-2001-0808 | 1 Yngve Svendsen | 1 Gnatsweb | 2017-12-19 | 10.0 HIGH | N/A |
| gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter. | |||||
| CVE-2001-0817 | 1 Hp | 1 Hp-ux | 2017-12-19 | 10.0 HIGH | N/A |
| Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request. | |||||
| CVE-2001-0818 | 1 Marty Bochane | 1 Mdbms | 2017-12-19 | 7.5 HIGH | N/A |
| A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data. | |||||
| CVE-2001-0820 | 1 Gaztek | 1 Ghttp | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c. | |||||
| CVE-2001-0821 | 1 Dcscripts | 1 Dcshop | 2017-12-19 | 5.0 MEDIUM | N/A |
| The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt. | |||||
| CVE-2001-0835 | 1 Bradford Barrett | 1 Webalizer | 2017-12-19 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup. | |||||
| CVE-2001-0839 | 1 Ibill Internet Billing Company | 1 Processing Plus | 2017-12-19 | 7.5 HIGH | N/A |
| ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing. | |||||
| CVE-2001-0845 | 1 Dec | 4 Dec Openvms, Dec Openvms Alpha, Sevms and 1 more | 2017-12-19 | 4.6 MEDIUM | N/A |
| Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources. | |||||
| CVE-2001-0847 | 1 Lotus | 1 Domino Web Server | 2017-12-19 | 7.5 HIGH | N/A |
| Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID. | |||||
| CVE-2001-0849 | 1 Duncan Hall | 1 Viralator | 2017-12-19 | 7.5 HIGH | N/A |
| viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget. | |||||
| CVE-2001-0868 | 1 Redhat | 1 Stronghold | 2017-12-19 | 5.0 MEDIUM | N/A |
| Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status. | |||||
| CVE-2001-0870 | 2 Alchemy Lab, Dek Software | 2 Alchemy Eye, Alchemy Network Monitor | 2017-12-19 | 5.0 MEDIUM | N/A |
| HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file. | |||||
| CVE-2001-0871 | 2 Alchemy Lab, Dek Software | 2 Alchemy Eye, Alchemy Network Monitor | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10. | |||||
| CVE-2001-0908 | 1 Citrix | 1 Metaframe | 2017-12-19 | 7.5 HIGH | N/A |
| CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT). | |||||
| CVE-2001-0910 | 1 Emc | 1 Networker | 2017-12-19 | 7.5 HIGH | N/A |
| Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup. | |||||
| CVE-2001-0911 | 2 Francisco Burzi, Postnuke Software Foundation | 2 Php-nuke, Postnuke | 2017-12-19 | 7.5 HIGH | N/A |
| PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. | |||||
| CVE-2001-0922 | 1 Sun | 1 Netdynamics | 2017-12-19 | 7.5 HIGH | N/A |
| ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in. | |||||
| CVE-2001-0923 | 1 Redhat | 1 Redhat Package Manager | 2017-12-19 | 7.2 HIGH | N/A |
| RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried. | |||||
| CVE-2001-0924 | 1 Ibm | 1 Informix Web Datablade | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter. | |||||
| CVE-2001-0926 | 1 Macromedia | 1 Jrun | 2017-12-19 | 5.0 MEDIUM | N/A |
| SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement. | |||||