Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0931 | 1 Cooolsoft | 1 Powerftp | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET. | |||||
| CVE-2001-0932 | 1 Cooolsoft | 1 Powerftp | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command. | |||||
| CVE-2001-0947 | 1 Valicert | 1 Enterprise Validation Authority | 2017-12-19 | 7.5 HIGH | N/A |
| Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path. | |||||
| CVE-2001-0948 | 1 Valicert | 1 Enterprise Validation Authority | 2017-12-19 | 7.5 HIGH | N/A |
| Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed. | |||||
| CVE-2001-0949 | 1 Valicert | 1 Enterprise Validation Authority | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length. | |||||
| CVE-2001-0950 | 1 Valicert | 1 Enterprise Validation Authority | 2017-12-19 | 7.5 HIGH | N/A |
| ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing. | |||||
| CVE-2001-0952 | 1 Volition | 1 Red Faction | 2017-12-19 | 5.0 MEDIUM | N/A |
| THQ Volition Red Faction Game allows remote attackers to cause a denial of service (hang) of a client or server via packets to UDP port 7755. | |||||
| CVE-2001-0953 | 1 Nara Vision | 1 Kebi Community | 2017-12-19 | 10.0 HIGH | N/A |
| Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root. | |||||
| CVE-2001-0955 | 1 Xfree86 Project | 1 X11r6 | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title. | |||||
| CVE-2001-0956 | 1 Speechio | 1 Speechd | 2017-12-19 | 7.2 HIGH | N/A |
| speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2001-0958 | 1 Trend Micro | 2 Interscan Emanager, Interscan Viruswall | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll. | |||||
| CVE-2001-0964 | 1 Valve Software | 1 Half-life | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command. | |||||
| CVE-2001-0974 | 1 Oracle | 1 Internet Directory | 2017-12-19 | 7.5 HIGH | N/A |
| Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2001-0975 | 1 Oracle | 1 Internet Directory | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2001-0979 | 1 Hp | 1 Hp-ux | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument. | |||||
| CVE-2001-0985 | 1 Hassan Consulting | 1 Shopping Cart | 2017-12-19 | 7.5 HIGH | N/A |
| shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter. | |||||
| CVE-2001-0986 | 1 Microsoft | 1 Index Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. | |||||
| CVE-2001-0988 | 1 Knox Software | 1 Arkeia | 2017-12-19 | 7.2 HIGH | N/A |
| Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information. | |||||
| CVE-2001-0990 | 1 Inter7 | 1 Vpopmail | 2017-12-19 | 4.6 MEDIUM | N/A |
| Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library. | |||||
| CVE-2001-0991 | 1 Scott R. Lemmon | 1 Proxomitron Naoko-4 | 2017-12-19 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message. | |||||
| CVE-2001-0992 | 1 Kabotie Software Technologies | 1 Shopplus Cart | 2017-12-19 | 7.5 HIGH | N/A |
| shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter. | |||||
| CVE-2001-0994 | 1 Marconi | 1 Forethought | 2017-12-19 | 5.0 MEDIUM | N/A |
| Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents others from logging into the device. | |||||
| CVE-2001-0996 | 1 Pop3lite | 1 Pop3lite | 2017-12-19 | 6.4 MEDIUM | N/A |
| POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly. | |||||
| CVE-2001-0997 | 1 Textor Webmasters Ltd. | 1 Listrec.pl | 2017-12-19 | 7.5 HIGH | N/A |
| Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter. | |||||
| CVE-2001-0999 | 1 Microsoft | 1 Outlook Express | 2017-12-19 | 7.5 HIGH | N/A |
| Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. | |||||
| CVE-2001-1000 | 1 Merit | 1 Aaa Radius Server | 2017-12-19 | 2.1 LOW | N/A |
| rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file. | |||||
| CVE-2001-1012 | 1 Suse | 1 Suse Linux | 2017-12-19 | 7.2 HIGH | N/A |
| Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/. | |||||
| CVE-2001-1013 | 1 Redhat | 1 Linux | 2017-12-19 | 5.0 MEDIUM | N/A |
| Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server. | |||||
| CVE-2001-1014 | 1 Michael Boehme | 1 Webdiscount E Shop Online Shop System | 2017-12-19 | 7.5 HIGH | N/A |
| eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter. | |||||
| CVE-2001-1018 | 1 Lotus | 1 Domino | 2017-12-19 | 5.0 MEDIUM | N/A |
| Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters. | |||||
| CVE-2001-1019 | 1 Seaglass Technologies Inc. | 1 Sglmerchant | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter. | |||||
| CVE-2001-1023 | 1 Xcache Technologies | 1 Xcache | 2017-12-19 | 5.0 MEDIUM | N/A |
| Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header. | |||||
| CVE-2001-1024 | 1 Entrust | 1 Getaccess | 2017-12-19 | 7.5 HIGH | N/A |
| login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument. | |||||
| CVE-2001-1026 | 1 Trend Micro | 1 Interscan Applettrap | 2017-12-19 | 7.5 HIGH | N/A |
| Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address. | |||||
| CVE-2001-1031 | 1 Charles Clark | 1 Meteor Ftpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Meteor FTP 1.0 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the ls/LIST command, or (2) a ... in the cd/CWD command. | |||||
| CVE-2001-1033 | 1 Compaq | 2 Tru64, Trucluster | 2017-12-19 | 5.0 MEDIUM | N/A |
| Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state. | |||||
| CVE-2001-1034 | 1 Freebsd | 1 Freebsd | 2017-12-19 | 7.2 HIGH | N/A |
| Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter. | |||||
| CVE-2001-1042 | 1 Transsoft | 1 Broker Ftp Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | |||||
| CVE-2001-1044 | 1 Basilix | 1 Basilix Webmail | 2017-12-19 | 7.5 HIGH | N/A |
| Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file. | |||||
| CVE-2001-1045 | 1 Basilix | 1 Basilix Webmail | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter. | |||||
| CVE-2001-1047 | 1 Openbsd | 1 Openbsd | 2017-12-19 | 1.2 LOW | N/A |
| Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork. | |||||
| CVE-2001-1050 | 1 Cccsoftware | 1 Ccc | 2017-12-19 | 7.5 HIGH | N/A |
| CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1051 | 1 Dark Hart Portal | 1 Darkportal-unix | 2017-12-19 | 7.5 HIGH | N/A |
| Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1052 | 1 Emergenices Personnel Information System | 1 Empris | 2017-12-19 | 7.5 HIGH | N/A |
| Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1057 | 1 Wolfram Research | 1 Mathematica | 2017-12-19 | 5.0 MEDIUM | N/A |
| The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests. | |||||
| CVE-2001-1058 | 1 Wolfram Research | 1 Mathematica | 2017-12-19 | 7.5 HIGH | N/A |
| The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license. | |||||
| CVE-2001-1064 | 1 Cisco | 1 Cbos | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets. | |||||
| CVE-2001-1065 | 1 Cisco | 1 Cbos | 2017-12-19 | 5.0 MEDIUM | N/A |
| Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. | |||||
| CVE-2001-1068 | 1 Qualcomm | 1 Qpopper | 2017-12-19 | 5.0 MEDIUM | N/A |
| qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system. | |||||
| CVE-2001-1070 | 1 Sage Software | 1 Mas 200 | 2017-12-19 | 2.1 LOW | N/A |
| Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters. | |||||