Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1073 | 1 Webridge | 1 Px Application Suite | 2017-12-19 | 5.0 MEDIUM | N/A |
| Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR. | |||||
| CVE-2001-1077 | 1 Rxvt | 1 Rxvt | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument. | |||||
| CVE-2001-1078 | 1 Extremail | 1 Extremail | 2017-12-19 | 10.0 HIGH | N/A |
| Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication. | |||||
| CVE-2001-1086 | 1 Xfree86 Project | 1 X11r6 | 2017-12-19 | 7.5 HIGH | N/A |
| XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack. | |||||
| CVE-2001-1087 | 1 Network Appliance | 1 Netcache | 2017-12-19 | 7.5 HIGH | N/A |
| The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device. | |||||
| CVE-2001-1090 | 1 Alessandro Gardich | 1 Nss Postgresql | 2017-12-19 | 7.5 HIGH | N/A |
| nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request. | |||||
| CVE-2001-1091 | 1 Netbsd | 1 Netbsd | 2017-12-19 | 7.2 HIGH | N/A |
| The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable. | |||||
| CVE-2001-1092 | 1 Compaq | 1 Tru64 | 2017-12-19 | 2.1 LOW | N/A |
| msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file. | |||||
| CVE-2001-1093 | 1 Compaq | 1 Tru64 | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2001-1094 | 1 Crosstec Corporation | 1 Netop School | 2017-12-19 | 4.6 MEDIUM | N/A |
| NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version. | |||||
| CVE-2001-1097 | 1 Cisco | 1 Ios | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. | |||||
| CVE-2001-1101 | 1 Checkpoint | 1 Firewall-1 | 2017-12-19 | 6.4 MEDIUM | N/A |
| The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2001-1102 | 1 Checkpoint | 1 Firewall-1 | 2017-12-19 | 6.2 MEDIUM | N/A |
| Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable. | |||||
| CVE-2001-1107 | 1 Snapstream | 1 Pvs | 2017-12-19 | 5.0 MEDIUM | N/A |
| SnapStream PVS 1.2a stores its passwords in plaintext in the file SSD.ini, which could allow a remote attacker to gain privileges on the server. | |||||
| CVE-2001-1109 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands. | |||||
| CVE-2001-1111 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2017-12-19 | 4.6 MEDIUM | N/A |
| EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file. | |||||
| CVE-2001-1112 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters. | |||||
| CVE-2001-1114 | 1 Netcode | 1 Nc Book | 2017-12-19 | 7.5 HIGH | N/A |
| book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter. | |||||
| CVE-2001-1115 | 1 Sixhead | 1 Six-webboard | 2017-12-19 | 5.0 MEDIUM | N/A |
| generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter. | |||||
| CVE-2001-1120 | 1 Allaire | 1 Coldfusion Server | 2017-12-19 | 6.4 MEDIUM | N/A |
| Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates. | |||||
| CVE-2001-1122 | 1 Microsoft | 1 Windows Nt | 2017-12-19 | 2.1 LOW | N/A |
| Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode. | |||||
| CVE-2001-1123 | 1 Hp | 1 Openview Network Node Manager | 2017-12-19 | 7.2 HIGH | N/A |
| Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID. | |||||
| CVE-2001-1124 | 1 Hp | 1 Hp-ux | 2017-12-19 | 5.0 MEDIUM | N/A |
| rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow. | |||||
| CVE-2001-1125 | 1 Symantec | 1 Liveupdate | 2017-12-19 | 7.5 HIGH | N/A |
| Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. | |||||
| CVE-2001-1126 | 1 Symantec | 1 Liveupdate | 2017-12-19 | 5.0 MEDIUM | N/A |
| Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site. | |||||
| CVE-2001-1127 | 1 Progress | 1 Progress | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. | |||||
| CVE-2001-1128 | 1 Progress | 1 Progress | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. | |||||
| CVE-2001-1129 | 1 Progress | 1 Progress | 2017-12-19 | 7.2 HIGH | N/A |
| Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. | |||||
| CVE-2001-1135 | 1 Zyxel | 1 Prestige | 2017-12-19 | 7.5 HIGH | N/A |
| ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known. | |||||
| CVE-2001-1136 | 1 Hp | 1 Hp-ux | 2017-12-19 | 2.1 LOW | N/A |
| The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service. | |||||
| CVE-2001-1137 | 1 D-link | 1 Dl-704 | 2017-12-19 | 5.0 MEDIUM | N/A |
| D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments. | |||||
| CVE-2001-1138 | 1 Randy Parker | 1 Power Up Html | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter. | |||||
| CVE-2001-1140 | 1 Working Resources Inc. | 1 Badblue | 2017-12-19 | 5.0 MEDIUM | N/A |
| BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request. | |||||
| CVE-2001-1151 | 1 Trend Micro | 2 Officescan, Virus Buster | 2017-12-19 | 5.0 MEDIUM | N/A |
| Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password. | |||||
| CVE-2001-1154 | 2 Bsdi, Carnegie Mellon University | 2 Bsd Os, Cyrus Imap Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients. | |||||
| CVE-2001-1170 | 1 Amtote International | 1 Homebet | 2017-12-19 | 5.0 MEDIUM | N/A |
| AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers. | |||||
| CVE-2001-1178 | 1 Xfree86 Project | 1 X11r6 | 2017-12-19 | 7.2 HIGH | N/A |
| Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable. | |||||
| CVE-2001-1181 | 1 Hp | 1 Hp-ux | 2017-12-19 | 7.2 HIGH | N/A |
| Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges. | |||||
| CVE-2001-1232 | 1 Novell | 1 Groupwise | 2017-12-19 | 5.0 MEDIUM | N/A |
| GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get". | |||||
| CVE-2001-1256 | 1 Hp | 1 Hp-ux | 2017-12-19 | 1.2 LOW | N/A |
| kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files. | |||||
| CVE-2001-1263 | 1 Pragma Systems | 1 Interaccess | 2017-12-19 | 5.0 MEDIUM | N/A |
| telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers to cause a denial of service (crash) via a large number of characters to port 23, possibly due to a buffer overflow. | |||||
| CVE-2001-1264 | 1 Hp | 2 Hp-ux, Vvos | 2017-12-19 | 10.0 HIGH | N/A |
| Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges. | |||||
| CVE-2001-1265 | 1 Ibm | 1 Alphaworks Tftp Server | 2017-12-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2001-1290 | 1 Active Web Suite Technologies | 1 Active Classifieds | 2017-12-19 | 5.0 MEDIUM | N/A |
| admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter. | |||||
| CVE-2001-1307 | 1 Sun | 1 Iplanet Directory Server | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2001-1308 | 1 Sun | 1 Iplanet Directory Server | 2017-12-19 | 7.5 HIGH | N/A |
| Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2001-1309 | 1 Ibm | 1 Secureway Directory | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2001-1310 | 1 Ibm | 1 Secureway Directory | 2017-12-19 | 7.5 HIGH | N/A |
| IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2001-1316 | 1 Teamware | 1 Teamware Office | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||||
| CVE-2001-1320 | 1 Pgp | 1 Keyserver | 2017-12-19 | 7.5 HIGH | N/A |
| Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite. | |||||