Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0745 | 1 Netscape | 1 Messanger | 2017-10-10 | 5.0 MEDIUM | N/A |
| Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property. | |||||
| CVE-2001-0749 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Embedded-webserver | 2017-10-10 | 7.5 HIGH | N/A |
| Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root. | |||||
| CVE-2001-0750 | 1 Cisco | 1 Ios | 2017-10-10 | 5.0 MEDIUM | N/A |
| Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. | |||||
| CVE-2001-0751 | 1 Cisco | 1 Cbos | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections. | |||||
| CVE-2001-0752 | 1 Cisco | 1 Cbos | 2017-10-10 | 5.0 MEDIUM | N/A |
| Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set. | |||||
| CVE-2001-0754 | 1 Cisco | 1 Cbos | 2017-10-10 | 5.0 MEDIUM | N/A |
| Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets. | |||||
| CVE-2001-0757 | 1 Cisco | 1 6400 Nrp 2 | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet. | |||||
| CVE-2001-0760 | 1 Citrix | 1 Nfuse | 2017-10-10 | 5.0 MEDIUM | N/A |
| Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field. | |||||
| CVE-2001-0764 | 1 Juergen Schoenwaelder | 1 Scotty | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument. | |||||
| CVE-2001-0765 | 1 Bisonware | 1 Bison Ftp Server | 2017-10-10 | 4.6 MEDIUM | N/A |
| BisonFTP V4R1 allows local users to access directories outside of their home directory by uploading .bdl files, which can then be linked to other directories. | |||||
| CVE-2001-0769 | 1 Steve Poulsen | 1 Guildftpd | 2017-10-10 | 5.0 MEDIUM | N/A |
| Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause a denial of service via a request containing a null character. | |||||
| CVE-2001-0770 | 1 Steve Poulsen | 1 Guildftpd | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command. | |||||
| CVE-2001-0773 | 1 Cayman | 1 3220-h Dsl Router | 2017-10-10 | 5.0 MEDIUM | N/A |
| Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests. | |||||
| CVE-2001-0774 | 1 Tripwire | 1 Tripwire | 2017-10-10 | 4.6 MEDIUM | N/A |
| Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files. | |||||
| CVE-2001-0784 | 1 Icecast | 1 Icecast | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters. | |||||
| CVE-2001-0787 | 1 Redhat | 1 Linux | 2017-10-10 | 4.6 MEDIUM | N/A |
| LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges. | |||||
| CVE-2001-0792 | 1 Xchat | 1 Xchat | 2017-10-10 | 7.5 HIGH | N/A |
| Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname. | |||||
| CVE-2001-0796 | 2 Freebsd, Sgi | 2 Freebsd, Irix | 2017-10-10 | 5.0 MEDIUM | N/A |
| SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay. | |||||
| CVE-2001-0801 | 1 Sgi | 1 Irix | 2017-10-10 | 7.2 HIGH | N/A |
| lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library. | |||||
| CVE-2001-0803 | 1 Open Group | 1 Cde Common Desktop Environment | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands. | |||||
| CVE-2001-0804 | 1 Valerie Mates | 1 Interactive Story | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. (dot dot) attack on the "next" parameter. | |||||
| CVE-2001-0805 | 1 Tarantella | 1 Tarantella Enterprise | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter. | |||||
| CVE-2001-0806 | 1 Apple | 1 Mac Os X | 2017-10-10 | 3.6 LOW | N/A |
| Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages. | |||||
| CVE-2001-0815 | 1 Activestate | 1 Activeperl | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension. | |||||
| CVE-2001-0816 | 1 Openbsd | 1 Openssh | 2017-10-10 | 7.5 HIGH | N/A |
| OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands. | |||||
| CVE-2001-0819 | 1 Fetchmail | 1 Fetchmail | 2017-10-10 | 7.5 HIGH | N/A |
| A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header. | |||||
| CVE-2001-0822 | 1 Packet Knights | 1 Fpf Linux Kernel Module | 2017-10-10 | 5.0 MEDIUM | N/A |
| FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets. | |||||
| CVE-2001-0823 | 1 Sgi | 1 Performance Co-pilot | 2017-10-10 | 7.2 HIGH | N/A |
| The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR). | |||||
| CVE-2001-0828 | 1 Caucho Technology | 1 Resin | 2017-10-10 | 5.1 MEDIUM | N/A |
| A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript. | |||||
| CVE-2001-0830 | 1 Pld | 1 6tunnel | 2017-10-10 | 5.0 MEDIUM | N/A |
| 6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server. | |||||
| CVE-2001-0834 | 4 Conectiva, Debian, Htdig and 1 more | 4 Linux, Debian Linux, Htdig and 1 more | 2017-10-10 | 6.4 MEDIUM | N/A |
| htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file. | |||||
| CVE-2001-0836 | 1 Oracle | 1 Application Server Web Cache | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2001-0837 | 1 Deltathree | 1 Pc-to-phone | 2017-10-10 | 2.1 LOW | N/A |
| DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder. | |||||
| CVE-2001-0843 | 1 Squid | 1 Squid Web Proxy | 2017-10-10 | 5.0 MEDIUM | N/A |
| Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request. | |||||
| CVE-2001-0846 | 1 Lotus | 1 Domino | 2017-10-10 | 10.0 HIGH | N/A |
| Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf). | |||||
| CVE-2001-0850 | 1 Caldera | 1 Openlinux | 2017-10-10 | 10.0 HIGH | N/A |
| A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow. | |||||
| CVE-2001-0851 | 3 Caldera, Linux, Suse | 7 Openlinux, Openlinux Edesktop, Openlinux Eserver and 4 more | 2017-10-10 | 5.0 MEDIUM | N/A |
| Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie. | |||||
| CVE-2001-0857 | 1 Imp | 1 Webmail | 2017-10-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter. | |||||
| CVE-2001-0859 | 1 Redhat | 1 Linux | 2017-10-10 | 5.0 MEDIUM | N/A |
| 2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions. | |||||
| CVE-2001-0860 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2017-10-10 | 7.5 HIGH | N/A |
| Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT). | |||||
| CVE-2001-0861 | 1 Cisco | 1 12000 Router | 2017-10-10 | 5.0 MEDIUM | N/A |
| Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies. | |||||
| CVE-2001-0862 | 1 Cisco | 1 12000 Router | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL. | |||||
| CVE-2001-0863 | 1 Cisco | 1 12000 Router | 2017-10-10 | 5.0 MEDIUM | N/A |
| Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments. | |||||
| CVE-2001-0864 | 1 Cisco | 1 12000 Router | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions. | |||||
| CVE-2001-0865 | 1 Cisco | 1 12000 Router | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access. | |||||
| CVE-2001-0867 | 1 Cisco | 1 12000 Router | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls. | |||||
| CVE-2001-0873 | 1 Ian Lance Taylor | 1 Taylor Uucp | 2017-10-10 | 7.2 HIGH | N/A |
| uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option. | |||||
| CVE-2001-0884 | 1 Gnu | 1 Mailman | 2017-10-10 | 5.1 MEDIUM | N/A |
| Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users. | |||||
| CVE-2001-0887 | 1 Oliver Rauch | 1 Xsane | 2017-10-10 | 1.2 LOW | N/A |
| xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files. | |||||
| CVE-2001-0888 | 3 Atmel, Linksys, Netgear | 3 Firmware, Wap11, Me102 | 2017-10-10 | 5.0 MEDIUM | N/A |
| Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests. | |||||