Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0142 | 1 Pi3 | 1 Pi3web | 2016-10-18 | 7.5 HIGH | N/A |
| CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters. | |||||
| CVE-2002-0159 | 1 Cisco | 1 Secure Access Control Server | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. | |||||
| CVE-2002-0160 | 1 Cisco | 1 Secure Access Control Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. | |||||
| CVE-2002-0162 | 1 Logwatch | 1 Logwatch | 2016-10-18 | 6.2 MEDIUM | N/A |
| LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory. | |||||
| CVE-2002-0163 | 1 Squid | 1 Squid | 2016-10-18 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses. | |||||
| CVE-2002-0165 | 1 Logwatch | 1 Logwatch | 2016-10-18 | 7.2 HIGH | N/A |
| LogWatch 2.5 allows local users to gain root privileges via a symlink attack, a different vulnerability than CVE-2002-0162. | |||||
| CVE-2002-0170 | 1 Zope | 1 Zope | 2016-10-18 | 7.5 HIGH | N/A |
| Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. | |||||
| CVE-2002-0177 | 1 Icecast | 1 Icecast | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client. | |||||
| CVE-2002-0178 | 1 Gnu | 1 Sharutils | 2016-10-18 | 7.2 HIGH | N/A |
| uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands. | |||||
| CVE-2002-0181 | 1 Horde | 2 Horde, Imp | 2016-10-18 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. | |||||
| CVE-2002-0197 | 1 Psychoid | 1 Psybnc | 2016-10-18 | 7.5 HIGH | N/A |
| psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate. | |||||
| CVE-2002-0198 | 1 Paul L Daniels | 2 Inflex, Ripmime | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename. | |||||
| CVE-2001-1401 | 1 Mozilla | 1 Bugzilla | 2016-10-18 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi. | |||||
| CVE-2001-1402 | 1 Mozilla | 1 Bugzilla | 2016-10-18 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi. | |||||
| CVE-2001-1403 | 1 Mozilla | 1 Bugzilla | 2016-10-18 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar. | |||||
| CVE-2001-1404 | 1 Mozilla | 1 Bugzilla | 2016-10-18 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges. | |||||
| CVE-2001-1405 | 1 Mozilla | 1 Bugzilla | 2016-10-18 | 2.1 LOW | N/A |
| Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi. | |||||
| CVE-2001-1406 | 1 Mozilla | 1 Bugzilla | 2016-10-18 | 2.1 LOW | N/A |
| process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent. | |||||
| CVE-2001-1407 | 1 Mozilla | 1 Bugzilla | 2016-10-18 | 7.5 HIGH | N/A |
| Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug. | |||||
| CVE-2001-1411 | 1 Apple | 1 Mac Os X | 2016-10-18 | 7.2 HIGH | N/A |
| Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs. | |||||
| CVE-2001-1412 | 1 Apple | 1 Mac Os X | 2016-10-18 | 2.1 LOW | N/A |
| nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument. | |||||
| CVE-2001-1562 | 1 Bsd | 1 Nvi | 2016-10-18 | 7.2 HIGH | N/A |
| Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename. | |||||
| CVE-2001-1567 | 1 Ibm | 2 Lotus Domino, Lotus Domino Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino. | |||||
| CVE-2002-0001 | 1 Mutt | 1 Mutt | 2016-10-18 | 7.5 HIGH | N/A |
| Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the address list. | |||||
| CVE-2002-0014 | 1 University Of Washington | 1 Pine | 2016-10-18 | 7.5 HIGH | N/A |
| URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&). | |||||
| CVE-2002-0048 | 1 Andrew Tridgell | 1 Rsync | 2016-10-18 | 10.0 HIGH | N/A |
| Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server. | |||||
| CVE-2002-0067 | 2 Redhat, Squid | 2 Linux, Squid | 2016-10-18 | 7.5 HIGH | N/A |
| Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2002-0068 | 2 Redhat, Squid | 2 Linux, Squid | 2016-10-18 | 7.5 HIGH | N/A |
| Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters. | |||||
| CVE-2002-0069 | 2 Redhat, Squid | 2 Linux, Squid | 2016-10-18 | 2.6 LOW | N/A |
| Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service. | |||||
| CVE-2002-0081 | 1 Php | 1 Php | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled. | |||||
| CVE-2001-0983 | 1 Ultraedit | 1 Ultraedit-32 | 2016-10-18 | 4.6 MEDIUM | N/A |
| UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges. | |||||
| CVE-2001-1003 | 1 Webct | 1 Respondus | 2016-10-18 | 4.6 MEDIUM | N/A |
| Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges. | |||||
| CVE-2001-1041 | 1 Oracle | 1 Database Server | 2016-10-18 | 2.1 LOW | N/A |
| oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable. | |||||
| CVE-2001-1196 | 1 Webmin | 1 Webmin | 2016-10-18 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument. | |||||
| CVE-2001-1201 | 1 Timecop | 1 Wmcube Gdk | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file. | |||||
| CVE-2001-1202 | 1 Delegate | 1 Delegate | 2016-10-18 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error. | |||||
| CVE-2001-1205 | 1 Matrixs Cgi Vault | 1 Last Lines | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable. | |||||
| CVE-2001-1206 | 1 Matrixs Cgi Vault | 1 Last Lines | 2016-10-18 | 7.5 HIGH | N/A |
| Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $error_log variable. | |||||
| CVE-2001-1208 | 1 Daydream | 1 Daydream Bbs | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in DayDream BBS allows remote attackers to execute arbitrary code via format string specifiers in a file containing a ~#RA control code. | |||||
| CVE-2001-1229 | 2 Icecast, Libshout | 2 Icecast, Libshout | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. | |||||
| CVE-2001-1230 | 1 Icecast | 1 Icecast | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. | |||||
| CVE-2001-1276 | 1 Itcorp | 1 Ispell | 2016-10-18 | 1.2 LOW | N/A |
| ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file. | |||||
| CVE-2001-1277 | 1 Wolfram Schneider | 1 Makewhatis | 2016-10-18 | 2.1 LOW | N/A |
| makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters. | |||||
| CVE-2001-1305 | 1 Mirabilis | 1 Icq | 2016-10-18 | 5.0 MEDIUM | N/A |
| ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer. | |||||
| CVE-2001-1334 | 1 Phpslash | 1 Phpslash | 2016-10-18 | 5.0 MEDIUM | N/A |
| Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL. | |||||
| CVE-2001-1350 | 1 Namazu | 1 Namazu | 2016-10-18 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter. | |||||
| CVE-2001-1353 | 1 Aladdin Enterprises | 1 Ghostscript | 2016-10-18 | 2.6 LOW | N/A |
| ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled. | |||||
| CVE-2001-1370 | 1 Phplib Team | 1 Phplib | 2016-10-18 | 10.0 HIGH | N/A |
| prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib. | |||||
| CVE-2001-1371 | 1 Oracle | 1 Application Server | 2016-10-18 | 7.5 HIGH | N/A |
| The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | |||||
| CVE-2001-1384 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 7.2 HIGH | N/A |
| ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp. | |||||