Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1385 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. | |||||
| CVE-2001-1389 | 1 Xinetd | 1 Xinetd | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination. | |||||
| CVE-2001-0903 | 1 Intel | 1 High-bandwidth Digital Content Protection | 2016-10-18 | 7.5 HIGH | N/A |
| Linear key exchange process in High-bandwidth Digital Content Protection (HDCP) System allows remote attackers to access data as plaintext, avoid device blacklists, clone devices, and create new device keyvectors by computing and using alternate key combinations for authentication. | |||||
| CVE-2001-0913 | 1 Network Solutions | 1 Rwhoisd | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and earlier, when using syslog, allows remote attackers to corrupt memory and possibly execute arbitrary code via a rwhois request that contains format specifiers. | |||||
| CVE-2001-0915 | 1 Berkeley | 1 Pmake | 2016-10-18 | 7.2 HIGH | N/A |
| Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition. | |||||
| CVE-2001-0916 | 1 Berkeley | 1 Pmake | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via a long check argument of a shell definition. | |||||
| CVE-2001-0927 | 1 Gnome | 1 Libgtop Daemon | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions. | |||||
| CVE-2001-0928 | 1 Gnome | 1 Libgtop Daemon | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data. | |||||
| CVE-2001-0930 | 1 Sendpage | 1 Sendpage.pl | 2016-10-18 | 7.5 HIGH | N/A |
| Sendpage.pl allows remote attackers to execute arbitrary commands via a message containing shell metacharacters. | |||||
| CVE-2001-0933 | 1 Cooolsoft | 1 Powerftp | 2016-10-18 | 7.5 HIGH | N/A |
| Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an argument, e.g. "ls C:". | |||||
| CVE-2001-0934 | 1 Cooolsoft | 1 Powerftp | 2016-10-18 | 7.5 HIGH | N/A |
| Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname. | |||||
| CVE-2001-0937 | 1 Matt Wright | 1 Pgpmail.pl | 2016-10-18 | 7.5 HIGH | N/A |
| PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters. | |||||
| CVE-2001-0938 | 1 Persits | 1 Aspupload | 2016-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp. | |||||
| CVE-2001-0944 | 1 Khaled Mardam-bey | 1 Mirc | 2016-10-18 | 7.2 HIGH | N/A |
| DDE in mIRC allows local users to launch applications under another user's account via a DDE message that executes a command, which may be executed by the other user's process. | |||||
| CVE-2001-0945 | 1 Microsoft | 1 Outlook Express | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line. | |||||
| CVE-2001-0831 | 1 Oracle | 1 Database Server | 2016-10-18 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access. | |||||
| CVE-2001-0832 | 1 Oracle | 1 Database Server | 2016-10-18 | 2.1 LOW | N/A |
| Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability." | |||||
| CVE-2001-0841 | 1 Ikonboard.com | 1 Ikonboard | 2016-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie. | |||||
| CVE-2001-0842 | 1 Leoboard | 1 Lb5000 | 2016-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie. | |||||
| CVE-2001-0844 | 1 Seth Leonard | 2 Book Of Guests, Post It | 2016-10-18 | 7.5 HIGH | N/A |
| Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter. | |||||
| CVE-2001-0848 | 1 E-zone Media | 1 Fuse Talk | 2016-10-18 | 4.6 MEDIUM | N/A |
| join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable. | |||||
| CVE-2001-0854 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user. | |||||
| CVE-2001-0855 | 1 Rational Software | 1 Clearcase | 2016-10-18 | 7.2 HIGH | N/A |
| Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable. | |||||
| CVE-2001-0856 | 1 Ibm | 1 4758 | 2016-10-18 | 4.6 MEDIUM | N/A |
| Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key. | |||||
| CVE-2001-0858 | 1 Caldera | 2 Openunix, Unixware | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges. | |||||
| CVE-2001-0897 | 1 Infopop | 1 Ultimate Bulletin Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field. | |||||
| CVE-2001-0898 | 1 Opera Software | 1 Opera Web Browser | 2016-10-18 | 5.0 MEDIUM | N/A |
| Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache. | |||||
| CVE-2001-0410 | 1 Trend Micro | 1 Virus Buster 2001 | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long "From" header. | |||||
| CVE-2001-0411 | 1 Siemens | 1 Reliant Unix | 2016-10-18 | 5.0 MEDIUM | N/A |
| Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet. | |||||
| CVE-2001-0419 | 1 Oracle | 1 Application Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/. | |||||
| CVE-2001-0424 | 2 Freebsd, Timecop | 2 Freebsd, Bubblemon | 2016-10-18 | 7.2 HIGH | N/A |
| BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id. | |||||
| CVE-2001-0433 | 1 Micheal Lamont | 1 Savant Webserver | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header. | |||||
| CVE-2001-0435 | 1 Pgp | 1 Pgp | 2016-10-18 | 4.6 MEDIUM | N/A |
| The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate. | |||||
| CVE-2001-0446 | 1 Ibm | 1 Websphere Commerce Suite | 2016-10-18 | 5.0 MEDIUM | N/A |
| IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL. | |||||
| CVE-2001-0464 | 1 Crosswind | 1 Cyberscheduler | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter. | |||||
| CVE-2001-0466 | 1 Microburst | 1 Ustorekeeper Online Shopping System | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ustorekeeper 1.61 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2001-0552 | 2 Hp, Ibm | 2 Openview Network Node Manager, Tivoli Netview | 2016-10-18 | 10.0 HIGH | N/A |
| ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message. | |||||
| CVE-2001-0571 | 1 Elron | 2 Im Anti Virus, Im Message Inspector | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL. | |||||
| CVE-2001-0605 | 1 Headlight Software | 1 Mygetright | 2016-10-18 | 7.5 HIGH | N/A |
| Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data. | |||||
| CVE-2001-0669 | 4 Cisco, Enterasys, Iss and 1 more | 6 Catalyst 6000 Intrusion Detection System Module, Secure Intrusion Detection System, Dragon and 3 more | 2016-10-18 | 7.5 HIGH | N/A |
| Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL. | |||||
| CVE-2001-0756 | 1 Virtualcart | 1 Virtualcatalog | 2016-10-18 | 7.5 HIGH | N/A |
| CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualCart) allows remote attackers to execute arbitrary code via the template parameter. | |||||
| CVE-2001-0205 | 1 Aol | 1 Aol Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "..." into the requested pathname, a modified .. (dot dot) attack. | |||||
| CVE-2001-0254 | 1 Fastream | 1 Ftp\+\+ Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real pathname of the server via the "pwd" command. | |||||
| CVE-2001-0277 | 1 Working Resources Inc. | 1 Badblue | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. | |||||
| CVE-2001-0295 | 1 Jarle Aase | 1 War Ftpd | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command. | |||||
| CVE-2001-0304 | 1 Caucho Technology | 1 Resin | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a "\.." (dot dot) in a URL request. | |||||
| CVE-2001-0355 | 1 Novell | 1 Groupwise | 2016-10-18 | 5.0 MEDIUM | N/A |
| Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies. | |||||
| CVE-2001-0367 | 1 Mirabilis | 1 Icq | 2016-10-18 | 5.0 MEDIUM | N/A |
| Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters. | |||||
| CVE-2001-0392 | 1 Navision | 1 Financials Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash. | |||||
| CVE-2001-0393 | 1 Navision | 1 Financials Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Navision Financials Server 2.0 allows remote attackers to cause a denial of service via a series of connections to the server without providing a username/password combination, which consumes the license limits. | |||||