Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1284 | 1 Ipswitch | 1 Imail | 2008-09-10 | 7.5 HIGH | N/A |
| Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users. | |||||
| CVE-2001-1285 | 1 Ipswitch | 1 Imail | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter. | |||||
| CVE-2001-1286 | 1 Ipswitch | 1 Imail | 2008-09-10 | 7.5 HIGH | N/A |
| Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control. | |||||
| CVE-2001-1287 | 1 Ipswitch | 1 Imail | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2001-1289 | 1 Id Software | 1 Quake 3 Arena | 2008-09-10 | 5.0 MEDIUM | N/A |
| Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters. | |||||
| CVE-2001-1293 | 1 3com | 1 3cr29223 | 2008-09-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request. | |||||
| CVE-2001-1294 | 1 Avtronics | 1 Inetserv | 2008-09-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password. | |||||
| CVE-2001-1296 | 1 Marc Logemann | 1 More.groupware | 2008-09-10 | 5.0 MEDIUM | N/A |
| More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1297 | 1 Actionpoll | 1 Actionpoll | 2008-09-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter. | |||||
| CVE-2001-1298 | 1 Grant Horwood | 1 Webodex | 2008-09-10 | 5.0 MEDIUM | N/A |
| Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1322 | 1 Xinetd | 1 Xinetd | 2008-09-10 | 3.6 LOW | N/A |
| xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask. | |||||
| CVE-2001-1324 | 1 Paul Jarc | 1 Idtools | 2008-09-10 | 4.6 MEDIUM | N/A |
| cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges. | |||||
| CVE-2001-1331 | 2 Debian, Progeny | 2 Debian Linux, Debian | 2008-09-10 | 1.2 LOW | N/A |
| mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. | |||||
| CVE-2001-1335 | 1 Aclogic | 1 Cesarftp | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot). | |||||
| CVE-2001-1336 | 1 Aclogic | 1 Cesarftp | 2008-09-10 | 7.5 HIGH | N/A |
| CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges. | |||||
| CVE-2001-1340 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Telnetd Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service. | |||||
| CVE-2001-1341 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Embedded-webserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program. | |||||
| CVE-2001-1369 | 1 Leon J Breedt | 1 Pam-pgsql | 2008-09-10 | 7.5 HIGH | N/A |
| Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields. | |||||
| CVE-2001-1383 | 1 Redhat | 1 Linux | 2008-09-10 | 6.2 MEDIUM | N/A |
| initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files. | |||||
| CVE-2001-1492 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-1460. Reason: This candidate is a refinement duplicate of CVE-2001-1460. Notes: All CVE users should reference CVE-2001-1460 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2001-1501 | 1 Proftpd Project | 1 Proftpd | 2008-09-10 | 5.0 MEDIUM | N/A |
| The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument. | |||||
| CVE-2001-1507 | 1 Openbsd | 1 Openssh | 2008-09-10 | 7.5 HIGH | N/A |
| OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged. | |||||
| CVE-2001-1512 | 1 Macromedia | 1 Jrun | 2008-09-10 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050. | |||||
| CVE-2001-1513 | 1 Macromedia | 1 Jrun | 2008-09-10 | 7.5 HIGH | N/A |
| Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx. | |||||
| CVE-2001-1521 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-09-10 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter. | |||||
| CVE-2001-1524 | 1 Francisco Burzi | 1 Php-nuke | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php. | |||||
| CVE-2001-1552 | 1 Microsoft | 1 Windows Me | 2008-09-10 | 5.0 MEDIUM | N/A |
| ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced. | |||||
| CVE-2001-0824 | 1 Ibm | 1 Websphere Application Server | 2008-09-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. | |||||
| CVE-2001-0826 | 1 Aclogic | 1 Cesarftp | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS, (4) PORT, (5) DELE, (6) REST, (7) RMD, or (8) MKD. | |||||
| CVE-2001-0827 | 1 Grant Averett | 1 Ceberus Ftp Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests. | |||||
| CVE-2001-0829 | 1 Apache | 1 Tomcat | 2008-09-10 | 5.1 MEDIUM | N/A |
| A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message. | |||||
| CVE-2001-0890 | 1 Sane | 1 Sane | 2008-09-10 | 2.1 LOW | N/A |
| Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files. | |||||
| CVE-2001-0935 | 1 Washington University | 1 Wu-ftpd | 2008-09-10 | 7.5 HIGH | N/A |
| Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550. | |||||
| CVE-2001-1049 | 1 Paul M. Jones | 1 Phorecast | 2008-09-10 | 7.5 HIGH | N/A |
| Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1054 | 1 Phpadsnew | 1 Phpadsnew | 2008-09-10 | 7.5 HIGH | N/A |
| PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1062 | 1 Caldera | 1 Openserver | 2008-09-10 | 7.2 HIGH | N/A |
| Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code. | |||||
| CVE-2001-1121 | 1 Macromedia | 1 Jrun | 2008-09-10 | 7.5 HIGH | N/A |
| DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-2001-1084. | |||||
| CVE-2001-1134 | 1 Xerox | 1 Docuprint N40 | 2008-09-10 | 5.0 MEDIUM | N/A |
| Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm. | |||||
| CVE-2001-1145 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2008-09-10 | 6.2 MEDIUM | N/A |
| fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories. | |||||
| CVE-2001-1153 | 1 Caldera | 1 Openunix | 2008-09-10 | 7.2 HIGH | N/A |
| lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument. | |||||
| CVE-2001-1167 | 2008-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-0976. Reason: This candidate is a duplicate of CVE-2001-0976. Notes: CVE-2001-0976 should be used instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2001-1168 | 1 Phpmyexplorer | 2 Phpmyexplorer Classic, Phpmyexplorer Multiuser | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter. | |||||
| CVE-2001-1173 | 1 Masqmail | 1 Masqmail | 2008-09-10 | 7.2 HIGH | N/A |
| Vulnerability in MasqMail before 0.1.15 allows local users to gain privileges via piped aliases. | |||||
| CVE-2001-1187 | 1 Mutasem Abudahab | 2 Csvform, Csvform Plus | 2008-09-10 | 7.5 HIGH | N/A |
| csvform.pl 0.1 allows remote attackers to execute arbitrary commands via metacharacters in the file parameter. | |||||
| CVE-2001-1195 | 1 Novell | 1 Groupwise | 2008-09-10 | 7.5 HIGH | N/A |
| Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges. | |||||
| CVE-2001-1210 | 1 Cisco | 3 Ubr920, Ubr924, Ubr925 | 2008-09-10 | 6.4 MEDIUM | N/A |
| Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings. | |||||
| CVE-2001-1212 | 1 Aktivate | 1 Aktivate | 2008-09-10 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter. | |||||
| CVE-2001-1213 | 1 Datawizard | 1 Ftpxq | 2008-09-10 | 6.4 MEDIUM | N/A |
| The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder. | |||||
| CVE-2001-1214 | 1 Marcus S. Xenakis | 1 Unix Manual | 2008-09-10 | 7.5 HIGH | N/A |
| manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters. | |||||
| CVE-2001-1215 | 1 Michael Baumer | 1 Pfinger | 2008-09-10 | 7.5 HIGH | N/A |
| Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file. | |||||