Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1532 | 1 Web Crossing | 1 Webx | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebX stores authentication information in the HTTP_REFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions. | |||||
| CVE-2001-1533 | 1 Microsoft | 1 Isa Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE. | |||||
| CVE-2001-1534 | 1 Apache | 1 Http Server | 2008-09-05 | 2.1 LOW | N/A |
| mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication. | |||||
| CVE-2001-1535 | 1 Open Source Development Network | 1 Slashcode | 2008-09-05 | 4.6 MEDIUM | N/A |
| Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack. | |||||
| CVE-2001-1536 | 1 Autogalaxy | 1 Autogalaxy | 2008-09-05 | 5.0 MEDIUM | N/A |
| Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack. | |||||
| CVE-2001-1537 | 1 Twig | 1 Webmail | 2008-09-05 | 5.0 MEDIUM | N/A |
| The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. | |||||
| CVE-2001-1538 | 1 Speedxess | 1 Ha-120 Dsl Router | 2008-09-05 | 7.5 HIGH | N/A |
| SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access. | |||||
| CVE-2001-1540 | 1 David F. Mischler | 1 Iproute | 2008-09-05 | 5.0 MEDIUM | N/A |
| IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a denial of service via fragmented IP packets that split the TCP header. | |||||
| CVE-2001-1541 | 1 Bsdi | 1 Bsd Os | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2001-1543 | 1 Axis | 5 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 2 more | 2008-09-05 | 7.5 HIGH | N/A |
| Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera. | |||||
| CVE-2001-1544 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. | |||||
| CVE-2001-1545 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
| Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing. | |||||
| CVE-2001-1546 | 1 Mckesson | 1 Pathways Homecare | 2008-09-05 | 4.6 MEDIUM | N/A |
| Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file. | |||||
| CVE-2001-1547 | 1 Microsoft | 1 Outlook Express | 2008-09-05 | 7.5 HIGH | N/A |
| Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code. | |||||
| CVE-2001-1548 | 1 Zonelabs | 1 Zonealarm | 2008-09-05 | 2.1 LOW | N/A |
| ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. | |||||
| CVE-2001-1549 | 1 Tiny Software | 1 Tiny Personal Firewall | 2008-09-05 | 2.1 LOW | N/A |
| Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. | |||||
| CVE-2001-1551 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 2.1 LOW | N/A |
| Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs. | |||||
| CVE-2001-1553 | 1 University Of California | 1 Seti At Home | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, could allow local users to execute arbitrary code via long command line options (1) socks_server, (2) socks_user, and (3) socks_passwd. NOTE: since the default configuration of setiathome is not setuid, perhaps this issue should not be included in CVE. | |||||
| CVE-2001-1554 | 1 Ibm | 1 Aix | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets. | |||||
| CVE-2001-1557 | 1 Ibm | 1 Aix | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges. | |||||
| CVE-2001-1558 | 1 Snort | 1 Snort | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 allows attackers to cause a denial of service (crash). | |||||
| CVE-2001-1559 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 2.1 LOW | N/A |
| The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference. | |||||
| CVE-2001-1561 | 2 Debian, John Bovey | 2 Debian Linux, Xvt | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments. | |||||
| CVE-2001-1565 | 1 Apple | 1 Mac Os X | 2008-09-05 | 2.1 LOW | N/A |
| Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command. | |||||
| CVE-2001-1566 | 2 Vanessa, Verge | 2 Vanessa Logger, Perdition | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in libvanessa_logger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the __vanessa_logger_log function. | |||||
| CVE-2001-1568 | 1 Cmg | 1 Wap Gateway | 2008-09-05 | 6.4 MEDIUM | N/A |
| CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. | |||||
| CVE-2001-1569 | 1 Cmg | 1 Openwave Wap Gateway | 2008-09-05 | 6.4 MEDIUM | N/A |
| Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack. | |||||
| CVE-2001-1570 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 2.1 LOW | N/A |
| Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out. | |||||
| CVE-2001-1571 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing. | |||||
| CVE-2001-1572 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 7.5 HIGH | N/A |
| The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets. | |||||
| CVE-2001-1573 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter. | |||||
| CVE-2001-1574 | 1 Trend Micro | 1 Interscan Viruswall | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code. | |||||
| CVE-2001-1576 | 1 Caldera | 1 Unixware | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument. | |||||
| CVE-2001-1578 | 1 Sco | 1 Openserver | 2008-09-05 | 2.1 LOW | N/A |
| Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local users to modify critical information such as certain CPU registers and segment descriptors. | |||||
| CVE-2001-1579 | 1 Sco | 2 Open Unix, Unixware | 2008-09-05 | 5.0 MEDIUM | N/A |
| The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service. | |||||
| CVE-2002-0017 | 1 Sgi | 1 Irix | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request. | |||||
| CVE-2002-0031 | 1 Yahoo | 1 Messenger | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend. | |||||
| CVE-2001-0840 | 1 Compaq | 1 Insight Manager Xe | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI. | |||||
| CVE-2001-0866 | 1 Cisco | 1 12000 Router | 2008-09-05 | 7.5 HIGH | N/A |
| Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls. | |||||
| CVE-2001-0943 | 1 Oracle | 1 Database Server | 2008-09-05 | 7.2 HIGH | N/A |
| dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs. | |||||
| CVE-2001-0965 | 1 Glftpd | 1 Glftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters. | |||||
| CVE-2001-0966 | 1 Nudester.org | 1 Nudester | 2008-09-05 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command. | |||||
| CVE-2001-0967 | 1 Knox Software | 1 Arkeia | 2008-09-05 | 7.5 HIGH | N/A |
| Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing. | |||||
| CVE-2001-0968 | 1 Knox Software | 1 Arkeia | 2008-09-05 | 10.0 HIGH | N/A |
| Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges. | |||||
| CVE-2001-0971 | 1 Aci | 1 4d Webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. | |||||
| CVE-2001-0973 | 1 Fraunhofer Fit | 1 Bscw | 2008-09-05 | 6.4 MEDIUM | N/A |
| BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space. | |||||
| CVE-2001-0976 | 1 Hp | 1 Process Resource Manager | 2008-09-05 | 7.2 HIGH | N/A |
| Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables. | |||||
| CVE-2001-0978 | 1 Hp | 1 Hp-ux | 2008-09-05 | 7.5 HIGH | N/A |
| login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program. | |||||
| CVE-2001-0989 | 1 Richard Everitt | 1 Pileup | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign. | |||||
| CVE-2001-1004 | 1 Gnutella | 1 Gnutella Client | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags. | |||||