Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1524 | 1 Francisco Burzi | 1 Php-nuke | 2008-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php. | |||||
| CVE-2001-1335 | 1 Aclogic | 1 Cesarftp | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot). | |||||
| CVE-2001-1284 | 1 Ipswitch | 1 Imail | 2008-09-10 | 7.5 HIGH | N/A |
| Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users. | |||||
| CVE-2001-1281 | 1 Ipswitch | 1 Imail | 2008-09-10 | 5.0 MEDIUM | N/A |
| Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form. | |||||
| CVE-2001-1521 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-09-10 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter. | |||||
| CVE-2001-1331 | 2 Debian, Progeny | 2 Debian Linux, Debian | 2008-09-10 | 1.2 LOW | N/A |
| mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. | |||||
| CVE-2001-1322 | 1 Xinetd | 1 Xinetd | 2008-09-10 | 3.6 LOW | N/A |
| xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask. | |||||
| CVE-2001-1280 | 1 Ipswitch | 1 Imail | 2008-09-10 | 5.0 MEDIUM | N/A |
| POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system. | |||||
| CVE-2001-1251 | 2 Max Feoktistov, Vwebserver | 2 Small Http Server, Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests. | |||||
| CVE-2001-1340 | 1 Beck Ipc Gmbh | 1 Ipc At Chip Telnetd Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service. | |||||
| CVE-2001-1512 | 1 Macromedia | 1 Jrun | 2008-09-10 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050. | |||||
| CVE-2001-1552 | 1 Microsoft | 1 Windows Me | 2008-09-10 | 5.0 MEDIUM | N/A |
| ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced. | |||||
| CVE-2001-1336 | 1 Aclogic | 1 Cesarftp | 2008-09-10 | 7.5 HIGH | N/A |
| CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges. | |||||
| CVE-2001-1242 | 1 Steve Grimm | 1 Un-cgi | 2008-09-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form. | |||||
| CVE-2001-1252 | 1 Pgp | 1 Keyserver | 2008-09-10 | 10.0 HIGH | N/A |
| Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory. | |||||
| CVE-2001-1369 | 1 Leon J Breedt | 1 Pam-pgsql | 2008-09-10 | 7.5 HIGH | N/A |
| Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields. | |||||
| CVE-2001-1282 | 1 Ipswitch | 1 Imail | 2008-09-10 | 5.0 MEDIUM | N/A |
| Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information. | |||||
| CVE-2001-1250 | 1 Vwebserver | 1 Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow. | |||||
| CVE-2001-1283 | 1 Ipswitch | 1 Imail | 2008-09-10 | 7.5 HIGH | N/A |
| The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code. | |||||
| CVE-2001-1254 | 1 Com2001 | 1 Alexis Server | 2008-09-10 | 7.5 HIGH | N/A |
| Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing. | |||||