Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1191 | 1 Ibm | 1 Tivoli Secureway Policy Director | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e. | |||||
| CVE-2001-1152 | 1 Baltimore Technologies | 1 Websweeper | 2008-09-05 | 7.5 HIGH | N/A |
| Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters. | |||||
| CVE-2001-1169 | 1 Bell Communications Research | 1 S Key | 2008-09-05 | 7.5 HIGH | N/A |
| keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo. | |||||
| CVE-2001-1156 | 1 Typsoft | 1 Typsoft Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR. | |||||
| CVE-2001-1216 | 1 Oracle | 1 Application Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. | |||||
| CVE-2001-1159 | 1 Squirrelmail | 1 Squirrelmail | 2008-09-05 | 7.5 HIGH | N/A |
| load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. | |||||
| CVE-2001-0866 | 1 Cisco | 1 12000 Router | 2008-09-05 | 7.5 HIGH | N/A |
| Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls. | |||||
| CVE-2001-1061 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error. | |||||
| CVE-2001-1039 | 1 Hp | 1 Jetadmin | 2008-09-05 | 7.5 HIGH | N/A |
| The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to the printer. | |||||
| CVE-2001-0973 | 1 Fraunhofer Fit | 1 Bscw | 2008-09-05 | 6.4 MEDIUM | N/A |
| BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space. | |||||
| CVE-2001-1006 | 1 Starfish | 1 Truesync Desktop | 2008-09-05 | 5.0 MEDIUM | N/A |
| Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application. | |||||
| CVE-2001-1161 | 1 Lotus | 1 Domino R5 Server | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script. | |||||
| CVE-2001-1004 | 1 Gnutella | 1 Gnutella Client | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags. | |||||
| CVE-2001-1028 | 1 Redhat | 1 Linux | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges. | |||||
| CVE-2001-1185 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 6.2 MEDIUM | N/A |
| Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges. | |||||
| CVE-2001-1220 | 1 D-link | 1 Dwl-1000ap | 2008-09-05 | 10.0 HIGH | N/A |
| D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. | |||||
| CVE-2001-0971 | 1 Aci | 1 4d Webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. | |||||
| CVE-2001-1164 | 1 Caldera | 1 Unixware | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt. | |||||
| CVE-2001-1110 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2008-09-05 | 5.0 MEDIUM | N/A |
| EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection. | |||||
| CVE-2001-1217 | 1 Oracle | 1 Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences. | |||||