Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1335 | 1 Aclogic | 1 Cesarftp | 2008-09-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot). | |||||
| CVE-2001-1336 | 1 Aclogic | 1 Cesarftp | 2008-09-10 | 7.5 HIGH | N/A |
| CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges. | |||||
| CVE-2001-1369 | 1 Leon J Breedt | 1 Pam-pgsql | 2008-09-10 | 7.5 HIGH | N/A |
| Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields. | |||||
| CVE-2001-1331 | 2 Debian, Progeny | 2 Debian Linux, Debian | 2008-09-10 | 1.2 LOW | N/A |
| mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. | |||||
| CVE-2001-1237 | 1 Peaceworks Computer Consulting | 1 Phormation | 2008-09-10 | 7.5 HIGH | N/A |
| Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable. | |||||
| CVE-2001-1242 | 1 Steve Grimm | 1 Un-cgi | 2008-09-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form. | |||||
| CVE-2001-1239 | 1 Connect Inc. | 1 Powernet Ix | 2008-09-10 | 5.0 MEDIUM | N/A |
| PowerNet IX allows remote attackers to cause a denial of service via a port scan. | |||||
| CVE-2001-1241 | 1 Steve Grimm | 1 Un-cgi | 2008-09-10 | 7.5 HIGH | N/A |
| Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name. | |||||
| CVE-2001-1246 | 1 Php | 1 Php | 2008-09-10 | 7.5 HIGH | N/A |
| PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2001-1248 | 1 Vwebserver | 1 Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20). | |||||
| CVE-2001-1254 | 1 Com2001 | 1 Alexis Server | 2008-09-10 | 7.5 HIGH | N/A |
| Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing. | |||||
| CVE-2001-1249 | 1 Vwebserver | 1 Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names. | |||||
| CVE-2001-1250 | 1 Vwebserver | 1 Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow. | |||||
| CVE-2001-1251 | 2 Max Feoktistov, Vwebserver | 2 Small Http Server, Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
| SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests. | |||||
| CVE-2001-1284 | 1 Ipswitch | 1 Imail | 2008-09-10 | 7.5 HIGH | N/A |
| Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users. | |||||
| CVE-2001-1278 | 1 Zope | 1 Zope | 2008-09-10 | 7.5 HIGH | N/A |
| Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. | |||||
| CVE-2001-1283 | 1 Ipswitch | 1 Imail | 2008-09-10 | 7.5 HIGH | N/A |
| The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code. | |||||
| CVE-2001-1279 | 1 Lbl | 1 Tcpdump | 2008-09-10 | 7.5 HIGH | N/A |
| Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026. | |||||
| CVE-2001-1280 | 1 Ipswitch | 1 Imail | 2008-09-10 | 5.0 MEDIUM | N/A |
| POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system. | |||||
| CVE-2001-1282 | 1 Ipswitch | 1 Imail | 2008-09-10 | 5.0 MEDIUM | N/A |
| Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information. | |||||