Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-0979 | 1 Hp | 1 Hp-ux | 2017-12-18 | 7.2 HIGH | N/A |
| Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument. | |||||
| CVE-2001-0223 | 1 Spawar.navy.mil | 1 Wwwwais.25.c | 2017-12-18 | 10.0 HIGH | N/A |
| Buffer overflow in wwwwais allows remote attackers to execute arbitrary commands via a long QUERY_STRING (HTTP GET request). | |||||
| CVE-1999-1289 | 1 Mirabilis | 1 Icq | 2017-12-18 | 7.5 HIGH | N/A |
| ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through NAT), which provides remote attackers with potentially sensitive information about the client or the internal network configuration. | |||||
| CVE-1999-1291 | 1 Microsoft | 2 Windows 95, Windows Nt | 2017-12-18 | 5.0 MEDIUM | N/A |
| TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means, obtaining the target's last sequence number from the resulting packet, then spoofing a reset to the target. | |||||
| CVE-2001-0598 | 1 Symantec | 1 Norton Ghost | 2017-12-18 | 5.0 MEDIUM | N/A |
| Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled. | |||||
| CVE-2001-0492 | 1 Netcruiser Software | 1 Netcruiser Web Server | 2017-12-18 | 5.0 MEDIUM | N/A |
| Netcruiser Web server version 0.1.2.8 and earlier allows remote attackers to determine the physical path of the server via a URL containing (1) con, (2) com2, or (3) com3. | |||||
| CVE-2001-0985 | 1 Hassan Consulting | 1 Shopping Cart | 2017-12-18 | 7.5 HIGH | N/A |
| shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter. | |||||
| CVE-2001-0986 | 1 Microsoft | 1 Index Server | 2017-12-18 | 5.0 MEDIUM | N/A |
| SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. | |||||
| CVE-1999-1153 | 1 Hamcards Postcard Cgi | 1 Hamcards Postcard Cgi | 2017-12-18 | 7.5 HIGH | N/A |
| HAMcards Postcard CGI script 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address. | |||||
| CVE-2001-0988 | 1 Knox Software | 1 Arkeia | 2017-12-18 | 7.2 HIGH | N/A |
| Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information. | |||||
| CVE-2001-0817 | 1 Hp | 1 Hp-ux | 2017-12-18 | 10.0 HIGH | N/A |
| Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request. | |||||
| CVE-2001-0645 | 1 Axent | 1 Netprowler | 2017-12-18 | 7.5 HIGH | N/A |
| Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password. | |||||
| CVE-2000-0772 | 1 Tumbleweed | 1 Messaging Management System | 2017-12-18 | 7.5 HIGH | N/A |
| The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account "sa" with no password. | |||||
| CVE-2001-0990 | 1 Inter7 | 1 Vpopmail | 2017-12-18 | 4.6 MEDIUM | N/A |
| Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library. | |||||
| CVE-2001-0991 | 1 Scott R. Lemmon | 1 Proxomitron Naoko-4 | 2017-12-18 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message. | |||||
| CVE-2001-0992 | 1 Kabotie Software Technologies | 1 Shopplus Cart | 2017-12-18 | 7.5 HIGH | N/A |
| shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter. | |||||
| CVE-1999-1312 | 1 Dec | 2 Dec Openvms Axp, Dec Openvms Vax | 2017-12-18 | 7.2 HIGH | N/A |
| Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP 1.0, allows local users to gain system privileges. | |||||
| CVE-2001-0994 | 1 Marconi | 1 Forethought | 2017-12-18 | 5.0 MEDIUM | N/A |
| Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents others from logging into the device. | |||||
| CVE-1999-1313 | 1 Freebsd | 1 Freebsd | 2017-12-18 | 4.6 MEDIUM | N/A |
| Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands. | |||||
| CVE-2000-0880 | 1 Plus Technologies | 1 Lpplus | 2017-12-18 | 3.6 LOW | N/A |
| LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file. | |||||