Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0378 | 1 Astart Technologies | 1 Lprng | 2008-09-10 | 7.5 HIGH | N/A |
The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts. | |||||
CVE-2002-0384 | 1 Rob Flynn | 1 Gaim | 2008-09-10 | 7.5 HIGH | N/A |
Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code. | |||||
CVE-2002-0386 | 1 Oracle | 1 Application Server | 2008-09-10 | 5.0 MEDIUM | N/A |
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. | |||||
CVE-2002-0400 | 1 Isc | 1 Bind | 2008-09-10 | 5.0 MEDIUM | N/A |
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype. | |||||
CVE-2001-1237 | 1 Peaceworks Computer Consulting | 1 Phormation | 2008-09-10 | 7.5 HIGH | N/A |
Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable. | |||||
CVE-2001-1239 | 1 Connect Inc. | 1 Powernet Ix | 2008-09-10 | 5.0 MEDIUM | N/A |
PowerNet IX allows remote attackers to cause a denial of service via a port scan. | |||||
CVE-2001-1241 | 1 Steve Grimm | 1 Un-cgi | 2008-09-10 | 7.5 HIGH | N/A |
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name. | |||||
CVE-2001-1242 | 1 Steve Grimm | 1 Un-cgi | 2008-09-10 | 7.5 HIGH | N/A |
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form. | |||||
CVE-2001-1246 | 1 Php | 1 Php | 2008-09-10 | 7.5 HIGH | N/A |
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters. | |||||
CVE-2001-1248 | 1 Vwebserver | 1 Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20). | |||||
CVE-2001-1249 | 1 Vwebserver | 1 Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names. | |||||
CVE-2001-1250 | 1 Vwebserver | 1 Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow. | |||||
CVE-2001-1251 | 2 Max Feoktistov, Vwebserver | 2 Small Http Server, Vwebserver | 2008-09-10 | 5.0 MEDIUM | N/A |
SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests. | |||||
CVE-2001-1252 | 1 Pgp | 1 Keyserver | 2008-09-10 | 10.0 HIGH | N/A |
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory. | |||||
CVE-2001-1254 | 1 Com2001 | 1 Alexis Server | 2008-09-10 | 7.5 HIGH | N/A |
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing. | |||||
CVE-2001-1278 | 1 Zope | 1 Zope | 2008-09-10 | 7.5 HIGH | N/A |
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. | |||||
CVE-2001-1279 | 1 Lbl | 1 Tcpdump | 2008-09-10 | 7.5 HIGH | N/A |
Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026. | |||||
CVE-2001-1280 | 1 Ipswitch | 1 Imail | 2008-09-10 | 5.0 MEDIUM | N/A |
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system. | |||||
CVE-2001-1281 | 1 Ipswitch | 1 Imail | 2008-09-10 | 5.0 MEDIUM | N/A |
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form. | |||||
CVE-2001-1282 | 1 Ipswitch | 1 Imail | 2008-09-10 | 5.0 MEDIUM | N/A |
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information. |