Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1191 | 1 Ibm | 1 Tivoli Secureway Policy Director | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e. | |||||
| CVE-2001-1199 | 1 Steve Kneizys | 1 Agora.cgi | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter. | |||||
| CVE-2001-1200 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 7.2 HIGH | N/A |
| Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. | |||||
| CVE-2001-1207 | 1 Daydream | 1 Daydream Bbs | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA. | |||||
| CVE-2001-1211 | 1 Ipswitch | 1 Imail | 2008-09-05 | 7.5 HIGH | N/A |
| Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain. | |||||
| CVE-2001-1216 | 1 Oracle | 1 Application Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. | |||||
| CVE-2001-1217 | 1 Oracle | 1 Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences. | |||||
| CVE-2001-1220 | 1 D-link | 1 Dwl-1000ap | 2008-09-05 | 10.0 HIGH | N/A |
| D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. | |||||
| CVE-2001-1221 | 1 D-link | 1 Dwl-1000ap | 2008-09-05 | 5.0 MEDIUM | N/A |
| D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information. | |||||
| CVE-2001-1222 | 1 Plesk | 1 Plesk Server Administrator | 2008-09-05 | 5.0 MEDIUM | N/A |
| Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain. | |||||
| CVE-2001-1223 | 1 Elsa | 1 Lancom 1100 Office | 2008-09-05 | 10.0 HIGH | N/A |
| The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server. | |||||
| CVE-2001-0395 | 1 Lightwave | 1 Consoleserver | 2008-09-05 | 7.5 HIGH | N/A |
| Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing. | |||||
| CVE-2001-0396 | 1 Lightwave | 1 Consoleserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users. | |||||
| CVE-2001-0397 | 1 Silent Runner | 1 Silent Runner Collector Src | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long SMTP HELO command. | |||||
| CVE-2001-0398 | 1 Ritlabs | 1 The Bat | 2008-09-05 | 7.5 HIGH | N/A |
| The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon. | |||||
| CVE-2001-0400 | 1 Matt Tourtillott | 1 Nph-maillist | 2008-09-05 | 7.5 HIGH | N/A |
| nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address. | |||||
| CVE-2001-0406 | 1 Samba | 1 Samba | 2008-09-05 | 2.1 LOW | N/A |
| Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient. | |||||
| CVE-2001-0418 | 1 Ncm | 1 Ncm Content Management System | 2008-09-05 | 5.0 MEDIUM | N/A |
| content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter. | |||||
| CVE-2001-0420 | 1 Way To The Web | 1 Talkback | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter. | |||||
| CVE-2001-0425 | 1 Adcycle | 1 Adcycle | 2008-09-05 | 7.5 HIGH | N/A |
| AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information. | |||||