Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1457 | 1 Nobreak Technologies | 1 Crazywwwboard | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable. | |||||
| CVE-2001-1458 | 1 Novell | 1 Groupwise | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character. | |||||
| CVE-2001-1459 | 1 Openbsd | 1 Openssh | 2017-07-10 | 7.5 HIGH | N/A |
| OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d. | |||||
| CVE-2001-1460 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter. | |||||
| CVE-2001-1461 | 1 Rsa | 1 Securid | 2017-07-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences. | |||||
| CVE-2001-1462 | 1 Rsa | 1 Securid | 2017-07-10 | 7.5 HIGH | N/A |
| WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information. | |||||
| CVE-2001-1464 | 1 Businessobjects | 1 Crystal Reports | 2017-07-10 | 7.5 HIGH | N/A |
| Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords. | |||||
| CVE-2001-1466 | 1 Van Dyke Technologies | 1 Securecrt | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password. | |||||
| CVE-2001-1467 | 1 Don Libes | 1 Expect | 2017-07-10 | 7.5 HIGH | N/A |
| mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks. | |||||
| CVE-2001-1468 | 1 Secure Reality | 1 Phpsecurepages | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2001-1469 | 1 Ssh | 1 Ssh | 2017-07-10 | 5.0 MEDIUM | N/A |
| The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check (CRC) with the CRC of a mask consisting of all the bits of the original message that were modified. | |||||
| CVE-2001-1470 | 1 Ssh | 1 Ssh | 2017-07-10 | 5.0 MEDIUM | N/A |
| The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message. | |||||
| CVE-2001-1471 | 1 Phpbb Group | 1 Phpbb | 2017-07-10 | 4.6 MEDIUM | N/A |
| prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement. | |||||
| CVE-2001-1472 | 1 Phpbb Group | 1 Phpbb | 2017-07-10 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter. | |||||
| CVE-2001-1473 | 1 Ssh | 1 Ssh | 2017-07-10 | 7.5 HIGH | N/A |
| The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target. | |||||
| CVE-2001-1474 | 1 Ssh | 1 Ssh | 2017-07-10 | 5.0 MEDIUM | N/A |
| SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache. | |||||
| CVE-2001-1475 | 1 Ssh | 1 Ssh | 2017-07-10 | 7.5 HIGH | N/A |
| SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated. | |||||
| CVE-2001-1476 | 1 Ssh | 1 Ssh | 2017-07-10 | 7.5 HIGH | N/A |
| SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not. | |||||
| CVE-2001-1477 | 1 Bea | 1 Tuxedo | 2017-07-10 | 4.6 MEDIUM | N/A |
| The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain. | |||||
| CVE-2001-1478 | 1 Caldera | 2 Openunix, Unixware | 2017-07-10 | 7.2 HIGH | N/A |
| Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0.0 allows local users to execute arbitrary code. | |||||