Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1479 | 1 Sun | 1 Management\+center | 2017-07-10 | 2.1 LOW | N/A |
| smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT. | |||||
| CVE-2001-1480 | 2 Apple, Sun | 4 Mac Os Runtime For Java, Jdk, Jre and 1 more | 2017-07-10 | 7.5 HIGH | N/A |
| Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard. | |||||
| CVE-2001-1481 | 1 Imatix | 1 Xitami | 2017-07-10 | 10.0 HIGH | N/A |
| Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges. | |||||
| CVE-2001-1483 | 1 Nrl | 1 Opie | 2017-07-10 | 5.0 MEDIUM | N/A |
| One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist. | |||||
| CVE-2001-1484 | 1 Alcatel | 2 Adsl Modem 1000, Speed Touch Adsl Modem | 2017-07-10 | 7.5 HIGH | N/A |
| Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication. | |||||
| CVE-2001-1487 | 1 Qualcomm | 1 Qpopper | 2017-07-10 | 4.6 MEDIUM | N/A |
| popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option. | |||||
| CVE-2001-1488 | 1 Open Projects Network | 1 Open Projects Network Ircd | 2017-07-10 | 5.0 MEDIUM | N/A |
| Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet. NOTE: a followup post suggests that this is not an issue in the daemon. | |||||
| CVE-2001-1489 | 1 Microsoft | 1 Ie | 2017-07-10 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | |||||
| CVE-2001-1490 | 1 Mozilla | 1 Mozilla | 2017-07-10 | 5.0 MEDIUM | N/A |
| Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | |||||
| CVE-2001-1491 | 1 Opera Software | 1 Opera Web Browser | 2017-07-10 | 5.0 MEDIUM | N/A |
| Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. | |||||
| CVE-2001-1496 | 1 Acme Labs | 1 Thttpd | 2017-07-10 | 7.5 HIGH | N/A |
| Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2001-1499 | 1 Checkpoint | 1 Vpn-1 | 2017-07-10 | 5.0 MEDIUM | N/A |
| Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks. | |||||
| CVE-2001-1502 | 1 Mountain Network Systems | 1 Webcart | 2017-07-10 | 7.5 HIGH | N/A |
| webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the NEXTPAGE parameter. | |||||
| CVE-2001-1504 | 1 Ibm | 1 Lotus Notes | 2017-07-10 | 7.5 HIGH | N/A |
| Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message. | |||||
| CVE-2001-1505 | 1 Tinc | 1 Tinc | 2017-07-10 | 5.0 MEDIUM | N/A |
| tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets. | |||||
| CVE-2001-1506 | 1 Hp | 1 Secure Os | 2017-07-10 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files. | |||||
| CVE-2001-1550 | 1 Centra | 3 Asp, Centraone, Smart Connect | 2017-07-10 | 2.1 LOW | N/A |
| CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users. | |||||
| CVE-2002-1769 | 1 Microsoft | 2 Site Server, Site Server Commerce | 2017-07-10 | 7.5 HIGH | N/A |
| Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the "Log on locally" privilege. | |||||
| CVE-2002-1770 | 1 Qualcomm | 1 Eudora | 2017-07-10 | 5.0 MEDIUM | N/A |
| Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by Internet Explorer. | |||||
| CVE-2002-1771 | 1 Matt Wright | 1 Formmail | 2017-07-10 | 5.0 MEDIUM | N/A |
| Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables. | |||||