Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1003 | 1 Webct | 1 Respondus | 2016-10-17 | 4.6 MEDIUM | N/A |
| Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges. | |||||
| CVE-2001-1041 | 1 Oracle | 1 Database Server | 2016-10-17 | 2.1 LOW | N/A |
| oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable. | |||||
| CVE-2001-1196 | 1 Webmin | 1 Webmin | 2016-10-17 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument. | |||||
| CVE-2001-1201 | 1 Timecop | 1 Wmcube Gdk | 2016-10-17 | 7.2 HIGH | N/A |
| Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file. | |||||
| CVE-2001-1202 | 1 Delegate | 1 Delegate | 2016-10-17 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error. | |||||
| CVE-2001-1205 | 1 Matrixs Cgi Vault | 1 Last Lines | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable. | |||||
| CVE-2001-1206 | 1 Matrixs Cgi Vault | 1 Last Lines | 2016-10-17 | 7.5 HIGH | N/A |
| Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $error_log variable. | |||||
| CVE-2001-1208 | 1 Daydream | 1 Daydream Bbs | 2016-10-17 | 7.5 HIGH | N/A |
| Format string vulnerability in DayDream BBS allows remote attackers to execute arbitrary code via format string specifiers in a file containing a ~#RA control code. | |||||
| CVE-2001-1229 | 2 Icecast, Libshout | 2 Icecast, Libshout | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. | |||||
| CVE-2001-1230 | 1 Icecast | 1 Icecast | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. | |||||
| CVE-2001-1276 | 1 Itcorp | 1 Ispell | 2016-10-17 | 1.2 LOW | N/A |
| ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file. | |||||
| CVE-2001-1277 | 1 Wolfram Schneider | 1 Makewhatis | 2016-10-17 | 2.1 LOW | N/A |
| makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters. | |||||
| CVE-2001-1305 | 1 Mirabilis | 1 Icq | 2016-10-17 | 5.0 MEDIUM | N/A |
| ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer. | |||||
| CVE-2001-1334 | 1 Phpslash | 1 Phpslash | 2016-10-17 | 5.0 MEDIUM | N/A |
| Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL. | |||||
| CVE-2001-1350 | 1 Namazu | 1 Namazu | 2016-10-17 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter. | |||||
| CVE-2001-1353 | 1 Aladdin Enterprises | 1 Ghostscript | 2016-10-17 | 2.6 LOW | N/A |
| ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled. | |||||
| CVE-2001-1370 | 1 Phplib Team | 1 Phplib | 2016-10-17 | 10.0 HIGH | N/A |
| prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib. | |||||
| CVE-2001-1371 | 1 Oracle | 1 Application Server | 2016-10-17 | 7.5 HIGH | N/A |
| The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | |||||
| CVE-2001-1384 | 1 Linux | 1 Linux Kernel | 2016-10-17 | 7.2 HIGH | N/A |
| ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp. | |||||
| CVE-2001-1385 | 2 Mandrakesoft, Php | 2 Mandrake Linux, Php | 2016-10-17 | 5.0 MEDIUM | N/A |
| The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. | |||||