250501
|
5.0 |
MEDIUM
|
avtronics
|
inetserv
|
Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password.
|
NVD-CWE-Other
|
CVE-2001-1294
|
2008-09-11 04:10 |
2001-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250502
|
5.0 |
MEDIUM
|
marc_logemann
|
more.groupware
|
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
|
NVD-CWE-Other
|
CVE-2001-1296
|
2008-09-11 04:10 |
2001-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250503
|
7.5 |
HIGH
|
actionpoll
|
actionpoll
|
PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.
|
NVD-CWE-Other
|
CVE-2001-1297
|
2008-09-11 04:10 |
2001-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250504
|
5.0 |
MEDIUM
|
grant_horwood
|
webodex
|
Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
|
NVD-CWE-Other
|
CVE-2001-1298
|
2008-09-11 04:10 |
2001-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250505
|
3.6 |
LOW
|
xinetd
|
xinetd
|
xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe …
|
NVD-CWE-Other
|
CVE-2001-1322
|
2008-09-11 04:10 |
2001-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250506
|
4.6 |
MEDIUM
|
paul_jarc
|
idtools
|
cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID…
|
NVD-CWE-Other
|
CVE-2001-1324
|
2008-09-11 04:10 |
2001-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250507
|
1.2 |
LOW
|
debian progeny
|
debian_linux debian
|
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
|
NVD-CWE-Other
|
CVE-2001-1331
|
2008-09-11 04:10 |
2001-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250508
|
5.0 |
MEDIUM
|
aclogic
|
cesarftp
|
Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modifie…
|
NVD-CWE-Other
|
CVE-2001-1335
|
2008-09-11 04:10 |
2001-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250509
|
7.5 |
HIGH
|
aclogic
|
cesarftp
|
CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.
|
NVD-CWE-Other
|
CVE-2001-1336
|
2008-09-11 04:10 |
2001-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250510
|
5.0 |
MEDIUM
|
beck_ipc_gmbh
|
ipc_at_chip_telnetd_server
|
Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator acc…
|
NVD-CWE-Other
|
CVE-2001-1340
|
2008-09-11 04:10 |
2002-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250511
|
5.0 |
MEDIUM
|
beck_ipc_gmbh
|
ipc_at_chip_embedded-webserver
|
The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program.
|
NVD-CWE-Other
|
CVE-2001-1341
|
2008-09-11 04:10 |
2001-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250512
|
7.5 |
HIGH
|
leon_j_breedt
|
pam-pgsql
|
Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password f…
|
NVD-CWE-Other
|
CVE-2001-1369
|
2008-09-11 04:10 |
2001-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250513
|
6.2 |
MEDIUM
|
redhat
|
linux
|
initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.
|
NVD-CWE-Other
|
CVE-2001-1383
|
2008-09-11 04:10 |
2001-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250514
|
5.0 |
MEDIUM
|
proftpd_project
|
proftpd
|
The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and …
|
NVD-CWE-Other
|
CVE-2001-1501
|
2008-09-11 04:10 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250515
|
7.5 |
HIGH
|
openbsd
|
openssh
|
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
|
NVD-CWE-Other
|
CVE-2001-1507
|
2008-09-11 04:10 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250516
|
6.4 |
MEDIUM
|
macromedia
|
jrun
|
Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050.
|
NVD-CWE-Other
|
CVE-2001-1512
|
2008-09-11 04:10 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250517
|
7.5 |
HIGH
|
macromedia
|
jrun
|
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trai…
|
NVD-CWE-Other
|
CVE-2001-1513
|
2008-09-11 04:10 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250518
|
2.6 |
LOW
|
postnuke_software_foundation
|
postnuke
|
Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.
|
NVD-CWE-Other
|
CVE-2001-1521
|
2008-09-11 04:10 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250519
|
4.3 |
MEDIUM
|
francisco_burzi
|
php-nuke
|
Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and f…
|
NVD-CWE-Other
|
CVE-2001-1524
|
2008-09-11 04:10 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250520
|
5.0 |
MEDIUM
|
microsoft
|
windows_me
|
ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the origi…
|
NVD-CWE-Other
|
CVE-2001-1552
|
2008-09-11 04:10 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250521
|
7.5 |
HIGH
|
ibm
|
websphere_application_server
|
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to …
|
NVD-CWE-Other
|
CVE-2001-0824
|
2008-09-11 04:09 |
2001-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250522
|
5.0 |
MEDIUM
|
grant_averett
|
ceberus_ftp_server
|
Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.
|
NVD-CWE-Other
|
CVE-2001-0827
|
2008-09-11 04:09 |
2001-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250523
|
5.1 |
MEDIUM
|
apache
|
tomcat
|
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error mes…
|
NVD-CWE-Other
|
CVE-2001-0829
|
2008-09-11 04:09 |
2001-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250524
|
2.1 |
LOW
|
sane
|
sane
|
Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.
|
NVD-CWE-Other
|
CVE-2001-0890
|
2008-09-11 04:09 |
2001-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250525
|
7.5 |
HIGH
|
washington_university
|
wu-ftpd
|
Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.
|
NVD-CWE-Other
|
CVE-2001-0935
|
2008-09-11 04:09 |
2001-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250526
|
7.5 |
HIGH
|
paul_m._jones
|
phorecast
|
Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
|
NVD-CWE-Other
|
CVE-2001-1049
|
2008-09-11 04:09 |
2001-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250527
|
7.5 |
HIGH
|
phpadsnew
|
phpadsnew
|
PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
|
NVD-CWE-Other
|
CVE-2001-1054
|
2008-09-11 04:09 |
2001-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250528
|
7.2 |
HIGH
|
caldera
|
openserver
|
Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code.
|
NVD-CWE-Other
|
CVE-2001-1062
|
2008-09-11 04:09 |
2001-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250529
|
5.0 |
MEDIUM
|
xerox
|
docuprint_n40
|
Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm.
|
NVD-CWE-Other
|
CVE-2001-1134
|
2008-09-11 04:09 |
2001-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250530
|
6.2 |
MEDIUM
|
freebsd netbsd openbsd
|
freebsd netbsd openbsd
|
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current…
|
NVD-CWE-Other
|
CVE-2001-1145
|
2008-09-11 04:09 |
2001-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250531
|
7.2 |
HIGH
|
caldera
|
openunix
|
lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument.
|
NVD-CWE-Other
|
CVE-2001-1153
|
2008-09-11 04:09 |
2001-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250532
|
5.0 |
MEDIUM
|
phpmyexplorer
|
phpmyexplorer_classic phpmyexplorer_multiuser
|
Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter.
|
NVD-CWE-Other
|
CVE-2001-1168
|
2008-09-11 04:09 |
2001-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250533
|
7.2 |
HIGH
|
masqmail
|
masqmail
|
Vulnerability in MasqMail before 0.1.15 allows local users to gain privileges via piped aliases.
|
NVD-CWE-Other
|
CVE-2001-1173
|
2008-09-11 04:09 |
2001-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250534
|
7.5 |
HIGH
|
mutasem_abudahab
|
csvform csvform_plus
|
csvform.pl 0.1 allows remote attackers to execute arbitrary commands via metacharacters in the file parameter.
|
NVD-CWE-Other
|
CVE-2001-1187
|
2008-09-11 04:09 |
2001-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250535
|
7.5 |
HIGH
|
novell
|
groupwise
|
Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.
|
NVD-CWE-Other
|
CVE-2001-1195
|
2008-09-11 04:09 |
2001-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250536
|
6.4 |
MEDIUM
|
cisco
|
ubr920 ubr924 ubr925
|
Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read…
|
NVD-CWE-Other
|
CVE-2001-1210
|
2008-09-11 04:09 |
2001-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250537
|
5.0 |
MEDIUM
|
aktivate
|
aktivate
|
Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.
|
NVD-CWE-Other
|
CVE-2001-1212
|
2008-09-11 04:09 |
2001-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250538
|
6.4 |
MEDIUM
|
datawizard
|
ftpxq
|
The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder.
|
NVD-CWE-Other
|
CVE-2001-1213
|
2008-09-11 04:09 |
2001-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250539
|
7.5 |
HIGH
|
marcus_s._xenakis
|
unix_manual
|
manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters.
|
NVD-CWE-Other
|
CVE-2001-1214
|
2008-09-11 04:09 |
2001-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250540
|
7.5 |
HIGH
|
michael_baumer
|
pfinger
|
Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.
|
NVD-CWE-Other
|
CVE-2001-1215
|
2008-09-11 04:09 |
2001-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250541
|
2.1 |
LOW
|
microsoft
|
ie
|
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizin…
|
NVD-CWE-Other
|
CVE-2001-1218
|
2008-09-11 04:09 |
2001-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250542
|
7.5 |
HIGH
|
gnu
|
gzip
|
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
|
NVD-CWE-Other
|
CVE-2001-1228
|
2008-09-11 04:09 |
2001-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250543
|
7.5 |
HIGH
|
derek_leung
|
pslash
|
pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
|
NVD-CWE-Other
|
CVE-2001-1235
|
2008-09-11 04:09 |
2001-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250544
|
7.5 |
HIGH
|
sebastian_bunka
|
myphppagetool
|
myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
|
NVD-CWE-Other
|
CVE-2001-1236
|
2008-09-11 04:09 |
2001-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250545
|
5.0 |
MEDIUM
|
ibm
|
aix_snmp
|
AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection.
|
NVD-CWE-Other
|
CVE-2001-0487
|
2008-09-11 04:08 |
2001-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250546
|
5.0 |
MEDIUM
|
oracle
|
oracle8i
|
Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offse…
|
NVD-CWE-Other
|
CVE-2001-0498
|
2008-09-11 04:08 |
2001-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250547
|
5.0 |
MEDIUM
|
oracle
|
database_server oracle8i
|
Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.
|
NVD-CWE-Other
|
CVE-2001-0515
|
2008-09-11 04:08 |
2001-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250548
|
5.0 |
MEDIUM
|
oracle
|
oracle8i oracle9i
|
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does no…
|
NVD-CWE-Other
|
CVE-2001-0516
|
2008-09-11 04:08 |
2001-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250549
|
10.0 |
HIGH
|
lucent merit
|
radius
|
Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands.
|
NVD-CWE-Other
|
CVE-2001-0534
|
2008-09-11 04:08 |
2001-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250550
|
7.2 |
HIGH
|
nedit
|
nedit
|
The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or p…
|
NVD-CWE-Other
|
CVE-2001-0556
|
2008-09-11 04:08 |
2001-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|