|
270751
|
7.5 |
HIGH
|
aeromail
|
aeromail
|
Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
|
NVD-CWE-Other
|
CVE-2002-0411
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270752
|
7.5 |
HIGH
|
rebb
|
rebb
|
Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.
|
NVD-CWE-Other
|
CVE-2002-0413
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270753
|
7.5 |
HIGH
|
freebsd
netbsd
openbsd
|
freebsd
netbsd
openbsd
|
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG…
|
NVD-CWE-Other
|
CVE-2002-0414
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270754
|
1.7 |
LOW
|
realnetworks
|
realplayer
|
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in …
|
NVD-CWE-Other
|
CVE-2002-0415
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270755
|
10.0 |
HIGH
|
sh39
|
mailserver
|
Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port.
|
NVD-CWE-Other
|
CVE-2002-0416
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270756
|
5.0 |
MEDIUM
|
endymion
|
mailman_webmail
|
Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for vario…
|
NVD-CWE-Other
|
CVE-2002-0417
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270757
|
5.0 |
MEDIUM
|
endymion
|
sake_mail
|
Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot)…
|
NVD-CWE-Other
|
CVE-2002-0418
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270758
|
7.5 |
HIGH
|
claymore_systems_inc
|
puretls
|
Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions.
|
NVD-CWE-Other
|
CVE-2002-0420
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270759
|
5.0 |
MEDIUM
|
microsoft
|
windows_nt
|
IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, …
|
NVD-CWE-Other
|
CVE-2002-0421
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270760
|
10.0 |
HIGH
|
efingerd
|
efingerd
|
Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address …
|
NVD-CWE-Other
|
CVE-2002-0423
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270761
|
4.6 |
MEDIUM
|
efingerd
|
efingerd
|
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user …
|
NVD-CWE-Other
|
CVE-2002-0424
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270762
|
5.0 |
MEDIUM
|
khaled_mardam-bey
|
mirc
|
mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or cancel…
|
NVD-CWE-Other
|
CVE-2002-0425
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270763
|
7.5 |
HIGH
|
linksys
|
befvp41
|
VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack…
|
NVD-CWE-Other
|
CVE-2002-0426
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270764
|
10.0 |
HIGH
|
christof_pohl
|
improved_mod_frontpage
|
Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges.
|
NVD-CWE-Other
|
CVE-2002-0427
|
2008-09-6 05:27 |
2002-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270765
|
7.5 |
HIGH
|
les_vanbrunt
|
adrotate_pro
|
get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack.
|
NVD-CWE-Other
|
CVE-2001-1224
|
2008-09-6 05:26 |
2001-12-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270766
|
2.1 |
LOW
|
hughes
|
msql
|
Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.
|
NVD-CWE-Other
|
CVE-2001-1225
|
2008-09-6 05:26 |
2001-12-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270767
|
5.0 |
MEDIUM
|
adcycle
|
adcycle
|
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.
|
NVD-CWE-Other
|
CVE-2001-1226
|
2008-09-6 05:26 |
2001-12-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270768
|
7.5 |
HIGH
|
gallery_project
|
gallery
|
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
|
NVD-CWE-Other
|
CVE-2001-1234
|
2008-09-6 05:26 |
2001-10-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270769
|
10.0 |
HIGH
|
engardelinux
|
secure_linux
|
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
|
NVD-CWE-Other
|
CVE-2001-1240
|
2008-09-6 05:26 |
2001-07-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270770
|
5.0 |
MEDIUM
|
opera_software
|
opera_web_browser
|
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
|
NVD-CWE-Other
|
CVE-2001-1245
|
2008-09-6 05:26 |
2001-07-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270771
|
4.6 |
MEDIUM
|
com2001
|
alexis_server
|
Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users.
|
NVD-CWE-Other
|
CVE-2001-1253
|
2008-09-6 05:26 |
2001-09-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270772
|
5.0 |
MEDIUM
|
avaya
|
argent_office
|
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.
|
NVD-CWE-Other
|
CVE-2001-1259
|
2008-09-6 05:26 |
2001-08-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270773
|
10.0 |
HIGH
|
avaya
|
argent_office
|
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during …
|
NVD-CWE-Other
|
CVE-2001-1260
|
2008-09-6 05:26 |
2001-08-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270774
|
5.0 |
MEDIUM
|
avaya
|
argent_office
|
Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.
|
NVD-CWE-Other
|
CVE-2001-1261
|
2008-09-6 05:26 |
2001-08-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270775
|
7.5 |
HIGH
|
avaya
|
argent_office
|
Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authenticatio…
|
NVD-CWE-Other
|
CVE-2001-1262
|
2008-09-6 05:26 |
2001-08-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270776
|
5.0 |
MEDIUM
|
doug_neal
|
dnhttpd
|
Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'.
|
NVD-CWE-Other
|
CVE-2001-1266
|
2008-09-6 05:26 |
2001-07-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270777
|
2.1 |
LOW
|
gnu
|
tar
|
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
|
NVD-CWE-Other
|
CVE-2001-1267
|
2008-09-6 05:26 |
2001-07-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270778
|
2.1 |
LOW
|
pkware
|
pkzip
|
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option vi…
|
NVD-CWE-Other
|
CVE-2001-1270
|
2008-09-6 05:26 |
2001-07-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270779
|
2.1 |
LOW
|
rarsoft
|
rar
|
Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.
|
NVD-CWE-Other
|
CVE-2001-1271
|
2008-09-6 05:26 |
2001-07-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270780
|
4.6 |
MEDIUM
|
wliang
|
wmtv
|
wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.
|
NVD-CWE-Other
|
CVE-2001-1272
|
2008-09-6 05:26 |
2001-12-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270781
|
2.1 |
LOW
|
linux
|
linux_kernel
|
The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).
|
NVD-CWE-Other
|
CVE-2001-1273
|
2008-09-6 05:26 |
2001-02-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270782
|
7.5 |
HIGH
|
sambar
|
sambar_server
|
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.
|
NVD-CWE-Other
|
CVE-2001-1292
|
2008-09-6 05:26 |
2001-08-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270783
|
5.0 |
MEDIUM
|
grant_averett
|
cerberus_ftp_server
|
Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command.
|
NVD-CWE-Other
|
CVE-2001-1295
|
2008-09-6 05:26 |
2001-08-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270784
|
5.0 |
MEDIUM
|
zorbat
|
zorbstats
|
Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
|
NVD-CWE-Other
|
CVE-2001-1299
|
2008-09-6 05:26 |
2001-10-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270785
|
5.0 |
MEDIUM
|
dynu_systems_inc.
|
dynu_ftp_server
|
Directory traversal vulnerability in Dynu FTP server 1.05 and earlier allows remote attackers to read arbitrary files via a .. in the CD (CWD) command.
|
NVD-CWE-Other
|
CVE-2001-1300
|
2008-09-6 05:26 |
2002-06-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270786
|
1.2 |
LOW
|
gnu
xemacs
|
emacs
xemacs
|
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
|
NVD-CWE-Other
|
CVE-2001-1301
|
2008-09-6 05:26 |
2001-08-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270787
|
5.0 |
MEDIUM
|
nullsoft
|
shoutcast_server
|
Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header.
|
NVD-CWE-Other
|
CVE-2001-1304
|
2008-09-6 05:26 |
2001-08-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270788
|
7.5 |
HIGH
|
sun
|
iplanet_directory_server
|
iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstr…
|
NVD-CWE-Other
|
CVE-2001-1306
|
2008-09-6 05:26 |
2001-07-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270789
|
7.5 |
HIGH
|
critical_path
|
injoin_directory_server
livecontent_directory
|
Buffer overflows in Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstr…
|
NVD-CWE-Other
|
CVE-2001-1314
|
2008-09-6 05:26 |
2001-07-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270790
|
7.5 |
HIGH
|
critical_path
|
injoin_directory_server
livecontent_directory
|
Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed BER encodings, as …
|
NVD-CWE-Other
|
CVE-2001-1315
|
2008-09-6 05:26 |
2001-07-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270791
|
7.5 |
HIGH
|
teamware
|
teamware_office
|
Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstra…
|
NVD-CWE-Other
|
CVE-2001-1317
|
2008-09-6 05:26 |
2001-07-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270792
|
7.5 |
HIGH
|
qualcomm
|
eudora_worldmail_server
|
Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suit…
|
NVD-CWE-Other
|
CVE-2001-1318
|
2008-09-6 05:26 |
2001-07-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270793
|
7.5 |
HIGH
|
oracle
|
internet_directory
|
Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER valu…
|
NVD-CWE-Other
|
CVE-2001-1321
|
2008-09-6 05:26 |
2001-07-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270794
|
7.5 |
HIGH
|
qualcomm
|
eudora
|
Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a…
|
NVD-CWE-Other
|
CVE-2001-1326
|
2008-09-6 05:26 |
2001-05-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270795
|
4.6 |
MEDIUM
|
berkeley_softworks
|
pmake
|
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that a…
|
NVD-CWE-Other
|
CVE-2001-1327
|
2008-09-6 05:26 |
2001-05-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270796
|
7.2 |
HIGH
|
ibm
|
aix
|
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
|
NVD-CWE-Other
|
CVE-2001-1330
|
2008-09-6 05:26 |
2001-06-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270797
|
7.5 |
HIGH
|
easy_software_products
|
cups
|
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
|
NVD-CWE-Other
|
CVE-2001-1332
|
2008-09-6 05:26 |
2001-05-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270798
|
1.2 |
LOW
|
easy_software_products
|
cups
|
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
|
NVD-CWE-Other
|
CVE-2001-1333
|
2008-09-6 05:26 |
2001-05-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270799
|
5.0 |
MEDIUM
|
beck_ipc_gmbh
|
ipc_at_chip_embedded-webserver
|
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request.
|
NVD-CWE-Other
|
CVE-2001-1337
|
2008-09-6 05:26 |
2001-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270800
|
5.0 |
MEDIUM
|
beck_ipc_gmbh
|
ipc_at_chip_telnetd_server
|
Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system.
|
NVD-CWE-Other
|
CVE-2001-1338
|
2008-09-6 05:26 |
2001-05-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
