National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 126,309 matching records.
Displaying matches 122761 through 122780.
Vuln ID Summary CVSS Severity
CVE-2001-0524

eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0525

Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain privileges via a long first command line argument.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2001-0526

Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2001-0527

DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2001-0528

Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2001-0529

OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2001-0530

Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0533

Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2001-0538

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2001-0548

Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2001-0549

Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2001-0553

SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2001-0554

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2001-0555

ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2001-0557

T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e).

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0558

T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0559

crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2001-0561

Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0562

a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0563

ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large (> 160000 character) strings sent to port 23.

Published: August 14, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM