National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 126,134 matching records.
Displaying matches 122801 through 122820.
Vuln ID Summary CVSS Severity
CVE-2001-1085

Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Published: July 05, 2001; 12:00:00 AM -04:00
    V2: 3.7 LOW
CVE-2001-1087

The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device.

Published: July 05, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-1408

Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.

Published: July 05, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1075

poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.

Published: July 04, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1086

XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.

Published: July 04, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-1243

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.

Published: July 04, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1266

Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'.

Published: July 03, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0238

Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0239

Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0262

Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0327

iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0354

TheNet CheckBO 1.56 allows remote attackers to cause a denial of service via a flood of characters to the TCP ports which it is listening on.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0384

ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2001-0385

GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0386

AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0387

Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2001-0389

IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0390

IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0391

Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-0395

Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH