National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 133,424 matching records.
Displaying matches 129281 through 129300.
Vuln ID Summary CVSS Severity
CVE-2001-0871

Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0872

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-0873

uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-0884

Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 5.1 MEDIUM
CVE-2001-0886

Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-0888

Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1216

Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1217

Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1220

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-1221

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1440

Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system.

Published: December 21, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-0542

Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.

Published: December 20, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0876

Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.

Published: December 20, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0877

Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.

Published: December 20, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0879

Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.

Published: December 20, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1215

Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.

Published: December 20, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1218

Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.

Published: December 20, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2001-1219

Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.

Published: December 20, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0889

Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.

Published: December 19, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1212

Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.

Published: December 18, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM