National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 133,338 matching records.
Displaying matches 129301 through 129320.
Vuln ID Summary CVSS Severity
CVE-2001-0853

Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0854

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0855

Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2001-0856

Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-0857

Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0858

Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-0859

2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0860

Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0861

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0862

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0863

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0864

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0865

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0866

Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0867

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-1247

PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM
CVE-2001-1272

wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-0946

apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins.

Published: December 04, 2001; 12:00:00 AM -05:00
    V2: 3.6 LOW
CVE-2001-0947

Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.

Published: December 04, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0948

Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.

Published: December 04, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH