National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 133,516 matching records.
Displaying matches 129461 through 129480.
Vuln ID Summary CVSS Severity
CVE-2001-0835

Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0836

Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0837

DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2001-0838

Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0839

ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0840

Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-0841

Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0842

Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0843

Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0844

Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0845

Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-0846

Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-0847

Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0848

join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2001-0849

viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2001-0850

A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2001-0851

Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0852

TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0853

Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-0854

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.

Published: December 06, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM