CVE List - 2001 / November
Showing 1 - 36 of 36 CVEs for November 2001 (Page 1 of 1)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2001-0721 | 2001-11-22 | Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request. |
| CVE-2001-0799 | 2001-11-22 | Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument. |
| CVE-2001-0800 | 2001-11-22 | lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. |
| CVE-2001-0807 | 2001-11-22 | Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a... |
| CVE-2001-0808 | 2001-11-22 | gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter. |
| CVE-2001-0809 | 2001-11-22 | Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources. |
| CVE-2001-0817 | 2001-11-22 | Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request. |
| CVE-2001-0818 | 2001-11-22 | A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data. |
| CVE-2001-0820 | 2001-11-22 | Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection... |
| CVE-2001-0821 | 2001-11-22 | The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1)... |
| CVE-2001-0824 | 2001-11-22 | Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2)... |
| CVE-2001-0826 | 2001-11-22 | Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS, (4) PORT, (5) DELE, (6) REST, (7) RMD,... |
| CVE-2001-0829 | 2001-11-22 | A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into... |
| CVE-2001-0831 | 2001-11-22 | Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access. |
| CVE-2001-0832 | 2001-11-22 | Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or... |
| CVE-2001-0835 | 2001-11-22 | Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information,... |
| CVE-2001-0838 | 2001-11-22 | Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command. |
| CVE-2001-0839 | 2001-11-22 | ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password... |
| CVE-2001-0840 | 2001-11-22 | Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI. |
| CVE-2001-0841 | 2001-11-22 | Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie. |
| CVE-2001-0842 | 2001-11-22 | Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie. |
| CVE-2001-0844 | 2001-11-22 | Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter. |
| CVE-2001-0845 | 2001-11-22 | Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources. |
| CVE-2001-0847 | 2001-11-22 | Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID. |
| CVE-2001-0848 | 2001-11-22 | join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable. |
| CVE-2001-0849 | 2001-11-22 | viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call... |
| CVE-2001-0853 | 2001-11-22 | Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat. |
| CVE-2001-0854 | 2001-11-22 | PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php... |
| CVE-2001-0855 | 2001-11-22 | Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable. |
| CVE-2001-0856 | 2001-11-22 | Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force... |
| CVE-2001-0858 | 2001-11-22 | Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges. |
| CVE-2001-0827 | 2001-11-22 | Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests. |
| CVE-2001-0868 | 2001-11-28 | Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status. |
| CVE-2001-0870 | 2001-11-30 | HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive... |
| CVE-2001-0871 | 2001-11-30 | Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions... |
| CVE-2002-0001 | 2002-01-03 | Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt 1.3.x before 1.3.25 allows remote attackers to execute arbitrary commands via an improperly terminated comment or phrase in the... |
| CVE-2002-0008 | 2002-01-10 | Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request to process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post... |
| CVE-2002-0010 | 2002-01-10 | Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the... |
| CVE-2001-0892 | 2002-02-02 | Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with... |
| CVE-2001-0893 | 2002-02-02 | Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /. |
| CVE-2001-0897 | 2002-02-02 | Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror... |
| CVE-2001-0898 | 2002-02-02 | Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a... |
| CVE-2001-0903 | 2002-02-02 | Linear key exchange process in High-bandwidth Digital Content Protection (HDCP) System allows remote attackers to access data as plaintext, avoid device blacklists, clone devices, and create new device keyvectors by... |
| CVE-2001-0904 | 2002-02-02 | Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites... |
| CVE-2001-0908 | 2002-02-02 | CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public... |
| CVE-2001-0910 | 2002-02-02 | Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to... |
| CVE-2001-0911 | 2002-02-02 | PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it. |
| CVE-2001-0913 | 2002-02-02 | Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and earlier, when using syslog, allows remote attackers to corrupt memory and possibly execute arbitrary code via a rwhois request that contains... |
| CVE-2001-0915 | 2002-02-02 | Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition. |
| CVE-2001-0916 | 2002-02-02 | Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via a long check argument of a shell definition. |
| CVE-2001-0919 | 2002-02-02 | Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript. |
| CVE-2001-0922 | 2002-02-02 | ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the... |
| CVE-2001-0923 | 2002-02-02 | RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried. |
| CVE-2001-0924 | 2002-02-02 | Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter. |
| CVE-2001-0925 | 2002-02-02 | The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many /... |
| CVE-2001-0926 | 2002-02-02 | SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP... |
| CVE-2001-0927 | 2002-02-02 | Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that... |
| CVE-2001-0928 | 2002-02-02 | Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data. |
| CVE-2001-0930 | 2002-02-02 | Sendpage.pl allows remote attackers to execute arbitrary commands via a message containing shell metacharacters. |
| CVE-2001-0931 | 2002-02-02 | Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET. |
| CVE-2001-0932 | 2002-02-02 | Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command. |
| CVE-2001-0933 | 2002-02-02 | Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an argument, e.g. "ls C:". |
| CVE-2001-0934 | 2002-02-02 | Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname. |
| CVE-2001-0935 | 2002-02-02 | Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550. |
| CVE-2001-0937 | 2002-02-02 | PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters. |
| CVE-2001-0938 | 2002-02-02 | Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename... |
| CVE-2001-0941 | 2002-02-02 | Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. |
| CVE-2001-0942 | 2002-02-02 | dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME... |
| CVE-2001-0943 | 2002-02-02 | dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to... |
| CVE-2001-0944 | 2002-02-02 | DDE in mIRC allows local users to launch applications under another user's account via a DDE message that executes a command, which may be executed by the other user's process. |
| CVE-2001-0945 | 2002-02-02 | Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line. |
| CVE-2001-0947 | 2002-02-02 | Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces... |
| CVE-2001-0948 | 2002-02-02 | Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in... |
| CVE-2001-0949 | 2002-02-02 | Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters... |
| CVE-2001-0950 | 2002-02-02 | ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates... |
| CVE-2001-0952 | 2002-02-02 | THQ Volition Red Faction Game allows remote attackers to cause a denial of service (hang) of a client or server via packets to UDP port 7755. |
| CVE-2001-0953 | 2002-02-02 | Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root. |
| CVE-2001-0955 | 2002-02-02 | Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large... |
| CVE-2001-0956 | 2002-02-02 | speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters. |
| CVE-2001-0958 | 2002-02-02 | Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1)... |
| CVE-2001-0964 | 2002-02-02 | Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command. |
| CVE-2001-0966 | 2002-02-02 | Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command. |
| CVE-2001-0967 | 2002-02-02 | Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force... |
| CVE-2001-0968 | 2002-02-02 | Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges. |
| CVE-2001-0970 | 2002-02-02 | Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script. |
| CVE-2001-0971 | 2002-02-02 | Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. |
| CVE-2001-0972 | 2002-02-02 | Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID... |
| CVE-2001-0974 | 2002-02-02 | Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. |
| CVE-2001-0975 | 2002-02-02 | Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. |
| CVE-2001-0976 | 2002-02-02 | Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables. |
| CVE-2001-0979 | 2002-02-02 | Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument. |
| CVE-2001-0983 | 2002-02-02 | UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges. |
| CVE-2001-0984 | 2002-02-02 | Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock... |
| CVE-2001-0985 | 2002-02-02 | shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter. |
| CVE-2001-0986 | 2002-02-02 | SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling... |
| CVE-2001-0988 | 2002-02-02 | Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information. |
| CVE-2001-0989 | 2002-02-02 | Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign. |
| CVE-2001-0990 | 2002-02-02 | Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password... |
| CVE-2001-0991 | 2002-02-02 | Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed... |
| CVE-2001-0992 | 2002-02-02 | shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter. |