CVE List - 2001 / January
Showing 201 - 232 of 232 CVEs for January 2001 (Page 3 of 3)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2000-1107 | 2001-01-22 | in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL... |
| CVE-2000-1112 | 2001-01-22 | Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the... |
| CVE-2000-1113 | 2001-01-22 | Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. |
| CVE-2000-1115 | 2001-01-22 | Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a... |
| CVE-2000-1120 | 2001-01-22 | Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands. |
| CVE-2000-1131 | 2001-01-22 | Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable. |
| CVE-2000-1132 | 2001-01-22 | DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable. |
| CVE-2000-1135 | 2001-01-22 | fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack. |
| CVE-2000-1136 | 2001-01-22 | elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack. |
| CVE-2000-1137 | 2001-01-22 | GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. |
| CVE-2000-1139 | 2001-01-22 | The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. |
| CVE-2000-1140 | 2001-01-22 | Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands... |
| CVE-2000-1141 | 2001-01-22 | Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system. |
| CVE-2000-1142 | 2001-01-22 | Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system. |
| CVE-2000-1143 | 2001-01-22 | Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system. |
| CVE-2000-1144 | 2001-01-22 | Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal,... |
| CVE-2000-1145 | 2001-01-22 | Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or fsdb to read /dev/mem and raw disk devices to identify ManTrap processes or... |
| CVE-2000-1146 | 2001-01-22 | Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such... |
| CVE-2000-1148 | 2001-01-22 | The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the... |
| CVE-2000-1149 | 2001-01-22 | Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability. |
| CVE-2000-1162 | 2001-01-22 | ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack. |
| CVE-2000-1163 | 2001-01-22 | ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a... |
| CVE-2000-1167 | 2001-01-22 | ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system. |
| CVE-2000-1169 | 2001-01-22 | OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11... |
| CVE-2000-1178 | 2001-01-22 | Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe... |
| CVE-2000-1179 | 2001-01-22 | Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters. |
| CVE-2000-1181 | 2001-01-22 | Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL. |
| CVE-2000-1182 | 2001-01-22 | WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling. |
| CVE-2000-1184 | 2001-01-22 | telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental... |
| CVE-2000-1187 | 2001-01-22 | Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field. |
| CVE-2000-1189 | 2001-01-22 | Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges. |
| CVE-2000-0889 | 2001-02-02 | Two Sun security certificates have been compromised, which could allow attackers to insert malicious code such as applets and make it appear that it is signed by Sun. |
| CVE-2000-0893 | 2001-02-02 | The presence of the Distributed GL Daemon (dgld) service on port 5232 on SGI IRIX systems allows remote attackers to identify the target host as an SGI system. |
| CVE-2000-1090 | 2001-02-02 | Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte... |
| CVE-2001-0019 | 2001-02-02 | Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive,"... |
| CVE-2001-0022 | 2001-02-02 | simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter. |
| CVE-2001-0023 | 2001-02-02 | everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. |
| CVE-2001-0024 | 2001-02-02 | simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter. |
| CVE-2001-0025 | 2001-02-02 | ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter. |
| CVE-2001-0027 | 2001-02-02 | mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users. |
| CVE-2001-0029 | 2001-02-02 | Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other versions) allows remote attackers to execute arbitrary commands via a long host or domain name that is obtained from... |
| CVE-2001-0030 | 2001-02-02 | FoolProof 3.9 allows local users to bypass program execution restrictions by downloading the restricted executables from another source and renaming them. |
| CVE-2001-0031 | 2001-02-02 | BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist. |
| CVE-2001-0032 | 2001-02-02 | Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL. |
| CVE-2001-0037 | 2001-02-02 | Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers. |
| CVE-2001-0038 | 2001-02-02 | Offline Explorer 1.4 before Service Release 2 allows remote attackers to read arbitrary files by specifying the drive letter (e.g. C:) in the requested URL. |
| CVE-2001-0044 | 2001-02-02 | Multiple buffer overflows in Lexmark MarkVision printer driver programs allows local users to gain privileges via long arguments to the cat_network, cat_paraller, and cat_serial commands. |
| CVE-2001-0045 | 2001-02-02 | The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka... |
| CVE-2001-0046 | 2001-02-02 | The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or... |
| CVE-2001-0047 | 2001-02-02 | The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges,... |
| CVE-2001-0048 | 2001-02-02 | The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to... |
| CVE-2001-0049 | 2001-02-02 | WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to cause a denial of service via a large number of GET requests. |
| CVE-2001-0051 | 2001-02-02 | IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database. |
| CVE-2001-0052 | 2001-02-02 | IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query. |
| CVE-2001-0064 | 2001-02-02 | Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string. |
| CVE-2001-0065 | 2001-02-02 | Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command. |
| CVE-2001-0067 | 2001-02-02 | The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely... |
| CVE-2001-0068 | 2001-02-02 | Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter. |
| CVE-2001-0070 | 2001-02-02 | Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long MAIL FROM command. |
| CVE-2001-0073 | 2001-02-02 | Buffer overflow in the find_default_type function in libsecure in NSA Security-enhanced Linux, which may allow attackers to modify critical data in memory. |
| CVE-2001-0074 | 2001-02-02 | Directory traversal vulnerability in print.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the board parameter. |
| CVE-2001-0075 | 2001-02-02 | Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter. |
| CVE-2001-0076 | 2001-02-02 | register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed. |
| CVE-2001-0079 | 2001-02-02 | Support Tools Manager (STM) A.22.00 for HP-UX allows local users to overwrite arbitrary files via a symlink attack on the tool_stat.txt log file. |
| CVE-2001-0082 | 2001-02-02 | Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets. |
| CVE-2001-0084 | 2001-02-02 | GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program. |
| CVE-2001-0086 | 2001-02-02 | CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a... |
| CVE-2001-0087 | 2001-02-02 | itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that... |
| CVE-2001-0088 | 2001-02-02 | common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain... |
| CVE-2001-0093 | 2001-02-02 | Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd. |
| CVE-2001-0097 | 2001-02-02 | The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request. |
| CVE-2001-0098 | 2001-02-02 | Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. |
| CVE-2001-0101 | 2001-02-02 | Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command. |
| CVE-2001-0102 | 2001-02-02 | "Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and... |
| CVE-2001-0103 | 2001-02-02 | CoffeeCup Direct and Free FTP clients uses weak encryption to store passwords in the FTPServers.ini file, which could allow attackers to easily decrypt the passwords. |
| CVE-2001-0104 | 2001-02-02 | MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key. |
| CVE-1999-0359 | 2001-02-14 | ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords. |
| CVE-1999-0757 | 2001-02-14 | The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates. |
| CVE-1999-0784 | 2001-02-14 | Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP. |
| CVE-1999-0805 | 2001-02-14 | Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests. |
| CVE-1999-0923 | 2001-02-14 | Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls. |
| CVE-2000-0312 | 2001-02-14 | cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function. |
| CVE-2001-0107 | 2001-02-14 | Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang. |
| CVE-2001-0112 | 2001-02-14 | Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands. |
| CVE-2001-0113 | 2001-02-14 | statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script. |
| CVE-2001-0114 | 2001-02-14 | statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter. |
| CVE-2001-0127 | 2001-02-14 | Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag. |
| CVE-2001-0131 | 2001-02-14 | htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. |
| CVE-2001-0132 | 2001-02-14 | Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack. |
| CVE-2001-0133 | 2001-02-14 | The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via... |
| CVE-2001-0134 | 2001-02-14 | Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long... |
| CVE-2001-0135 | 2001-02-14 | The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and... |
| CVE-2001-0146 | 2001-03-09 | IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. |
| CVE-2001-0167 | 2001-03-09 | Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string. |
| CVE-2001-0168 | 2001-03-09 | Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key... |
| CVE-2001-0171 | 2001-03-09 | Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long GET request. |
| CVE-2001-0172 | 2001-03-09 | Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to cause a denial of service and possibly execute arbitrary commands by via a long directory name. |
| CVE-2001-0173 | 2001-03-09 | Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header. |
| CVE-2001-0177 | 2001-03-09 | WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a denial of service via a buddy relationship between the IRC server and a server clone. |
| CVE-2001-0180 | 2001-03-09 | Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter. |