CVE List - 2001 / March
Showing 1 - 39 of 39 CVEs for March 2001 (Page 1 of 1)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2001-0167 | 2001-03-09 | Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string. |
| CVE-2001-0168 | 2001-03-09 | Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key... |
| CVE-2001-0171 | 2001-03-09 | Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long GET request. |
| CVE-2001-0172 | 2001-03-09 | Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to cause a denial of service and possibly execute arbitrary commands by via a long directory name. |
| CVE-2001-0173 | 2001-03-09 | Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header. |
| CVE-2001-0177 | 2001-03-09 | WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a denial of service via a buddy relationship between the IRC server and a server clone. |
| CVE-2001-0180 | 2001-03-09 | Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter. |
| CVE-2001-0181 | 2001-03-09 | Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands. |
| CVE-2001-0184 | 2001-03-09 | eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet. |
| CVE-2001-0186 | 2001-03-09 | Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2001-0188 | 2001-03-09 | GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to cause a denial of service via a flood of connections to the server, which causes it to crash. |
| CVE-2001-0192 | 2001-03-09 | Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions. |
| CVE-2001-0198 | 2001-03-09 | Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag. |
| CVE-2001-0199 | 2001-03-09 | Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request. |
| CVE-2001-0200 | 2001-03-09 | HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing... |
| CVE-2001-0201 | 2001-03-09 | The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program. |
| CVE-2001-0202 | 2001-03-09 | Picserver web server allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTP GET request. |
| CVE-2001-0205 | 2001-03-09 | Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "..." into the requested pathname, a modified .. (dot dot) attack. |
| CVE-2001-0206 | 2001-03-09 | Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or ... into the requested pathname of an HTTP... |
| CVE-2001-0208 | 2001-03-09 | MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the mfaslmf directory and the nolicense file with insecure permissions, which allows local users to gain privileges by modifying files. |
| CVE-2001-0209 | 2001-03-09 | Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) 1.7.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long description. |
| CVE-2001-0210 | 2001-03-09 | Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter. |
| CVE-2001-0211 | 2001-03-09 | Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter. |
| CVE-2001-0212 | 2001-03-09 | Directory traversal vulnerability in HIS Auktion 1.62 allows remote attackers to read arbitrary files via a .. (dot dot) in the menue parameter, and possibly execute commands via shell metacharacters. |
| CVE-2001-0213 | 2001-03-09 | Buffer overflow in pi program in PlanetIntra 2.5 allows remote attackers to execute arbitrary commands. |
| CVE-2001-0214 | 2001-03-09 | Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte. |
| CVE-2001-0216 | 2001-03-09 | PALS Library System pals-cgi program allows remote attackers to execute arbitrary commands via shell metacharacters in the documentName parameter. |
| CVE-2001-0217 | 2001-03-09 | Directory traversal vulnerability in PALS Library System pals-cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the documentName parameter. |
| CVE-2001-0220 | 2001-03-09 | Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local users to gain root privileges. |
| CVE-2001-0223 | 2001-03-09 | Buffer overflow in wwwwais allows remote attackers to execute arbitrary commands via a long QUERY_STRING (HTTP GET request). |
| CVE-2001-0224 | 2001-03-09 | Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter. |
| CVE-2001-0225 | 2001-03-09 | fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. |
| CVE-2001-0226 | 2001-03-09 | Directory traversal vulnerability in BiblioWeb web server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) or ... attack in an HTTP GET request. |
| CVE-2001-0227 | 2001-03-09 | Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. |
| CVE-2001-0228 | 2001-03-09 | Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request. |
| CVE-2001-0229 | 2001-03-09 | Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts. |
| CVE-2001-0231 | 2001-03-09 | Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via a .. in the "t" parameter. |
| CVE-2001-0232 | 2001-03-09 | newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via shell metacharacters. |
| CVE-2001-0145 | 2001-04-04 | Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field. |
| CVE-2001-0250 | 2001-04-04 | The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command. |
| CVE-2001-0251 | 2001-04-04 | The Web Publishing feature in Netscape Enterprise Server 3.x allows remote attackers to cause a denial of service via the REVLOG command. |
| CVE-2001-0253 | 2001-04-04 | Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter. |
| CVE-2001-0254 | 2001-04-04 | FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real pathname of the server via the "pwd" command. |
| CVE-2001-0255 | 2001-04-04 | FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the "ls" command and including the drive letter name (e.g. C:) in the requested pathname. |
| CVE-2001-0256 | 2001-04-04 | FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long username. |
| CVE-2001-0257 | 2001-04-04 | Buffer overflow in Easycom/Safecom Print Server Web service, version 404.590 and earlier, allows remote attackers to execute arbitrary commands via (1) a long URL or (2) a long HTTP header... |
| CVE-2001-0258 | 2001-04-04 | The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server allows remote attackers to cause a denial of service via a large number of connections that send null characters. |
| CVE-2001-0261 | 2001-04-04 | Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. |
| CVE-2001-0270 | 2001-04-04 | Marconi ASX-1000 ASX switches allow remote attackers to cause a denial of service in the telnet and web management interfaces via a malformed packet with the SYN-FIN and More Fragments... |
| CVE-2001-0271 | 2001-04-04 | mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitrary commands via a user name that contains shell metacharacters. |
| CVE-2001-0272 | 2001-04-04 | Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter. |
| CVE-2001-0273 | 2001-04-04 | pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message... |
| CVE-2001-0275 | 2001-04-04 | Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request. |
| CVE-2001-0277 | 2001-04-04 | Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. |
| CVE-2001-0281 | 2001-04-04 | Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges. |
| CVE-2001-0282 | 2001-04-04 | SEDUM 2.1 HTTP server allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. |
| CVE-2001-0283 | 2001-04-04 | Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4)... |
| CVE-2001-0285 | 2001-04-04 | Buffer overflow in A1 HTTP server 1.0a allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. |
| CVE-2001-0286 | 2001-04-04 | Directory traversal vulnerability in A1 HTTP server 1.0a allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. |
| CVE-2001-0291 | 2001-04-04 | Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters. |
| CVE-2001-0292 | 2001-04-04 | PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator. |
| CVE-2001-0293 | 2001-04-04 | Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows remote attackers to read arbitrary files via a .. (dot dot) in the GET command. |
| CVE-2001-0294 | 2001-04-04 | Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in a GET command, or (2) a ... in... |
| CVE-2001-0296 | 2001-04-04 | Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command. |
| CVE-2001-0297 | 2001-04-04 | Directory traversal vulnerability in Simple Server HTTPd 1.0 (originally Free Java Server) allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
| CVE-2001-0298 | 2001-04-04 | Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request. |
| CVE-2001-0300 | 2001-04-04 | oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a... |
| CVE-2001-0302 | 2001-04-04 | Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL. |
| CVE-2001-0303 | 2001-04-04 | tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file. |
| CVE-2001-0304 | 2001-04-04 | Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a "\.." (dot dot) in a URL request. |
| CVE-2001-0305 | 2001-04-04 | Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter. |
| CVE-2001-0306 | 2001-04-04 | Directory traversal vulnerability in ITAfrica WEBactive HTTP Server 1.00 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. |
| CVE-2001-0307 | 2001-04-04 | Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not... |
| CVE-2001-0308 | 2001-04-04 | UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a... |
| CVE-2001-0312 | 2001-04-04 | IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host... |
| CVE-2001-0313 | 2001-04-04 | Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed,... |
| CVE-2001-0314 | 2001-04-04 | Buffer overflow in www.tol module in America Online (AOL) 5.0 may allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL in... |
| CVE-2001-0315 | 2001-04-04 | The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key. |
| CVE-2001-0320 | 2001-04-04 | bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a... |
| CVE-2001-0322 | 2001-04-04 | MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object... |
| CVE-2001-0323 | 2001-04-04 | The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set"... |
| CVE-2001-0324 | 2001-04-04 | Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents... |
| CVE-2001-0325 | 2001-04-04 | Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large number of arguments to the stat command. |
| CVE-1999-0115 | 2001-05-07 | AIX bugfiler program allows local users to gain root access. |
| CVE-1999-0223 | 2001-05-07 | Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. |
| CVE-1999-0268 | 2001-05-07 | MetaInfo MetaWeb web server allows users to upload, execute, and read scripts. |
| CVE-1999-0608 | 2001-05-07 | An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. |
| CVE-1999-0681 | 2001-05-07 | Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. |
| CVE-1999-0729 | 2001-05-07 | Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request. |
| CVE-1999-0758 | 2001-05-07 | Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL. |
| CVE-1999-0760 | 2001-05-07 | Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. |
| CVE-1999-0800 | 2001-05-07 | The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm. |
| CVE-1999-0922 | 2001-05-07 | An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. |
| CVE-1999-0924 | 2001-05-07 | The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service. |
| CVE-1999-0945 | 2001-05-07 | Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands. |
| CVE-2000-0120 | 2001-05-07 | The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. |
| CVE-2000-0302 | 2001-05-07 | Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL. |
| CVE-2000-0306 | 2001-05-07 | Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message. |
| CVE-2000-0307 | 2001-05-07 | Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024. |
| CVE-2000-0308 | 2001-05-07 | Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges. |