CVE List - 2001 / April
Showing 1 - 45 of 45 CVEs for April 2001 (Page 1 of 1)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2001-0250 | 2001-04-04 | The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command. |
| CVE-2001-0251 | 2001-04-04 | The Web Publishing feature in Netscape Enterprise Server 3.x allows remote attackers to cause a denial of service via the REVLOG command. |
| CVE-2001-0253 | 2001-04-04 | Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter. |
| CVE-2001-0254 | 2001-04-04 | FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real pathname of the server via the "pwd" command. |
| CVE-2001-0255 | 2001-04-04 | FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the "ls" command and including the drive letter name (e.g. C:) in the requested pathname. |
| CVE-2001-0256 | 2001-04-04 | FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long username. |
| CVE-2001-0257 | 2001-04-04 | Buffer overflow in Easycom/Safecom Print Server Web service, version 404.590 and earlier, allows remote attackers to execute arbitrary commands via (1) a long URL or (2) a long HTTP header... |
| CVE-2001-0258 | 2001-04-04 | The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server allows remote attackers to cause a denial of service via a large number of connections that send null characters. |
| CVE-2001-0261 | 2001-04-04 | Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files. |
| CVE-2001-0270 | 2001-04-04 | Marconi ASX-1000 ASX switches allow remote attackers to cause a denial of service in the telnet and web management interfaces via a malformed packet with the SYN-FIN and More Fragments... |
| CVE-2001-0271 | 2001-04-04 | mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitrary commands via a user name that contains shell metacharacters. |
| CVE-2001-0272 | 2001-04-04 | Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter. |
| CVE-2001-0273 | 2001-04-04 | pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message... |
| CVE-2001-0275 | 2001-04-04 | Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request. |
| CVE-2001-0277 | 2001-04-04 | Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. |
| CVE-2001-0281 | 2001-04-04 | Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges. |
| CVE-2001-0282 | 2001-04-04 | SEDUM 2.1 HTTP server allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. |
| CVE-2001-0283 | 2001-04-04 | Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4)... |
| CVE-2001-0285 | 2001-04-04 | Buffer overflow in A1 HTTP server 1.0a allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. |
| CVE-2001-0286 | 2001-04-04 | Directory traversal vulnerability in A1 HTTP server 1.0a allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. |
| CVE-2001-0291 | 2001-04-04 | Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters. |
| CVE-2001-0292 | 2001-04-04 | PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator. |
| CVE-2001-0293 | 2001-04-04 | Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows remote attackers to read arbitrary files via a .. (dot dot) in the GET command. |
| CVE-2001-0294 | 2001-04-04 | Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in a GET command, or (2) a ... in... |
| CVE-2001-0296 | 2001-04-04 | Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command. |
| CVE-2001-0297 | 2001-04-04 | Directory traversal vulnerability in Simple Server HTTPd 1.0 (originally Free Java Server) allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
| CVE-2001-0298 | 2001-04-04 | Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request. |
| CVE-2001-0300 | 2001-04-04 | oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a... |
| CVE-2001-0302 | 2001-04-04 | Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL. |
| CVE-2001-0303 | 2001-04-04 | tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file. |
| CVE-2001-0304 | 2001-04-04 | Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a "\.." (dot dot) in a URL request. |
| CVE-2001-0305 | 2001-04-04 | Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter. |
| CVE-2001-0306 | 2001-04-04 | Directory traversal vulnerability in ITAfrica WEBactive HTTP Server 1.00 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. |
| CVE-2001-0307 | 2001-04-04 | Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not... |
| CVE-2001-0308 | 2001-04-04 | UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a... |
| CVE-2001-0312 | 2001-04-04 | IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host... |
| CVE-2001-0313 | 2001-04-04 | Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed,... |
| CVE-2001-0314 | 2001-04-04 | Buffer overflow in www.tol module in America Online (AOL) 5.0 may allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL in... |
| CVE-2001-0315 | 2001-04-04 | The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key. |
| CVE-2001-0320 | 2001-04-04 | bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a... |
| CVE-2001-0322 | 2001-04-04 | MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object... |
| CVE-2001-0323 | 2001-04-04 | The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set"... |
| CVE-2001-0324 | 2001-04-04 | Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents... |
| CVE-2001-0325 | 2001-04-04 | Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large number of arguments to the stat command. |
| CVE-1999-0115 | 2001-05-07 | AIX bugfiler program allows local users to gain root access. |
| CVE-1999-0223 | 2001-05-07 | Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. |
| CVE-1999-0268 | 2001-05-07 | MetaInfo MetaWeb web server allows users to upload, execute, and read scripts. |
| CVE-1999-0608 | 2001-05-07 | An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. |
| CVE-1999-0681 | 2001-05-07 | Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. |
| CVE-1999-0729 | 2001-05-07 | Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request. |
| CVE-1999-0758 | 2001-05-07 | Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL. |
| CVE-1999-0760 | 2001-05-07 | Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. |
| CVE-1999-0800 | 2001-05-07 | The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm. |
| CVE-1999-0922 | 2001-05-07 | An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. |
| CVE-1999-0924 | 2001-05-07 | The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service. |
| CVE-1999-0945 | 2001-05-07 | Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands. |
| CVE-2000-0120 | 2001-05-07 | The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. |
| CVE-2000-0302 | 2001-05-07 | Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL. |
| CVE-2000-0306 | 2001-05-07 | Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message. |
| CVE-2000-0307 | 2001-05-07 | Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024. |
| CVE-2000-0308 | 2001-05-07 | Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges. |
| CVE-2000-0309 | 2001-05-07 | The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service. |
| CVE-2000-0310 | 2001-05-07 | IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets. |
| CVE-2000-0313 | 2001-05-07 | Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations. |
| CVE-2000-0314 | 2001-05-07 | traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets... |
| CVE-2000-0315 | 2001-05-07 | traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks. |
| CVE-2000-0348 | 2001-05-07 | A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges. |
| CVE-2000-0349 | 2001-05-07 | Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service. |
| CVE-2000-0351 | 2001-05-07 | Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages. |
| CVE-2000-0368 | 2001-05-07 | Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to... |
| CVE-2000-0375 | 2001-05-07 | The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files. |
| CVE-2000-0504 | 2001-05-07 | libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. |
| CVE-2000-0541 | 2001-05-07 | The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command. |
| CVE-2000-0573 | 2001-05-07 | The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. |
| CVE-2000-0577 | 2001-05-07 | Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0622 | 2001-05-07 | Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter. |
| CVE-2000-0650 | 2001-05-07 | The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by... |
| CVE-2000-0693 | 2001-05-07 | pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying... |
| CVE-2000-0694 | 2001-05-07 | pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack. |
| CVE-2000-0717 | 2001-05-07 | GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands. |
| CVE-2000-0720 | 2001-05-07 | news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an... |
| CVE-2000-0726 | 2001-05-07 | CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable. |
| CVE-2000-0731 | 2001-05-07 | Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0742 | 2001-05-07 | The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that... |
| CVE-2000-0803 | 2001-05-07 | GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the... |
| CVE-2000-0816 | 2001-05-07 | Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters. |
| CVE-2000-0818 | 2001-05-07 | The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the... |
| CVE-2000-0829 | 2001-05-07 | The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories... |
| CVE-2000-0854 | 2001-05-07 | When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to... |
| CVE-2000-0856 | 2001-05-07 | Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request. |
| CVE-2000-0874 | 2001-05-07 | Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF). |
| CVE-2000-0875 | 2001-05-07 | WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters. |
| CVE-2000-0876 | 2001-05-07 | WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname. |
| CVE-2000-0890 | 2001-05-07 | periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack. |
| CVE-2000-0896 | 2001-05-07 | WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets. |
| CVE-2000-0927 | 2001-05-07 | WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions. |
| CVE-2000-0964 | 2001-05-07 | Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET... |
| CVE-2000-1075 | 2001-05-07 | Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End... |
| CVE-2000-1108 | 2001-05-07 | cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a... |
| CVE-2000-1109 | 2001-05-07 | Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories... |