CVE List - 2001 / August
Showing 1 - 25 of 25 CVEs for August 2001 (Page 1 of 1)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2001-0552 | 2001-08-29 | ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap... |
| CVE-2001-0636 | 2001-08-29 | Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2)... |
| CVE-2001-0642 | 2001-08-29 | Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in... |
| CVE-2001-0645 | 2001-08-29 | Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC... |
| CVE-2001-0649 | 2001-08-29 | Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial of service via a long HTTP request. |
| CVE-2001-0674 | 2001-08-29 | Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a hexadecimal encoded dot-dot attack (eg. http://www.server.com/%2e%2e/%2e%2e) in an HTTP URL request. |
| CVE-2001-0678 | 2001-08-29 | A buffer overflow in reggo.dll file used by Trend Micro InterScan VirusWall prior to 3.51 build 1349 for Windows NT 3.5 and InterScan WebManager 1.2 allows a local attacker to... |
| CVE-2001-0681 | 2001-08-29 | Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a remote attacker to cause a denial of service via a long (1) username or (2) password. |
| CVE-2001-0683 | 2001-08-29 | Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service (memory exhaustion) by repeatedly sending approximately 5K of data to TCP... |
| CVE-2001-0684 | 2001-08-29 | Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service by sending seven or more characters to TCP port 5239. |
| CVE-2001-0687 | 2001-08-29 | Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by... |
| CVE-2001-0688 | 2001-08-29 | Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial of service by repeatedly issuing an invalid CD or CWD ("CD . .") command. |
| CVE-2001-0689 | 2001-08-29 | Vulnerability in TrendMicro Virus Control System 1.8 allows a remote attacker to view configuration files and change the configuration via a certain CGI program. |
| CVE-2001-0691 | 2001-08-29 | Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations. |
| CVE-2001-0693 | 2001-08-29 | WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20). |
| CVE-2001-0694 | 2001-08-29 | Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command. |
| CVE-2001-0695 | 2001-08-29 | WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by making repeated requests to cd to the floppy drive (A:\). |
| CVE-2001-0702 | 2001-08-29 | Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command. |
| CVE-2001-0703 | 2001-08-29 | tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter. |
| CVE-2001-0704 | 2001-08-29 | tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that... |
| CVE-2001-0705 | 2001-08-29 | Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in... |
| CVE-2001-0707 | 2001-08-29 | Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a denial of service (crash) via a long string to port 514. |
| CVE-2001-0708 | 2001-08-29 | Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a denial of service (crash) via a long string. |
| CVE-2001-0709 | 2001-08-29 | Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. |
| CVE-1999-0154 | 2001-09-12 | IIS 2.0 and 3.0 allows remote attackers to read the source code for ASP pages by appending a . (dot) to the end of the URL. |
| CVE-1999-0418 | 2001-09-12 | Denial of service in SMTP applications such as Sendmail, when a remote attacker (e.g. spammer) uses many "RCPT TO" commands in the same connection. |
| CVE-1999-0808 | 2001-09-12 | Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long... |
| CVE-1999-0926 | 2001-09-12 | Apache allows remote attackers to conduct a denial of service via a large number of MIME headers. |
| CVE-1999-1012 | 2001-09-12 | SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other operating systems, allows a remote attacker to crash the mail server via a long string. |
| CVE-1999-1013 | 2001-09-12 | named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file. |
| CVE-1999-1015 | 2001-09-12 | Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and earlier allows a remote attacker to cause a denial of service (crash) via a long HELO command. |
| CVE-1999-1016 | 2001-09-12 | Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML... |
| CVE-1999-1017 | 2001-09-12 | Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient... |
| CVE-1999-1018 | 2001-09-12 | IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments... |
| CVE-1999-1020 | 2001-09-12 | The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and... |
| CVE-1999-1022 | 2001-09-12 | serial_ports administrative program in IRIX 4.x and 5.x trusts the user's PATH environmental variable to find and execute the ls program, which allows local users to gain root privileges via... |
| CVE-1999-1023 | 2001-09-12 | useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired. |
| CVE-1999-1024 | 2001-09-12 | ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump... |
| CVE-1999-1025 | 2001-09-12 | CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access... |
| CVE-1999-1026 | 2001-09-12 | aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file. |
| CVE-1999-1029 | 2001-09-12 | SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password... |
| CVE-1999-1030 | 2001-09-12 | counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline), which causes a malformed entry in the counter... |
| CVE-1999-1031 | 2001-09-12 | counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via a long argument. |
| CVE-1999-1033 | 2001-09-12 | Microsoft Outlook Express before 4.72.3612.1700 allows a malicious user to send a message that contains a .., which can inadvertently cause Outlook to re-enter POP3 command mode and cause the... |
| CVE-1999-1036 | 2001-09-12 | COPS 1.04 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files in (1) res_diff, (2) ca.src, and (3) mail.chk. |
| CVE-1999-1038 | 2001-09-12 | Tiger 2.2.3 allows local users to overwrite arbitrary files via a symlink attack on various temporary files in Tiger's default working directory, as defined by the WORKDIR variable. |
| CVE-1999-1039 | 2001-09-12 | Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches 2291 and 2848 allow a local user to create root-owned files leading to a root compromise. |
| CVE-1999-1040 | 2001-09-12 | Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable. |
| CVE-1999-1041 | 2001-09-12 | Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 allows a local user to gain root access via (1) a long TERM environmental variable and (2) a... |
| CVE-1999-1042 | 2001-09-12 | Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log files and temporary files, which may expose sensitive information, to local users such as user IDs, passwords and SNMP community... |
| CVE-1999-1043 | 2001-09-12 | Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application... |
| CVE-1999-1046 | 2001-09-12 | Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 8181. |
| CVE-1999-1049 | 2001-09-12 | ARCserve NT agents use weak encryption (XOR) for passwords, which allows remote attackers to sniff the authentication request to port 6050 and decrypt the password. |
| CVE-1999-1050 | 2001-09-12 | Directory traversal vulnerability in Matt Wright FormHandler.cgi script allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the reply_message_attach attachment parameter, or (2) by specifying... |
| CVE-1999-1051 | 2001-09-12 | Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary... |
| CVE-1999-1052 | 2001-09-12 | Microsoft FrontPage stores form results in a default location in /_private/form_results.txt, which is world-readable and accessible in the document root, which allows remote attackers to read possibly sensitive information submitted... |
| CVE-1999-1053 | 2001-09-12 | guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly... |
| CVE-1999-1054 | 2001-09-12 | The default configuration of FLEXlm license manager 6.0d, and possibly other versions, allows remote attackers to shut down the server via the lmdown command. |
| CVE-1999-1058 | 2001-09-12 | Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via several long CWD commands. |
| CVE-1999-1060 | 2001-09-12 | Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by connecting to port 31457 from a host with... |
| CVE-1999-1061 | 2001-09-12 | HP Laserjet printers with JetDirect cards, when configured with TCP/IP, can be configured without a password, which allows remote attackers to connect to the printer and change its IP address... |
| CVE-1999-1062 | 2001-09-12 | HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100. |
| CVE-1999-1063 | 2001-09-12 | CDomain whois_raw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter. |
| CVE-1999-1064 | 2001-09-12 | Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow attackers to cause a denial of service and possibly execute arbitrary commands by executing WindowMaker with a long program name (argv[0]). |
| CVE-1999-1065 | 2001-09-12 | Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to port 14238 while... |
| CVE-1999-1066 | 2001-09-12 | Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a... |
| CVE-1999-1067 | 2001-09-12 | SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities. |
| CVE-1999-1068 | 2001-09-12 | Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request. |
| CVE-1999-1069 | 2001-09-12 | Directory traversal vulnerability in carbo.dll in iCat Carbo Server 3.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the icatcommand parameter. |
| CVE-1999-1070 | 2001-09-12 | Buffer overflow in ping CGI program in Xylogics Annex terminal service allows remote attackers to cause a denial of service via a long query parameter. |
| CVE-1999-1071 | 2001-09-12 | Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file. |
| CVE-1999-1072 | 2001-09-12 | Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an... |
| CVE-1999-1073 | 2001-09-12 | Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to... |
| CVE-1999-1075 | 2001-09-12 | inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers... |
| CVE-1999-1076 | 2001-09-12 | Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the... |
| CVE-1999-1077 | 2001-09-12 | Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger... |
| CVE-1999-1078 | 2001-09-12 | WS_FTP Pro 6.0 uses weak encryption for passwords in its initialization files, which allows remote attackers to easily decrypt the passwords and gain privileges. |
| CVE-1999-1079 | 2001-09-12 | Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program. |
| CVE-1999-1081 | 2001-09-12 | Vulnerability in files.pl script in Novell WebServer Examples Toolkit 2 allows remote attackers to read arbitrary files. |
| CVE-1999-1082 | 2001-09-12 | Directory traversal vulnerability in Jana proxy web server 1.40 allows remote attackers to ready arbitrary files via a "......" (modified dot dot) attack. |
| CVE-1999-1083 | 2001-09-12 | Directory traversal vulnerability in Jana proxy web server 1.45 allows remote attackers to ready arbitrary files via a .. (dot dot) attack. |
| CVE-1999-1084 | 2001-09-12 | The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system... |
| CVE-1999-1086 | 2001-09-12 | Novell 5 and earlier, when running over IPX with a packet signature level less than 3, allows remote attackers to gain administrator privileges by spoofing the MAC address in IPC... |
| CVE-1999-1088 | 2001-09-12 | Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local users to gain privileges. |
| CVE-1999-1089 | 2001-09-12 | Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows local users to gain privileges via a long command line argument. |
| CVE-1999-1091 | 2001-09-12 | UNIX news readers tin and rtin create the /tmp/.tin_log file with insecure permissions and follow symlinks, which allows attackers to modify the permissions of files writable by the user via... |
| CVE-1999-1092 | 2001-09-12 | tin 1.40 creates the .tin directory with insecure permissions, which allows local users to read passwords from the .inputhistory file. |
| CVE-1999-1095 | 2001-09-12 | sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other... |
| CVE-1999-1096 | 2001-09-12 | Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable. |
| CVE-1999-1097 | 2001-09-12 | Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty. |
| CVE-1999-1101 | 2001-09-12 | Kabsoftware Lydia utility uses weak encryption to store user passwords in the lydia.ini file, which allows local users to easily decrypt the passwords and gain privileges. |
| CVE-1999-1106 | 2001-09-12 | Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument. |
| CVE-1999-1107 | 2001-09-12 | Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable. |
| CVE-1999-1110 | 2001-09-12 | Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine... |
| CVE-1999-1112 | 2001-09-12 | Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header. |
| CVE-1999-1113 | 2001-09-12 | Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier on MacOS systems allows remote attackers to cause a denial of service via a long USER command to port... |
| CVE-1999-1123 | 2001-09-12 | The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall. |
| CVE-1999-1124 | 2001-09-12 | HTTP Client application in ColdFusion allows remote attackers to bypass access restrictions for web pages on other ports by providing the target page to the mainframeset.cfm application, which requests the... |
| CVE-1999-1125 | 2001-09-12 | Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the... |
| CVE-1999-1126 | 2001-09-12 | Cisco Resource Manager (CRM) 1.1 and earlier creates certain files with insecure permissions that allow local users to obtain sensitive configuration information including usernames, passwords, and SNMP community strings, from... |