CVE List - 2001 / September
Showing 101 - 200 of 487 CVEs for September 2001 (Page 2 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-1999-1176 | 2001-09-12 | Buffer overflow in cidentd ident daemon allows local users to gain root privileges via a long line in the .authlie script. |
| CVE-1999-1178 | 2001-09-12 | Sambar Server 4.1 beta allows remote attackers to obtain sensitive information about the server via an HTTP request for the dumpenv.pl script. |
| CVE-1999-1179 | 2001-09-12 | Vulnerability in man.sh CGI script, included in May 1998 issue of SysAdmin Magazine, allows remote attackers to execute arbitrary commands. |
| CVE-1999-1180 | 2001-09-12 | O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in an argument to (1) args.cmd or (2) args.bat. |
| CVE-1999-1182 | 2001-09-12 | Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for Linux systems allows local users to gain privileges by calling a setuid program with a long program name (argv[0])... |
| CVE-1999-1183 | 2001-09-12 | System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is... |
| CVE-1999-1184 | 2001-09-12 | Buffer overflow in Elm 2.4 and earlier allows local users to gain privileges via a long TERM environmental variable. |
| CVE-1999-1185 | 2001-09-12 | Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file. |
| CVE-1999-1186 | 2001-09-12 | rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious... |
| CVE-1999-1187 | 2001-09-12 | Pine before version 3.94 allows local users to gain privileges via a symlink attack on a lockfile that is created when a user receives new mail. |
| CVE-1999-1190 | 2001-09-12 | Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 allows remote attackers to execute arbitrary commands via a long "From" header in an e-mail message. |
| CVE-1999-1195 | 2001-09-12 | NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus definition file during an update via FTP, but it reports that the update was successful, which could cause a... |
| CVE-1999-1196 | 2001-09-12 | Hummingbird Exceed X version 5 allows remote attackers to cause a denial of service via malformed data to port 6000. |
| CVE-1999-1200 | 2001-09-12 | Vintra SMTP MailServer allows remote attackers to cause a denial of service via a malformed "EXPN *@" command. |
| CVE-1999-1202 | 2001-09-12 | StarTech (1) POP3 proxy server and (2) telnet server allows remote attackers to cause a denial of service via a long USER command. |
| CVE-1999-1206 | 2001-09-12 | SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and possibly other platforms and operating systems, installs two ActiveX controls that are marked as safe for scripting, which allows... |
| CVE-1999-1207 | 2001-09-12 | Buffer overflow in web-admin tool in NetXRay 2.6 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request. |
| CVE-1999-1210 | 2001-09-12 | xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to overwrite arbitrary files via a symlink attack on a core dump file, which is created when xterm... |
| CVE-1999-1211 | 2001-09-12 | Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local users to gain root privileges. |
| CVE-1999-1212 | 2001-09-12 | Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local users to gain root privileges. |
| CVE-1999-1213 | 2001-09-12 | Vulnerability in telnet service in HP-UX 10.30 allows attackers to cause a denial of service. |
| CVE-1999-1216 | 2001-09-12 | Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command. |
| CVE-1999-1218 | 2001-09-12 | Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier allows local users to read arbitrary files. |
| CVE-1999-1219 | 2001-09-12 | Vulnerability in sgihelp in the SGI help system and print manager in IRIX 5.2 and earlier allows local users to gain root privileges, possibly through the clogin command. |
| CVE-1999-1220 | 2001-09-12 | Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header. |
| CVE-1999-1221 | 2001-09-12 | dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file. |
| CVE-1999-1224 | 2001-09-12 | IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which... |
| CVE-1999-1225 | 2001-09-12 | rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates... |
| CVE-1999-1227 | 2001-09-12 | Ethereal allows local users to overwrite arbitrary files via a symlink attack on the packet capture file. |
| CVE-1999-1228 | 2001-09-12 | Various modems that do not implement a guard time, or are configured with a guard time of 0, can allow remote attackers to execute arbitrary modem commands such as ATH,... |
| CVE-1999-1229 | 2001-09-12 | Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg... |
| CVE-1999-1230 | 2001-09-12 | Quake 2 server allows remote attackers to cause a denial of service via a spoofed UDP packet with a source address of 127.0.0.1, which causes the server to attempt to... |
| CVE-1999-1231 | 2001-09-12 | ssh 2.0.12, and possibly other versions, allows valid user names to attempt to enter the correct password multiple times, but only prompts an invalid user name for a password once,... |
| CVE-1999-1232 | 2001-09-12 | Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program. |
| CVE-1999-1234 | 2001-09-12 | LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a denial of service via a NULL policy handle in a call to (1) SamrOpenDomain, (2) SamrEnumDomainUsers, and (3)... |
| CVE-1999-1235 | 2001-09-12 | Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or... |
| CVE-1999-1236 | 2001-09-12 | Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in the msgboxes.dbf file, which could allow local users to gain privileges by extracting the passwords from msgboxes.dbf. |
| CVE-1999-1237 | 2001-09-12 | Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a... |
| CVE-1999-1238 | 2001-09-12 | Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 and earlier allows local users to gain privileges. |
| CVE-1999-1239 | 2001-09-12 | HP-UX 9.x does not properly enable the Xauthority mechanism in certain conditions, which could allow local users to access the X display even when they have not explicitly been authorized... |
| CVE-1999-1240 | 2001-09-12 | Buffer overflow in cddbd CD database server allows remote attackers to execute arbitrary commands via a long log message. |
| CVE-1999-1241 | 2001-09-12 | Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web page that uses the FileSystemObject ActiveX object. |
| CVE-1999-1242 | 2001-09-12 | Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users to gain privileges. |
| CVE-1999-1244 | 2001-09-12 | IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary files via a symlink attack on the saved output file. |
| CVE-1999-1245 | 2001-09-12 | vacm ucd-snmp SNMP server, version 3.52, does not properly disable access to the public community string, which could allow remote attackers to obtain sensitive information. |
| CVE-1999-1247 | 2001-09-12 | Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x allows attackers to gain root privileges. |
| CVE-1999-1248 | 2001-09-12 | Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges. |
| CVE-1999-1250 | 2001-09-12 | Vulnerability in CGI program in the Lasso application by Blue World, as used on WebSTAR and other servers, allows remote attackers to read arbitrary files. |
| CVE-1999-1251 | 2001-09-12 | Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 allows local users to cause a denial of service. |
| CVE-1999-1252 | 2001-09-12 | Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 allows local users to access arbitrary files and gain root privileges. |
| CVE-1999-1253 | 2001-09-12 | Vulnerability in a kernel error handling routine in SCO OpenServer 5.0.2 and earlier, and SCO Internet FastStart 1.0, allows local users to gain root privileges. |
| CVE-1999-1254 | 2001-09-12 | Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of service by spoofing ICMP redirect messages from a router, which causes Windows to change its routing... |
| CVE-1999-1255 | 2001-09-12 | Hyperseek allows remote attackers to modify the hyperseek configuration by directly calling the admin.cgi program with an edit_file action parameter. |
| CVE-1999-1256 | 2001-09-12 | Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition stores the database master password in plaintext in the spoolmain.log file when a new database is created, which allows local users... |
| CVE-1999-1257 | 2001-09-12 | Xyplex terminal server 6.0.1S1, and possibly other versions, allows remote attackers to bypass the password prompt by entering (1) a CTRL-Z character, or (2) a ? (question mark). |
| CVE-1999-1260 | 2001-09-12 | mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive server information such as logged users, database names, and server version via the ServerStats query. |
| CVE-1999-1261 | 2001-09-12 | Buffer overflow in Rainbow Six Multiplayer allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long nickname (nick) command. |
| CVE-1999-1264 | 2001-09-12 | WebRamp M3 router does not disable remote telnet or HTTP access to itself, even when access has been explicitly disabled. |
| CVE-1999-1265 | 2001-09-12 | SMTP server in SLmail 3.1 and earlier allows remote attackers to cause a denial of service via malformed commands whose arguments begin with a "(" (parenthesis) character, such as (1)... |
| CVE-1999-1266 | 2001-09-12 | rsh daemon (rshd) generates different error messages when a valid username is provided versus an invalid name, which allows remote attackers to determine valid users on the system. |
| CVE-1999-1267 | 2001-09-12 | KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server. |
| CVE-1999-1268 | 2001-09-12 | Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. |
| CVE-1999-1269 | 2001-09-12 | Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file. |
| CVE-1999-1270 | 2001-09-12 | KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys... |
| CVE-1999-1271 | 2001-09-12 | Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users. |
| CVE-1999-1272 | 2001-09-12 | Buffer overflows in CDROM Confidence Test program (cdrom) allow local users to gain root privileges. |
| CVE-1999-1273 | 2001-09-12 | Squid Internet Object Cache 1.1.20 allows users to bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences. |
| CVE-1999-1274 | 2001-09-12 | iPass RoamServer 3.1 creates temporary files with world-writable permissions. |
| CVE-1999-1275 | 2001-09-12 | Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges. |
| CVE-1999-1277 | 2001-09-12 | BackWeb client stores the username and password in cleartext for proxy authentication in the Communication registry key, which could allow other local users to gain privileges by reading the password. |
| CVE-1999-1278 | 2001-09-12 | nlog CGI scripts do not properly filter shell metacharacters from the IP address argument, which could allow remote attackers to execute certain commands via (1) nlog-smb.pl or (2) rpc-nlog.pl. |
| CVE-1999-1280 | 2001-09-12 | Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant for development and testing, which logs user names and passwords in cleartext in the test.log file. |
| CVE-1999-1281 | 2001-09-12 | Development version of Breeze Network Server allows remote attackers to cause the system to reboot by accessing the configbreeze CGI program. |
| CVE-1999-1282 | 2001-09-12 | RealSystem G2 server stores the administrator password in cleartext in a world-readable configuration file, which allows local users to gain privileges. |
| CVE-1999-1283 | 2001-09-12 | Opera 3.2.1 allows remote attackers to cause a denial of service (application crash) via a URL that contains an extra / in the http:// tag. |
| CVE-1999-1285 | 2001-09-12 | Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted... |
| CVE-1999-1286 | 2001-09-12 | addnetpr in SGI IRIX 6.2 and earlier allows local users to modify arbitrary files and possibly gain root access via a symlink attack on a temporary file. |
| CVE-1999-1287 | 2001-09-12 | Vulnerability in Analog 3.0 and earlier allows remote attackers to read arbitrary files via the forms interface. |
| CVE-1999-1289 | 2001-09-12 | ICQ 98 beta on Windows NT leaks the internal IP address of a client in the TCP data segment of an ICQ packet instead of the public address (e.g. through... |
| CVE-1999-1291 | 2001-09-12 | TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and possibly others, allows remote attackers to reset connections by forcing a reset (RST) via a PSH ACK or other means,... |
| CVE-1999-1292 | 2001-09-12 | Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 and earlier allows remote attackers to execute arbitrary commands via a long URL. |
| CVE-1999-1293 | 2001-09-12 | mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core. |
| CVE-1999-1295 | 2001-09-12 | Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 does not properly initialize the grouplist for users who belong to a large number of groups, which could... |
| CVE-1999-1296 | 2001-09-12 | Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can... |
| CVE-1999-1299 | 2001-09-12 | rcp on various Linux systems including Red Hat 4.0 allows a "nobody" user or other user with UID of 65535 to overwrite arbitrary files, since 65535 is interpreted as -1... |
| CVE-1999-1300 | 2001-09-12 | Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users to read arbitrary files and modify system accounting configuration. |
| CVE-1999-1302 | 2001-09-12 | Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local users to gain root access. |
| CVE-1999-1303 | 2001-09-12 | Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users to gain root access. |
| CVE-1999-1304 | 2001-09-12 | Vulnerability in login in SCO UNIX 4.2 and earlier allows local users to gain root access. |
| CVE-1999-1305 | 2001-09-12 | Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local users to gain root access. |
| CVE-1999-1306 | 2001-09-12 | Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers... |
| CVE-1999-1307 | 2001-09-12 | Vulnerability in urestore in Novell UnixWare 1.1 allows local users to gain root privileges. |
| CVE-1999-1308 | 2001-09-12 | Certain programs in HP-UX 10.20 do not properly handle large user IDs (UID) or group IDs (GID) over 60000, which could allow local users to gain privileges. |
| CVE-1999-1311 | 2001-09-12 | Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges. |
| CVE-1999-1312 | 2001-09-12 | Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP 1.0, allows local users to gain system privileges. |
| CVE-1999-1313 | 2001-09-12 | Manual page reader (man) in FreeBSD 2.2 and earlier allows local users to gain privileges via a sequence of commands. |
| CVE-1999-1314 | 2001-09-12 | Vulnerability in union file system in FreeBSD 2.2 and earlier, and possibly other operating systems, allows local users to cause a denial of service (system reload) via a series of... |
| CVE-1999-1315 | 2001-09-12 | Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP and VAX/VMS systems allow local users to gain privileges or cause a denial of service. |
| CVE-1999-1319 | 2001-09-12 | Vulnerability in object server program in SGI IRIX 5.2 through 6.1 allows remote attackers to gain root privileges in certain configurations. |
| CVE-1999-1322 | 2001-09-12 | The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext. |