CVE List - 2001 / September
Showing 201 - 300 of 487 CVEs for September 2001 (Page 3 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-1999-1323 | 2001-09-12 | Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini... |
| CVE-1999-1334 | 2001-09-12 | Multiple buffer overflows in filter command in Elm 2.4 allows attackers to execute arbitrary commands via (1) long From: headers, (2) long Reply-To: headers, or (3) via a long -f... |
| CVE-1999-1338 | 2001-09-12 | Delegate proxy 5.9.3 and earlier creates files and directories in the DGROOT with world-writable permissions. |
| CVE-1999-1340 | 2001-09-12 | Buffer overflow in faxalter in hylafax 4.0.2 allows local users to gain privileges via a long -m command line argument. |
| CVE-1999-1342 | 2001-09-12 | ICQ ActiveList Server allows remote attackers to cause a denial of service (crash) via malformed packets to the server's UDP port. |
| CVE-1999-1343 | 2001-09-12 | HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause a denial of service (hang) via a long URL that contains a large number of . characters. |
| CVE-1999-1344 | 2001-09-12 | Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in plaintext in the auto_ftp.conf configuration file. |
| CVE-1999-1345 | 2001-09-12 | Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared directory with insecure permissions, which allows local users to (1) send arbitrary files to the remote server by placing... |
| CVE-1999-1346 | 2001-09-12 | PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier includes a less restrictive rule before a more restrictive one, which allows users to access the host via... |
| CVE-1999-1347 | 2001-09-12 | Xsession in Red Hat Linux 6.1 and earlier can allow local users with restricted accounts to bypass execution of the .xsession file by starting kde, gnome or anotherlevel from kdm. |
| CVE-1999-1348 | 2001-09-12 | Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable PAM-based access to the shutdown command, which could allow local users to cause a denial of service. |
| CVE-1999-1349 | 2001-09-12 | NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to cause a denial of service (resource exhaustion) via certain packets, possibly with the Urgent (URG) flag set, to port 111. |
| CVE-1999-1350 | 2001-09-12 | ARCAD Systemhaus 0.078-5 installs critical programs and files with world-writeable permissions, which could allow local users to gain privileges by replacing a program with a Trojan horse. |
| CVE-1999-1352 | 2001-09-12 | mknod in Linux 2.2 follows symbolic links, which could allow local users to overwrite files or gain privileges. |
| CVE-1999-1353 | 2001-09-12 | Nosque MsgCore 2.14 stores passwords in cleartext: (1) the administrator password in the AdmPasswd registry key, and (2) user passwords in the Userbase.dbf data file, which could allow local users... |
| CVE-1999-1354 | 2001-09-12 | E-mail client in Softarc FirstClass Internet Server 5.506 and earlier stores usernames and passwords in cleartext in the files (1) home.fc for version 5.506, (2) network.fc for version 3.5, or... |
| CVE-1999-1355 | 2001-09-12 | BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and... |
| CVE-1999-1357 | 2001-09-12 | Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign,... |
| CVE-1999-1361 | 2001-09-12 | Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed packets, which causes... |
| CVE-1999-1364 | 2001-09-12 | Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext. |
| CVE-1999-1366 | 2001-09-12 | Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail. |
| CVE-1999-1367 | 2001-09-12 | Internet Explorer 5.0 does not properly reset the username/password cache for Web sites that do not use standard cache controls, which could allow users on the same system to access... |
| CVE-1999-1368 | 2001-09-12 | AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to... |
| CVE-1999-1369 | 2001-09-12 | Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges. |
| CVE-1999-1370 | 2001-09-12 | The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an... |
| CVE-1999-1371 | 2001-09-12 | Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument. |
| CVE-1999-1372 | 2001-09-12 | Triactive Remote Manager with Basic authentication enabled stores the username and password in cleartext in registry keys, which could allow local users to gain privileges. |
| CVE-1999-1373 | 2001-09-12 | FORE PowerHub before 5.0.1 allows remote attackers to cause a denial of service (hang) via a TCP SYN scan with TCP/IP OS fingerprinting, e.g. via nmap. |
| CVE-1999-1374 | 2001-09-12 | perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request. |
| CVE-1999-1375 | 2001-09-12 | FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) allows remote attackers to read arbitrary files by specifying the name in the file parameter. |
| CVE-1999-1376 | 2001-09-12 | Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands. |
| CVE-1999-1377 | 2001-09-12 | Matt Wright's download.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. |
| CVE-1999-1378 | 2001-09-12 | dbmlparser.exe CGI guestbook program does not perform a chroot operation properly, which allows remote attackers to read arbitrary files. |
| CVE-1999-1381 | 2001-09-12 | Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote attackers to execute arbitrary commands. |
| CVE-1999-1383 | 2001-09-12 | (1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters (` back-tick), which can cause the commands enclosed in... |
| CVE-1999-1387 | 2001-09-12 | Windows NT 4.0 SP2 allows remote attackers to cause a denial of service (crash), possibly via malformed inputs or packets, such as those generated by a Linux smbmount command that... |
| CVE-1999-1388 | 2001-09-12 | passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument. |
| CVE-1999-1389 | 2001-09-12 | US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 and 3.7.24 does not properly enforce access filters when the "set host prompt" setting is made for a port, which... |
| CVE-1999-1390 | 2001-09-12 | suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain root privileges by specifying a malicious program on the command line. |
| CVE-1999-1391 | 2001-09-12 | Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers allows local users to gain privileges via a combination of the npd program and weak directory permissions. |
| CVE-1999-1392 | 2001-09-12 | Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 allows local users to gain root privileges. |
| CVE-1999-1393 | 2001-09-12 | Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using... |
| CVE-1999-1394 | 2001-09-12 | BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and... |
| CVE-1999-1395 | 2001-09-12 | Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 through 5.4-2 allows local users to gain privileges. |
| CVE-1999-1396 | 2001-09-12 | Vulnerability in integer multiplication emulation code on SPARC architectures for SunOS 4.1 through 4.1.2 allows local users to gain root access or cause a denial of service (crash). |
| CVE-1999-1398 | 2001-09-12 | Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack. |
| CVE-1999-1399 | 2001-09-12 | spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed. |
| CVE-1999-1400 | 2001-09-12 | The Economist screen saver 1999 with the "Password Protected" option enabled allows users with physical access to the machine to bypass the screen saver and read files by running Internet... |
| CVE-1999-1401 | 2001-09-12 | Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 sets insecure permissions for certain user files (iconbook and searchbook). |
| CVE-1999-1403 | 2001-09-12 | IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and... |
| CVE-1999-1404 | 2001-09-12 | IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents... |
| CVE-1999-1405 | 2001-09-12 | snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local... |
| CVE-1999-1406 | 2001-09-12 | dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel. |
| CVE-1999-1408 | 2001-09-12 | Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the... |
| CVE-1999-1410 | 2001-09-12 | addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root privileges via a symlink attack on the printers temporary file. |
| CVE-1999-1412 | 2001-09-12 | A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests... |
| CVE-1999-1413 | 2001-09-12 | Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to... |
| CVE-1999-1415 | 2001-09-12 | Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local users to gain privileges. |
| CVE-1999-1416 | 2001-09-12 | AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large content-length. |
| CVE-1999-1417 | 2001-09-12 | Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via encoded % characters in an... |
| CVE-1999-1418 | 2001-09-12 | ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file... |
| CVE-1999-1420 | 2001-09-12 | NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door password that cannot be disabled, which allows remote attackers to modify the switch's configuration. |
| CVE-1999-1421 | 2001-09-12 | NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing... |
| CVE-1999-1422 | 2001-09-12 | The default configuration of Slackware 3.4, and possibly other versions, includes . (dot, the current directory) in the PATH environmental variable, which could allow local users to create Trojan horse... |
| CVE-1999-1424 | 2001-09-12 | Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table... |
| CVE-1999-1425 | 2001-09-12 | Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd. |
| CVE-1999-1426 | 2001-09-12 | Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files. |
| CVE-1999-1427 | 2001-09-12 | Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges. |
| CVE-1999-1428 | 2001-09-12 | Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges. |
| CVE-1999-1429 | 2001-09-12 | DIT TransferPro installs devices with world-readable and world-writable permissions, which could allow local users to damage disks through the ff device driver. |
| CVE-1999-1430 | 2001-09-12 | PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password... |
| CVE-1999-1431 | 2001-09-12 | ZAK in Appstation mode allows users to bypass the "Run only allowed apps" policy by starting Explorer from Office 97 applications (such as Word), installing software into the TEMP directory,... |
| CVE-1999-1434 | 2001-09-12 | login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign... |
| CVE-1999-1435 | 2001-09-12 | Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows local users to gain privileges via long environmental variables. |
| CVE-1999-1436 | 2001-09-12 | Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "user" parameter. |
| CVE-1999-1438 | 2001-09-12 | Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local users to gain root privileges via certain command line arguments. |
| CVE-1999-1439 | 2001-09-12 | gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files. |
| CVE-1999-1440 | 2001-09-12 | Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name... |
| CVE-1999-1441 | 2001-09-12 | Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that... |
| CVE-1999-1442 | 2001-09-12 | Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local users to cause a denial of service (crash) via a particular sequence of instructions, possibly related to... |
| CVE-1999-1443 | 2001-09-12 | Micah Software Full Armor Network Configurator and Zero Administration allow local users with physical access to bypass the desktop protection by (1) using <CTRL><ALT><DEL> and kill the process using the... |
| CVE-1999-1444 | 2001-09-12 | genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent of 1, which results in transactions that are sent in cleartext. |
| CVE-1999-1445 | 2001-09-12 | Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence... |
| CVE-1999-1446 | 2001-09-12 | Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not... |
| CVE-1999-1447 | 2001-09-12 | Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag. |
| CVE-1999-1448 | 2001-09-12 | Eudora and Eudora Light before 3.05 allows remote attackers to cause a crash and corrupt the user's mailbox via an e-mail message with certain dates, such as (1) dates before... |
| CVE-1999-1449 | 2001-09-12 | SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device. |
| CVE-1999-1450 | 2001-09-12 | Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX OpenServer 5.0.5 and earlier, and SCO UnixWare 7.0.1 and earlier, allows remote attackers to gain privileges. |
| CVE-1999-1451 | 2001-09-12 | The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows remote attackers to read arbitrary files. |
| CVE-1999-1453 | 2001-09-12 | Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object. |
| CVE-1999-1454 | 2001-09-12 | Macromedia "The Matrix" screen saver on Windows 95 with the "Password protected" option enabled allows attackers with physical access to the machine to bypass the password prompt by pressing the... |
| CVE-1999-1457 | 2001-09-12 | Buffer overflow in thttpd HTTP server before 2.04-31 allows remote attackers to execute arbitrary commands via a long date string, which is not properly handled by the tdate_parse function. |
| CVE-1999-1458 | 2001-09-12 | Buffer overflow in at program in Digital UNIX 4.0 allows local users to gain root privileges via a long command line argument. |
| CVE-1999-1459 | 2001-09-12 | BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file. |
| CVE-1999-1460 | 2001-09-12 | BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program. |
| CVE-1999-1461 | 2001-09-12 | inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH environmental variable to find and execute the ttsession program, which allows local users to obtain root access by... |
| CVE-1999-1462 | 2001-09-12 | Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attackers to read portions of arbitrary files. |
| CVE-1999-1463 | 2001-09-12 | Windows NT 4.0 before SP3 allows remote attackers to bypass firewall restrictions or cause a denial of service (crash) by sending improperly fragmented IP packets without the first fragment, which... |
| CVE-1999-1464 | 2001-09-12 | Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled... |
| CVE-1999-1465 | 2001-09-12 | Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled... |