Lista CVE - 2001 / Gennaio
Visualizzazione 1 - 100 di 232 CVE per Gennaio 2001 (Pagina 1 di 3)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2000-0080 | 2001-01-22 | AIX techlibss allows local users to overwrite files via a symlink attack. |
| CVE-2000-0111 | 2001-01-22 | The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions. |
| CVE-2000-0252 | 2001-01-22 | The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable. |
| CVE-2000-0253 | 2001-01-22 | The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields. |
| CVE-2000-0254 | 2001-01-22 | The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form... |
| CVE-2000-0255 | 2001-01-22 | The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program. |
| CVE-2000-0276 | 2001-01-22 | BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37. |
| CVE-2000-0278 | 2001-01-22 | The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user. |
| CVE-2000-0283 | 2001-01-22 | The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. |
| CVE-2000-0287 | 2001-01-22 | The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter. |
| CVE-2000-0292 | 2001-01-22 | The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash. |
| CVE-2000-0296 | 2001-01-22 | fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck. |
| CVE-2000-0341 | 2001-01-22 | ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name. |
| CVE-2000-0488 | 2001-01-22 | Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command. |
| CVE-2000-0498 | 2001-01-22 | Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. |
| CVE-2000-0523 | 2001-01-22 | Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command. |
| CVE-2000-0542 | 2001-01-22 | Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds. |
| CVE-2000-0565 | 2001-01-22 | SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack. |
| CVE-2000-0672 | 2001-01-22 | The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add... |
| CVE-2000-0679 | 2001-01-22 | The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files. |
| CVE-2000-0698 | 2001-01-22 | Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack. |
| CVE-2000-0702 | 2001-01-22 | The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file. |
| CVE-2000-0716 | 2001-01-22 | WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web... |
| CVE-2000-0729 | 2001-01-22 | FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header. |
| CVE-2000-0732 | 2001-01-22 | Worm HTTP server allows remote attackers to cause a denial of service via a long URL. |
| CVE-2000-0738 | 2001-01-22 | WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield... |
| CVE-2000-0749 | 2001-01-22 | Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system. |
| CVE-2000-0762 | 2001-01-22 | The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges. |
| CVE-2000-0764 | 2001-01-22 | Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet. |
| CVE-2000-0766 | 2001-01-22 | Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request. |
| CVE-2000-0783 | 2001-01-22 | Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100. |
| CVE-2000-0804 | 2001-01-22 | Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass." |
| CVE-2000-0805 | 2001-01-22 | Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets." |
| CVE-2000-0806 | 2001-01-22 | The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass." |
| CVE-2000-0807 | 2001-01-22 | The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability." |
| CVE-2000-0808 | 2001-01-22 | The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time... |
| CVE-2000-0809 | 2001-01-22 | Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service. |
| CVE-2000-0810 | 2001-01-22 | Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack. |
| CVE-2000-0811 | 2001-01-22 | Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields. |
| CVE-2000-0813 | 2001-01-22 | Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP... |
| CVE-2000-0824 | 2001-01-22 | The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary... |
| CVE-2000-0834 | 2001-01-22 | The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to... |
| CVE-2000-0837 | 2001-01-22 | FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes. |
| CVE-2000-0844 | 2001-01-22 | Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and... |
| CVE-2000-0846 | 2001-01-22 | Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to execute arbitrary commands via a long username or password. |
| CVE-2000-0847 | 2001-01-22 | Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header. |
| CVE-2000-0848 | 2001-01-22 | Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header. |
| CVE-2000-0849 | 2001-01-22 | Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service... |
| CVE-2000-0850 | 2001-01-22 | Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL. |
| CVE-2000-0851 | 2001-01-22 | Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. |
| CVE-2000-0852 | 2001-01-22 | Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges. |
| CVE-2000-0853 | 2001-01-22 | YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0858 | 2001-01-22 | Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail,... |
| CVE-2000-0860 | 2001-01-22 | The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP... |
| CVE-2000-0861 | 2001-01-22 | Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. |
| CVE-2000-0862 | 2001-01-22 | Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information. |
| CVE-2000-0863 | 2001-01-22 | Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges. |
| CVE-2000-0864 | 2001-01-22 | Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and... |
| CVE-2000-0865 | 2001-01-22 | Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument. |
| CVE-2000-0867 | 2001-01-22 | Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. |
| CVE-2000-0868 | 2001-01-22 | The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. |
| CVE-2000-0869 | 2001-01-22 | The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method. |
| CVE-2000-0870 | 2001-01-22 | Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string. |
| CVE-2000-0871 | 2001-01-22 | Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server. |
| CVE-2000-0873 | 2001-01-22 | netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities. |
| CVE-2000-0878 | 2001-01-22 | The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field. |
| CVE-2000-0883 | 2001-01-22 | The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents... |
| CVE-2000-0884 | 2001-01-22 | IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the... |
| CVE-2000-0886 | 2001-01-22 | IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File... |
| CVE-2000-0887 | 2001-01-22 | named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on... |
| CVE-2000-0888 | 2001-01-22 | named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug." |
| CVE-2000-0900 | 2001-01-22 | Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot)... |
| CVE-2000-0901 | 2001-01-22 | Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable. |
| CVE-2000-0908 | 2001-01-22 | BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request. |
| CVE-2000-0909 | 2001-01-22 | Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header. |
| CVE-2000-0910 | 2001-01-22 | Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address. |
| CVE-2000-0911 | 2001-01-22 | IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as... |
| CVE-2000-0912 | 2001-01-22 | MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter. |
| CVE-2000-0913 | 2001-01-22 | mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. |
| CVE-2000-0914 | 2001-01-22 | OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests. |
| CVE-2000-0915 | 2001-01-22 | fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name. |
| CVE-2000-0917 | 2001-01-22 | Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands. |
| CVE-2000-0919 | 2001-01-22 | Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0920 | 2001-01-22 | Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that... |
| CVE-2000-0921 | 2001-01-22 | Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. |
| CVE-2000-0922 | 2001-01-22 | Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the... |
| CVE-2000-0923 | 2001-01-22 | authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. |
| CVE-2000-0924 | 2001-01-22 | Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catigory" parameter. |
| CVE-2000-0925 | 2001-01-22 | The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information. |
| CVE-2000-0926 | 2001-01-22 | SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable. |
| CVE-2000-0928 | 2001-01-22 | WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares. |
| CVE-2000-0929 | 2001-01-22 | Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX... |
| CVE-2000-0930 | 2001-01-22 | Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. |
| CVE-2000-0932 | 2001-01-22 | MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service. |
| CVE-2000-0933 | 2001-01-22 | The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to... |
| CVE-2000-0934 | 2001-01-22 | Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. |
| CVE-2000-0935 | 2001-01-22 | Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. |
| CVE-2000-0936 | 2001-01-22 | Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and... |
| CVE-2000-0937 | 2001-01-22 | Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct... |
| CVE-2000-0938 | 2001-01-22 | Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid... |