Lista CVE - 2001 / Maggio
Visualizzazione 1 - 100 di 292 CVE per Maggio 2001 (Pagina 1 di 3)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-1999-0223 | 2001-05-07 | Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry. |
| CVE-1999-0268 | 2001-05-07 | MetaInfo MetaWeb web server allows users to upload, execute, and read scripts. |
| CVE-1999-0608 | 2001-05-07 | An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information. |
| CVE-1999-0681 | 2001-05-07 | Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL. |
| CVE-1999-0729 | 2001-05-07 | Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request. |
| CVE-1999-0758 | 2001-05-07 | Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL. |
| CVE-1999-0760 | 2001-05-07 | Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges. |
| CVE-1999-0800 | 2001-05-07 | The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm. |
| CVE-1999-0922 | 2001-05-07 | An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. |
| CVE-1999-0924 | 2001-05-07 | The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service. |
| CVE-1999-0945 | 2001-05-07 | Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands. |
| CVE-2000-0120 | 2001-05-07 | The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. |
| CVE-2000-0302 | 2001-05-07 | Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL. |
| CVE-2000-0306 | 2001-05-07 | Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message. |
| CVE-2000-0307 | 2001-05-07 | Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024. |
| CVE-2000-0308 | 2001-05-07 | Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges. |
| CVE-2000-0309 | 2001-05-07 | The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service. |
| CVE-2000-0310 | 2001-05-07 | IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets. |
| CVE-2000-0313 | 2001-05-07 | Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations. |
| CVE-2000-0314 | 2001-05-07 | traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets... |
| CVE-2000-0315 | 2001-05-07 | traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks. |
| CVE-2000-0348 | 2001-05-07 | A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges. |
| CVE-2000-0349 | 2001-05-07 | Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service. |
| CVE-2000-0351 | 2001-05-07 | Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages. |
| CVE-2000-0368 | 2001-05-07 | Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to... |
| CVE-2000-0375 | 2001-05-07 | The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files. |
| CVE-2000-0504 | 2001-05-07 | libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. |
| CVE-2000-0541 | 2001-05-07 | The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command. |
| CVE-2000-0573 | 2001-05-07 | The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. |
| CVE-2000-0577 | 2001-05-07 | Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0622 | 2001-05-07 | Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter. |
| CVE-2000-0650 | 2001-05-07 | The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by... |
| CVE-2000-0693 | 2001-05-07 | pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying... |
| CVE-2000-0694 | 2001-05-07 | pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack. |
| CVE-2000-0717 | 2001-05-07 | GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands. |
| CVE-2000-0720 | 2001-05-07 | news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an... |
| CVE-2000-0726 | 2001-05-07 | CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable. |
| CVE-2000-0731 | 2001-05-07 | Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0742 | 2001-05-07 | The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that... |
| CVE-2000-0803 | 2001-05-07 | GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the... |
| CVE-2000-0816 | 2001-05-07 | Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters. |
| CVE-2000-0818 | 2001-05-07 | The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the... |
| CVE-2000-0829 | 2001-05-07 | The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories... |
| CVE-2000-0854 | 2001-05-07 | When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to... |
| CVE-2000-0856 | 2001-05-07 | Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request. |
| CVE-2000-0874 | 2001-05-07 | Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF). |
| CVE-2000-0875 | 2001-05-07 | WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters. |
| CVE-2000-0876 | 2001-05-07 | WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname. |
| CVE-2000-0890 | 2001-05-07 | periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack. |
| CVE-2000-0896 | 2001-05-07 | WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets. |
| CVE-2000-0927 | 2001-05-07 | WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions. |
| CVE-2000-0964 | 2001-05-07 | Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET... |
| CVE-2000-1075 | 2001-05-07 | Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End... |
| CVE-2000-1108 | 2001-05-07 | cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a... |
| CVE-2000-1109 | 2001-05-07 | Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories... |
| CVE-2000-1119 | 2001-05-07 | Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument. |
| CVE-2000-1121 | 2001-05-07 | Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument. |
| CVE-2000-1122 | 2001-05-07 | Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument. |
| CVE-2000-1123 | 2001-05-07 | Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands. |
| CVE-2000-1124 | 2001-05-07 | Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables. |
| CVE-2000-1164 | 2001-05-07 | WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as... |
| CVE-2000-1165 | 2001-05-07 | Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier. |
| CVE-2000-1170 | 2001-05-07 | Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request. |
| CVE-2000-1171 | 2001-05-07 | Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter. |
| CVE-2000-1174 | 2001-05-07 | Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username. |
| CVE-2000-1180 | 2001-05-07 | Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument. |
| CVE-2001-0002 | 2001-05-07 | Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help... |
| CVE-2001-0003 | 2001-05-07 | Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM... |
| CVE-2001-0005 | 2001-05-07 | Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands. |
| CVE-2001-0006 | 2001-05-07 | The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause... |
| CVE-2001-0008 | 2001-05-07 | Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures. |
| CVE-2001-0009 | 2001-05-07 | Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack. |
| CVE-2001-0010 | 2001-05-07 | Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges. |
| CVE-2001-0011 | 2001-05-07 | Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. |
| CVE-2001-0012 | 2001-05-07 | BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables. |
| CVE-2001-0013 | 2001-05-07 | Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. |
| CVE-2001-0014 | 2001-05-07 | Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP... |
| CVE-2001-0015 | 2001-05-07 | Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of... |
| CVE-2001-0016 | 2001-05-07 | NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access. |
| CVE-2001-0017 | 2001-05-07 | Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability. |
| CVE-2001-0021 | 2001-05-07 | MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter. |
| CVE-2001-0026 | 2001-05-07 | rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option. |
| CVE-2001-0028 | 2001-05-07 | Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters. |
| CVE-2001-0033 | 2001-05-07 | KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable,... |
| CVE-2001-0034 | 2001-05-07 | KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges. |
| CVE-2001-0035 | 2001-05-07 | Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request. |
| CVE-2001-0036 | 2001-05-07 | KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file. |
| CVE-2001-0039 | 2001-05-07 | IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136... |
| CVE-2001-0040 | 2001-05-07 | APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid... |
| CVE-2001-0041 | 2001-05-07 | Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts. |
| CVE-2001-0043 | 2001-05-07 | phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program. |
| CVE-2001-0050 | 2001-05-07 | Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS... |
| CVE-2001-0053 | 2001-05-07 | One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges. |
| CVE-2001-0054 | 2001-05-07 | Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD... |
| CVE-2001-0055 | 2001-05-07 | CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets. |
| CVE-2001-0056 | 2001-05-07 | The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection. |
| CVE-2001-0057 | 2001-05-07 | Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet. |
| CVE-2001-0058 | 2001-05-07 | The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a... |
| CVE-2001-0059 | 2001-05-07 | patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack. |
| CVE-2001-0060 | 2001-05-07 | Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username. |