Lista CVE - 2001 / Maggio
Visualizzazione 201 - 292 di 292 CVE per Maggio 2001 (Pagina 3 di 3)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2001-0242 | 2001-05-24 | Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a... |
| CVE-2001-0246 | 2001-05-24 | Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the... |
| CVE-2001-0247 | 2001-05-24 | Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3)... |
| CVE-2001-0248 | 2001-05-24 | Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate... |
| CVE-2001-0249 | 2001-05-24 | Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate... |
| CVE-2001-0262 | 2001-05-24 | Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL. |
| CVE-2001-0263 | 2001-05-24 | Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the... |
| CVE-2001-0264 | 2001-05-24 | Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes... |
| CVE-2001-0328 | 2001-05-24 | TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range... |
| CVE-2001-0329 | 2001-05-24 | Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who... |
| CVE-2001-0332 | 2001-05-24 | Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the... |
| CVE-2001-0337 | 2001-05-24 | The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests. |
| CVE-2001-0354 | 2001-05-24 | TheNet CheckBO 1.56 allows remote attackers to cause a denial of service via a flood of characters to the TCP ports which it is listening on. |
| CVE-2001-0355 | 2001-05-24 | Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies. |
| CVE-2001-0358 | 2001-05-24 | Buffer overflows in Sierra Half-Life build 1573 and earlier allow remote attackers to execute arbitrary code via (1) a long map command, (2) a long exec command, or (3) long... |
| CVE-2001-0359 | 2001-05-24 | Format string vulnerability in Sierra Half-Life build 1573 and earlier allows a remote attacker to execute arbitrary code via the map command. |
| CVE-2001-0360 | 2001-05-24 | Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and earlier allows a remote attacker to read arbitrary files via a .. (dot dot) attack in the helpon parameter. |
| CVE-2001-0367 | 2001-05-24 | Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters. |
| CVE-2001-0369 | 2001-05-24 | Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a local attacker to obtain root access via a long command line argument (non-existent printer name). |
| CVE-2001-0370 | 2001-05-24 | fcheck prior to 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters. |
| CVE-2001-0372 | 2001-05-24 | Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores... |
| CVE-2001-0374 | 2001-05-24 | The HTTP server in Compaq web-enabled management software for (1) Foundation Agents, (2) Survey, (3) Power Manager, (4) Availability Agents, (5) Intelligent Cluster Administrator, and (6) Insight Manager can be... |
| CVE-2001-0376 | 2001-05-24 | SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the... |
| CVE-2001-0380 | 2001-05-24 | Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'. |
| CVE-2001-0381 | 2001-05-24 | The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a... |
| CVE-2001-0382 | 2001-05-24 | Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application. |
| CVE-2001-0384 | 2001-05-24 | ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file. |
| CVE-2001-0385 | 2001-05-24 | GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. |
| CVE-2001-0389 | 2001-05-24 | IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. |
| CVE-2001-0390 | 2001-05-24 | IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters. |
| CVE-2001-0391 | 2001-05-24 | Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory. |
| CVE-2001-0392 | 2001-05-24 | Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which... |
| CVE-2001-0393 | 2001-05-24 | Navision Financials Server 2.0 allows remote attackers to cause a denial of service via a series of connections to the server without providing a username/password combination, which consumes the license... |
| CVE-2001-0395 | 2001-05-24 | Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing. |
| CVE-2001-0396 | 2001-05-24 | The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users. |
| CVE-2001-0397 | 2001-05-24 | Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long SMTP HELO command. |
| CVE-2001-0398 | 2001-05-24 | The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also... |
| CVE-2001-0399 | 2001-05-24 | Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request. |
| CVE-2001-0400 | 2001-05-24 | nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address. |
| CVE-2001-0401 | 2001-05-24 | Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable. |
| CVE-2001-0403 | 2001-05-24 | /opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI. |
| CVE-2001-0404 | 2001-05-24 | Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory. |
| CVE-2001-0406 | 2001-05-24 | Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput... |
| CVE-2001-0410 | 2001-05-24 | Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long "From" header. |
| CVE-2001-0411 | 2001-05-24 | Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source... |
| CVE-2001-0415 | 2001-05-24 | REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts. |
| CVE-2001-0417 | 2001-05-24 | Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. |
| CVE-2001-0418 | 2001-05-24 | content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter. |
| CVE-2001-0419 | 2001-05-24 | Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands... |
| CVE-2001-0420 | 2001-05-24 | Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter. |
| CVE-2001-0421 | 2001-05-24 | FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username... |
| CVE-2001-0424 | 2001-05-24 | BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id. |
| CVE-2001-0425 | 2001-05-24 | AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that... |
| CVE-2001-0426 | 2001-05-24 | Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable. |
| CVE-2001-0431 | 2001-05-24 | Vulnerability in iPlanet Web Server Enterprise Edition 4.x. |
| CVE-2001-0432 | 2001-05-24 | Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands. |
| CVE-2001-0433 | 2001-05-24 | Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header. |
| CVE-2001-0435 | 2001-05-24 | The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and... |
| CVE-2001-0436 | 2001-05-24 | dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter... |
| CVE-2001-0437 | 2001-05-24 | upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file. |
| CVE-2001-0438 | 2001-05-24 | Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu. |
| CVE-2001-0441 | 2001-05-24 | Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. |
| CVE-2001-0443 | 2001-05-24 | Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via (1) a long username, or... |
| CVE-2001-0446 | 2001-05-24 | IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL. |
| CVE-2001-0447 | 2001-05-24 | Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot)... |
| CVE-2001-0448 | 2001-05-24 | Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories... |
| CVE-2001-0450 | 2001-05-24 | Directory traversal vulnerability in Transsoft FTP Broker before 5.5 allows attackers to (1) delete arbitrary files via DELETE, or (2) list arbitrary directories via LIST, via a .. (dot dot)... |
| CVE-2001-0451 | 2001-05-24 | INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1. |
| CVE-2001-0452 | 2001-05-24 | BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command. |
| CVE-2001-0453 | 2001-05-24 | Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts... |
| CVE-2001-0454 | 2001-05-24 | Directory traversal vulnerability in SlimServe HTTPd 1.1a allows remote attackers to read arbitrary files via a ... (modified dot dot) in the HTTP request. |
| CVE-2001-0458 | 2001-05-24 | Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands. |
| CVE-2001-0459 | 2001-05-24 | Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option. |
| CVE-2001-0460 | 2001-05-24 | Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header. |
| CVE-2001-0464 | 2001-05-24 | Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter. |
| CVE-2001-0466 | 2001-05-24 | Directory traversal vulnerability in ustorekeeper 1.61 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. |
| CVE-2001-0468 | 2001-05-24 | Buffer overflow in FTPFS allows local users to gain root privileges via a long user name. |
| CVE-2001-0470 | 2001-05-24 | Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name. |
| CVE-2001-0471 | 2001-05-24 | SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute... |
| CVE-2001-0472 | 2001-05-24 | Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request. |
| CVE-2001-0476 | 2001-05-24 | Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a... |
| CVE-2001-0477 | 2001-05-24 | Vulnerability in WebCalendar 0.9.26 allows remote command execution. |
| CVE-2001-0478 | 2001-05-24 | Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. |
| CVE-2001-0479 | 2001-05-24 | Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script. |
| CVE-2001-0480 | 2001-05-24 | Directory traversal vulnerability in Alex's FTP Server 0.7 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the (1) GET or (2) CD commands. |
| CVE-2001-0483 | 2001-05-24 | Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set. |
| CVE-2001-0484 | 2001-05-24 | Tektronix PhaserLink 850 does not require authentication for access to configuration pages such as _ncl_subjects.shtml and _ncl_items.shtml, which allows remote attackers to modify configuration information and cause a denial of... |
| CVE-2001-0490 | 2001-05-24 | Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file. |
| CVE-2001-0491 | 2001-05-24 | Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2)... |
| CVE-2001-0492 | 2001-05-24 | Netcruiser Web server version 0.1.2.8 and earlier allows remote attackers to determine the physical path of the server via a URL containing (1) con, (2) com2, or (3) com3. |
| CVE-2001-0496 | 2001-05-24 | kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges. |
| CVE-2001-0349 | 2001-07-27 | Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe... |
| CVE-2001-0350 | 2001-07-27 | Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe... |
| CVE-2001-0352 | 2001-07-27 | SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point allow remote attackers to obtain the WEP encryption key by reading it from a MIB when the value should... |
| CVE-2001-0357 | 2001-07-27 | FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters. |
| CVE-2001-0498 | 2001-07-27 | Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a... |
| CVE-2001-0499 | 2001-07-27 | Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2)... |
| CVE-2001-0515 | 2001-07-27 | Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value. |
| CVE-2001-0516 | 2001-07-27 | Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does... |
| CVE-2001-0519 | 2001-07-27 | Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags. |