Total
29753 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1156 | 1 Typsoft | 1 Typsoft Ftp Server | 2025-04-03 | N/A |
| TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR. | ||||
| CVE-2001-1157 | 1 Baltimore Technologies | 1 Websweeper | 2025-04-03 | N/A |
| Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode. | ||||
| CVE-2001-1159 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | N/A |
| load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. | ||||
| CVE-2001-1164 | 1 Caldera | 1 Unixware | 2025-04-03 | N/A |
| Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt. | ||||
| CVE-2001-1168 | 1 Phpmyexplorer | 2 Phpmyexplorer Classic, Phpmyexplorer Multiuser | 2025-04-03 | N/A |
| Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter. | ||||
| CVE-2001-1169 | 1 Bell Communications Research | 1 S Key | 2025-04-03 | N/A |
| keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo. | ||||
| CVE-2001-1173 | 1 Masqmail | 1 Masqmail | 2025-04-03 | N/A |
| Vulnerability in MasqMail before 0.1.15 allows local users to gain privileges via piped aliases. | ||||
| CVE-2001-1174 | 2 Elm Development Group, Redhat | 2 Elm, Linux | 2025-04-03 | N/A |
| Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header. | ||||
| CVE-2001-1180 | 1 Freebsd | 1 Freebsd | 2025-04-03 | N/A |
| FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child. | ||||
| CVE-2001-1183 | 1 Cisco | 1 Ios | 2025-04-03 | N/A |
| PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. | ||||
| CVE-2002-2107 | 1 Veridis | 1 Openkeyserver | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the lookup script in Veridis OpenKeyServer (OKS) 1.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2001-1193 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2025-04-03 | N/A |
| Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command. | ||||
| CVE-2001-1199 | 1 Steve Kneizys | 1 Agora.cgi | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter. | ||||
| CVE-2001-1207 | 1 Daydream | 1 Daydream Bbs | 2025-04-03 | N/A |
| Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA. | ||||
| CVE-2001-1212 | 1 Aktivate | 1 Aktivate | 2025-04-03 | N/A |
| Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter. | ||||
| CVE-2001-1219 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | N/A |
| Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. | ||||
| CVE-2001-1223 | 1 Elsa | 1 Lancom 1100 Office | 2025-04-03 | N/A |
| The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server. | ||||
| CVE-2001-1224 | 1 Les Vanbrunt | 1 Adrotate Pro | 2025-04-03 | N/A |
| get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack. | ||||
| CVE-2001-1228 | 1 Gnu | 1 Gzip | 2025-04-03 | N/A |
| Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server. | ||||
| CVE-2001-1234 | 1 Gallery Project | 1 Gallery | 2025-04-03 | N/A |
| Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable. | ||||