Total
28799 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1526 | 1 Easyscripts | 1 Easynews | 2008-09-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter. | |||||
CVE-2001-1525 | 1 Easyscripts | 1 Easynews | 2008-09-05 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter. | |||||
CVE-2001-1523 | 1 Dmozgateway | 1 Dmozgateway | 2008-09-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter. | |||||
CVE-2001-1522 | 1 Francisco Burzi | 1 Php-nuke | 2008-09-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message. | |||||
CVE-2001-1520 | 1 Intel | 1 Xircom Rex 6000 | 2008-09-05 | 2.1 LOW | N/A |
Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN. | |||||
CVE-2001-1516 | 1 Hans Wolters | 1 Phpreview | 2008-09-05 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews. | |||||
CVE-2001-1514 | 1 Macromedia | 1 Coldfusion | 2008-09-05 | 10.0 HIGH | N/A |
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. | |||||
CVE-2001-1511 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570". | |||||
CVE-2001-1510 | 1 Macromedia | 1 Jrun | 2008-09-05 | 5.0 MEDIUM | N/A |
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. | |||||
CVE-2001-1465 | 1 Surfcontrol | 1 Superscout Web Filter | 2008-09-05 | 4.6 MEDIUM | N/A |
SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements. | |||||
CVE-2001-1416 | 1 Aol | 1 Instant Messenger | 2008-09-05 | 5.1 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags. | |||||
CVE-2001-1382 | 1 Openbsd | 1 Openssh | 2008-09-05 | 5.0 MEDIUM | N/A |
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used. | |||||
CVE-2001-1375 | 2 Conectiva, Redhat | 2 Linux, Linux | 2008-09-05 | 4.6 MEDIUM | N/A |
tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory. | |||||
CVE-2001-1366 | 1 Netscript Project | 1 Netscript | 2008-09-05 | 5.0 MEDIUM | N/A |
netscript before 1.6.3 parses dynamic variables, which could allow remote attackers to alter program behavior or obtain sensitive information. | |||||
CVE-2001-1365 | 1 Osi Codes Inc. | 1 Intragnat | 2008-09-05 | 7.5 HIGH | N/A |
Vulnerability in IntraGnat before 1.4. | |||||
CVE-2001-1364 | 1 Project Purple | 1 Autodns | 2008-09-05 | 7.5 HIGH | N/A |
Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified. | |||||
CVE-2001-1363 | 1 Phpwebsite Development Team | 1 Phpwebsite | 2008-09-05 | 10.0 HIGH | N/A |
Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges. | |||||
CVE-2001-1362 | 1 Horsburgh | 1 Npulse | 2008-09-05 | 7.5 HIGH | N/A |
Vulnerability in the server for nPULSE before 0.53p4. | |||||
CVE-2001-1361 | 1 Twig Development Team | 1 Twig | 2008-09-05 | 7.5 HIGH | N/A |
Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links. | |||||
CVE-2001-1360 | 1 Mostang | 1 Sane | 2008-09-05 | 7.2 HIGH | N/A |
Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned. |