WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information.
Max CVSS
7.5
EPSS Score
0.33%
Published
2001-10-24
Updated
2017-07-11
Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences.
Max CVSS
7.5
EPSS Score
0.42%
Published
2001-10-22
Updated
2017-07-11
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.
Max CVSS
7.5
EPSS Score
0.28%
Published
2001-10-13
Updated
2017-07-11
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.
Max CVSS
5.0
EPSS Score
0.98%
Published
2001-10-15
Updated
2017-07-11
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.
Max CVSS
7.2
EPSS Score
0.14%
Published
2001-10-17
Updated
2017-07-11
Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image.
Max CVSS
5.0
EPSS Score
1.72%
Published
2001-10-22
Updated
2017-07-11
Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.
Max CVSS
5.0
EPSS Score
0.50%
Published
2001-10-08
Updated
2017-07-11
Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter.
Max CVSS
7.5
EPSS Score
1.07%
Published
2001-10-10
Updated
2017-07-11
AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag.
Max CVSS
5.0
EPSS Score
2.13%
Published
2001-10-06
Updated
2017-07-11
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
Max CVSS
5.0
EPSS Score
3.32%
Published
2001-10-02
Updated
2017-07-11
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file.
Max CVSS
5.0
EPSS Score
2.13%
Published
2001-10-06
Updated
2017-07-11
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data.
Max CVSS
5.0
EPSS Score
2.06%
Published
2001-10-06
Updated
2017-07-11
The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.
Max CVSS
7.5
EPSS Score
3.20%
Published
2001-10-09
Updated
2018-10-30
ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.
Max CVSS
7.2
EPSS Score
0.04%
Published
2001-10-18
Updated
2016-10-18
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
Max CVSS
7.5
EPSS Score
2.48%
Published
2001-10-18
Updated
2018-05-03
Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Max CVSS
5.0
EPSS Score
1.53%
Published
2001-10-02
Updated
2008-09-05
Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Max CVSS
5.0
EPSS Score
0.35%
Published
2001-10-02
Updated
2008-09-10
PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.
Max CVSS
7.5
EPSS Score
1.41%
Published
2001-10-02
Updated
2008-09-10
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Max CVSS
5.0
EPSS Score
0.39%
Published
2001-10-02
Updated
2008-09-10
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
Max CVSS
7.5
EPSS Score
0.84%
Published
2001-10-12
Updated
2008-09-10
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
Max CVSS
7.5
EPSS Score
0.18%
Published
2001-10-12
Updated
2008-09-10
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
Max CVSS
5.0
EPSS Score
0.22%
Published
2001-10-12
Updated
2008-09-10
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
Max CVSS
7.5
EPSS Score
0.29%
Published
2001-10-12
Updated
2008-09-10
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.
Max CVSS
7.5
EPSS Score
1.18%
Published
2001-10-12
Updated
2008-09-10
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
Max CVSS
5.0
EPSS Score
0.24%
Published
2001-10-12
Updated
2008-09-10
142 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!