prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
Max CVSS
8.8
EPSS Score
1.57%
Published
2001-07-31
Updated
2024-02-15
Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.
Max CVSS
6.8
EPSS Score
0.38%
Published
2001-07-02
Updated
2017-07-11
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.
Max CVSS
7.5
EPSS Score
0.99%
Published
2001-07-11
Updated
2017-07-11
Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.
Max CVSS
5.0
EPSS Score
1.14%
Published
2001-07-05
Updated
2017-12-19
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.
Max CVSS
7.5
EPSS Score
0.34%
Published
2001-07-01
Updated
2024-02-02
tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-07-19
Updated
2008-09-05
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
Max CVSS
7.2
EPSS Score
0.04%
Published
2001-07-19
Updated
2017-10-10
MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments.
Max CVSS
5.0
EPSS Score
0.57%
Published
2001-07-18
Updated
2017-10-10
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
Max CVSS
10.0
EPSS Score
25.45%
Published
2001-07-21
Updated
2016-10-18
The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.
Max CVSS
10.0
EPSS Score
1.01%
Published
2001-07-19
Updated
2017-10-10
netscript before 1.6.3 parses dynamic variables, which could allow remote attackers to alter program behavior or obtain sensitive information.
Max CVSS
5.0
EPSS Score
0.54%
Published
2001-07-19
Updated
2008-09-05
Vulnerability in IntraGnat before 1.4.
Max CVSS
7.5
EPSS Score
0.51%
Published
2001-07-19
Updated
2008-09-05
Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified.
Max CVSS
7.5
EPSS Score
0.51%
Published
2001-07-19
Updated
2008-09-05
Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges.
Max CVSS
10.0
EPSS Score
0.25%
Published
2001-07-19
Updated
2008-09-05
Vulnerability in the server for nPULSE before 0.53p4.
Max CVSS
7.5
EPSS Score
0.51%
Published
2001-07-19
Updated
2008-09-05
Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.
Max CVSS
7.5
EPSS Score
0.25%
Published
2001-07-19
Updated
2008-09-05
Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned.
Max CVSS
7.2
EPSS Score
0.04%
Published
2001-07-19
Updated
2008-09-05
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
Max CVSS
10.0
EPSS Score
0.78%
Published
2001-07-20
Updated
2017-12-19
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-07-20
Updated
2017-12-19
xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.
Max CVSS
3.6
EPSS Score
0.04%
Published
2001-07-10
Updated
2008-09-10
Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.
Max CVSS
7.5
EPSS Score
0.71%
Published
2001-07-16
Updated
2008-09-05

CVE-2001-1320

Public exploit
Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.
Max CVSS
7.5
EPSS Score
45.91%
Published
2001-07-16
Updated
2017-12-19
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
Max CVSS
5.0
EPSS Score
2.69%
Published
2001-07-16
Updated
2020-04-09
Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
Max CVSS
7.5
EPSS Score
8.56%
Published
2001-07-16
Updated
2008-09-05
Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstrated by the PROTOS LDAPv3 test suite.
Max CVSS
7.5
EPSS Score
4.71%
Published
2001-07-16
Updated
2008-09-05
190 vulnerabilities found
1 2 3 4 5 6 7 8
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!