SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
Max CVSS
4.6
EPSS Score
0.11%
Published
2001-08-03
Updated
2017-07-11
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
Max CVSS
7.5
EPSS Score
0.74%
Published
2001-08-24
Updated
2017-07-11
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
Max CVSS
7.5
EPSS Score
1.63%
Published
2001-08-31
Updated
2024-02-08
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.
Max CVSS
7.5
EPSS Score
0.60%
Published
2001-08-27
Updated
2017-07-11
KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.
Max CVSS
5.0
EPSS Score
0.34%
Published
2001-08-27
Updated
2017-07-11
Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination.
Max CVSS
7.5
EPSS Score
5.39%
Published
2001-08-29
Updated
2016-10-18
The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.
Max CVSS
7.5
EPSS Score
0.35%
Published
2001-08-29
Updated
2017-07-11
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
Max CVSS
10.0
EPSS Score
1.01%
Published
2001-08-04
Updated
2008-09-05
ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.
Max CVSS
5.0
EPSS Score
0.38%
Published
2001-08-17
Updated
2016-10-18
Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header.
Max CVSS
5.0
EPSS Score
0.25%
Published
2001-08-03
Updated
2008-09-05
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
Max CVSS
1.2
EPSS Score
0.04%
Published
2001-08-07
Updated
2008-09-05
Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command.
Max CVSS
5.0
EPSS Score
0.51%
Published
2001-08-21
Updated
2008-09-05
Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password.
Max CVSS
5.0
EPSS Score
1.12%
Published
2001-08-22
Updated
2008-09-10
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.
Max CVSS
7.5
EPSS Score
0.97%
Published
2001-08-13
Updated
2008-09-05
Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.
Max CVSS
7.5
EPSS Score
0.49%
Published
2001-08-07
Updated
2008-09-05
Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.
Max CVSS
5.0
EPSS Score
0.33%
Published
2001-08-07
Updated
2008-09-05
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
Max CVSS
10.0
EPSS Score
0.41%
Published
2001-08-07
Updated
2008-09-05
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.
Max CVSS
5.0
EPSS Score
1.08%
Published
2001-08-07
Updated
2008-09-05
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
Max CVSS
5.0
EPSS Score
0.16%
Published
2001-08-14
Updated
2018-10-30
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
Max CVSS
5.0
EPSS Score
0.21%
Published
2001-08-14
Updated
2017-12-19
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
Max CVSS
5.0
EPSS Score
0.33%
Published
2001-08-14
Updated
2017-10-10
Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter.
Max CVSS
5.0
EPSS Score
1.32%
Published
2001-08-29
Updated
2008-09-10
linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.
Max CVSS
5.0
EPSS Score
0.22%
Published
2001-08-21
Updated
2008-09-05
Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode.
Max CVSS
7.5
EPSS Score
0.69%
Published
2001-08-12
Updated
2008-09-05
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
Max CVSS
9.8
EPSS Score
0.44%
Published
2001-08-23
Updated
2024-02-16
205 vulnerabilities found
1 2 3 4 5 6 7 8 9
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!