OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
Max CVSS
7.5
EPSS Score
0.20%
Published
2001-06-19
Updated
2017-07-11
Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access.
Max CVSS
7.5
EPSS Score
2.26%
Published
2001-06-11
Updated
2017-07-11
Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server.
Max CVSS
10.0
EPSS Score
0.75%
Published
2001-06-08
Updated
2017-10-10
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot).
Max CVSS
7.5
EPSS Score
2.51%
Published
2001-06-12
Updated
2017-12-19
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.
Max CVSS
7.5
EPSS Score
2.97%
Published
2001-06-12
Updated
2017-12-19
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
Max CVSS
7.2
EPSS Score
0.04%
Published
2001-06-11
Updated
2008-09-05
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
Max CVSS
7.2
EPSS Score
0.04%
Published
2001-06-11
Updated
2017-04-29
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
3.39%
Published
2001-06-22
Updated
2017-10-10
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
Max CVSS
7.5
EPSS Score
6.36%
Published
2001-06-30
Updated
2008-09-10
Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.
Max CVSS
7.2
EPSS Score
0.04%
Published
2001-06-27
Updated
2008-09-05
Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500.
Max CVSS
10.0
EPSS Score
1.04%
Published
2001-06-16
Updated
2008-09-05
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
Max CVSS
10.0
EPSS Score
1.93%
Published
2001-06-23
Updated
2017-10-10
udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the category_file field.
Max CVSS
7.5
EPSS Score
2.24%
Published
2001-06-18
Updated
2017-10-10
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
Max CVSS
7.5
EPSS Score
3.58%
Published
2001-06-05
Updated
2017-10-10
diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program.
Max CVSS
10.0
EPSS Score
4.21%
Published
2001-06-19
Updated
2017-10-10
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
Max CVSS
10.0
EPSS Score
2.94%
Published
2001-06-21
Updated
2017-12-19
Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.
Max CVSS
10.0
EPSS Score
1.34%
Published
2001-06-02
Updated
2017-10-10
Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header.
Max CVSS
7.5
EPSS Score
0.85%
Published
2001-06-27
Updated
2017-10-10
Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.
Max CVSS
7.5
EPSS Score
0.42%
Published
2001-06-27
Updated
2008-09-05
Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands.
Max CVSS
7.5
EPSS Score
0.28%
Published
2001-06-27
Updated
2018-05-03
Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option.
Max CVSS
7.2
EPSS Score
0.04%
Published
2001-06-27
Updated
2017-10-10
Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set.
Max CVSS
7.5
EPSS Score
0.33%
Published
2001-06-18
Updated
2008-09-05
Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl.
Max CVSS
7.2
EPSS Score
0.05%
Published
2001-06-18
Updated
2017-10-10
Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.
Max CVSS
7.2
EPSS Score
0.05%
Published
2001-06-27
Updated
2017-10-10
Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
Max CVSS
7.5
EPSS Score
1.35%
Published
2001-06-27
Updated
2008-09-05
92 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!