NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
Max CVSS
10.0
EPSS Score
1.01%
Published
2001-08-04
Updated
2008-09-05
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
Max CVSS
10.0
EPSS Score
0.41%
Published
2001-08-07
Updated
2008-09-05
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
Max CVSS
9.8
EPSS Score
0.44%
Published
2001-08-23
Updated
2024-02-16
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command.
Max CVSS
10.0
EPSS Score
0.28%
Published
2001-08-13
Updated
2017-10-10
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.
Max CVSS
10.0
EPSS Score
2.16%
Published
2001-08-31
Updated
2017-10-10
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error.
Max CVSS
10.0
EPSS Score
0.52%
Published
2001-08-31
Updated
2008-09-05
Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.
Max CVSS
10.0
EPSS Score
12.09%
Published
2001-08-31
Updated
2017-10-10
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
Max CVSS
10.0
EPSS Score
0.58%
Published
2001-08-31
Updated
2008-09-05
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
Max CVSS
10.0
EPSS Score
1.24%
Published
2001-08-31
Updated
2011-02-16
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
Max CVSS
10.0
EPSS Score
0.21%
Published
2001-08-31
Updated
2017-10-10
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."
Max CVSS
10.0
EPSS Score
0.87%
Published
2001-08-31
Updated
2017-07-11
ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.
Max CVSS
10.0
EPSS Score
0.40%
Published
2001-08-31
Updated
2017-10-10
Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges.
Max CVSS
10.0
EPSS Score
0.88%
Published
2001-08-31
Updated
2008-09-05
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing.
Max CVSS
9.8
EPSS Score
0.32%
Published
2001-08-31
Updated
2024-02-14
Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command.
Max CVSS
10.0
EPSS Score
1.06%
Published
2001-08-31
Updated
2008-09-05
HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.
Max CVSS
10.0
EPSS Score
0.99%
Published
2001-08-14
Updated
2017-10-10
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
Max CVSS
10.0
EPSS Score
1.28%
Published
2001-08-02
Updated
2024-02-15
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
Max CVSS
10.0
EPSS Score
81.88%
Published
2001-08-14
Updated
2017-07-11
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
Max CVSS
10.0
EPSS Score
0.92%
Published
2001-08-14
Updated
2022-01-21
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
Max CVSS
10.0
EPSS Score
5.45%
Published
2001-08-14
Updated
2018-10-12
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
Max CVSS
10.0
EPSS Score
3.59%
Published
2001-08-14
Updated
2017-10-10
21 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!