In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system.
Max CVSS
4.6
EPSS Score
0.04%
Published
1991-12-06
Updated
2022-08-17
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
Max CVSS
7.5
EPSS Score
1.00%
Published
1999-02-08
Updated
2018-10-12
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.
Max CVSS
5.0
EPSS Score
0.24%
Published
1999-08-09
Updated
2018-10-12
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
Max CVSS
10.0
EPSS Score
0.41%
Published
1999-11-18
Updated
2018-08-13
Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled.
Max CVSS
7.5
EPSS Score
0.70%
Published
1998-07-16
Updated
2008-09-05

CVE-2001-0311

Public exploit
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
Max CVSS
4.6
EPSS Score
0.10%
Published
2001-06-02
Updated
2017-10-10

CVE-2001-0537

Public exploit
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
Max CVSS
9.3
EPSS Score
87.68%
Published
2001-07-21
Updated
2017-10-10
Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST.
Max CVSS
7.5
EPSS Score
75.50%
Published
2001-05-30
Updated
2017-12-19
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
Max CVSS
7.5
EPSS Score
2.41%
Published
2001-07-04
Updated
2017-12-19
Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.
Max CVSS
7.5
EPSS Score
1.82%
Published
2001-04-10
Updated
2017-07-11
The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped with a default password, which allows remote attackers to gain unauthorized access.
Max CVSS
7.5
EPSS Score
3.65%
Published
2001-05-24
Updated
2017-07-11
Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access.
Max CVSS
7.5
EPSS Score
2.26%
Published
2001-06-11
Updated
2017-07-11
Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779.
Max CVSS
7.5
EPSS Score
0.21%
Published
2001-12-31
Updated
2008-09-05
Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-12-31
Updated
2008-09-05
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.
Max CVSS
7.5
EPSS Score
0.23%
Published
2001-12-31
Updated
2024-02-10
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.
Max CVSS
6.8
EPSS Score
0.89%
Published
2001-12-31
Updated
2017-07-29
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.
Max CVSS
2.1
EPSS Score
7.17%
Published
2002-08-12
Updated
2020-04-02
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
Max CVSS
5.0
EPSS Score
94.12%
Published
2002-07-03
Updated
2017-07-11
Alcatel OmniPCX 4400 installs known user accounts and passwords in the /etc/password file by default, which allows remote attackers to gain unauthorized access.
Max CVSS
10.0
EPSS Score
1.38%
Published
2002-12-31
Updated
2017-07-11
SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 allows remote attackers to bypass authentication and gain unauthorized access via the password field.
Max CVSS
10.0
EPSS Score
0.29%
Published
2002-12-31
Updated
2017-07-11
Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password.
Max CVSS
10.0
EPSS Score
1.94%
Published
2002-12-31
Updated
2008-09-05
The admin.html file in MySimple News 1.0 stores its administrative password in plaintext, which allows remote attackers to gain unauthorized access to the web server by viewing the source of admin.html.
Max CVSS
7.5
EPSS Score
3.24%
Published
2002-12-31
Updated
2008-09-05
Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions.
Max CVSS
10.0
EPSS Score
0.86%
Published
2002-12-31
Updated
2017-07-29
Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0.
Max CVSS
10.0
EPSS Score
39.41%
Published
2002-12-31
Updated
2008-09-05
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges.
Max CVSS
10.0
EPSS Score
4.76%
Published
2002-12-31
Updated
2008-09-05
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!