CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15301 CVE-2002-0198 Exec Code Overflow 2002-05-16 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename.
15302 CVE-2002-0083 189 +Priv 2002-03-15 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
15303 CVE-2002-0048 DoS Exec Code 2002-02-27 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
15304 CVE-2002-0033 Exec Code Overflow 2002-05-29 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
15305 CVE-2002-0018 +Priv 2002-03-08 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
15306 CVE-2002-0013 264 DoS +Priv 2002-02-13 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
15307 CVE-2002-0012 264 DoS +Priv 2002-02-13 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
15308 CVE-2002-0007 2002-01-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.
15309 CVE-2002-0005 Exec Code Overflow 2002-01-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame).
15310 CVE-2001-1594 255 2015-08-04 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
15311 CVE-2001-1586 22 Exec Code Dir. Trav. 2010-02-12 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ ("%2E%2E%2F%") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664.
15312 CVE-2001-1583 Exec Code 2001-12-31 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.
15313 CVE-2001-1574 Exec Code Overflow 2001-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code.
15314 CVE-2001-1573 Exec Code Overflow 2001-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter.
15315 CVE-2001-1514 2001-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.
15316 CVE-2001-1481 +Priv 2001-12-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
15317 CVE-2001-1440 2001-12-21 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system.
15318 CVE-2001-1370 Exec Code 2001-07-21 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
15319 CVE-2001-1367 +Priv 2001-07-19 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.
15320 CVE-2001-1363 +Priv 2001-07-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges.
15321 CVE-2001-1359 2001-06-08 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server.
15322 CVE-2001-1356 2001-08-04 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
15323 CVE-2001-1355 Exec Code Overflow 2001-07-20 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
15324 CVE-2001-1291 2001-07-12 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
15325 CVE-2001-1264 2001-07-19 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
15326 CVE-2001-1260 +Priv 2001-08-07 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
15327 CVE-2001-1252 Bypass 2001-09-28 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
15328 CVE-2001-1240 2001-07-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
15329 CVE-2001-1223 +Priv 2001-12-26 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.
15330 CVE-2001-1220 +Priv 2001-12-21 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.
15331 CVE-2001-1196 +Priv Dir. Trav. 2001-12-17 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
15332 CVE-2001-1163 Exec Code Overflow 2001-06-16 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500.
15333 CVE-2001-1162 Dir. Trav. 2001-06-23 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
15334 CVE-2001-1113 Exec Code Overflow 2001-08-13 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command.
15335 CVE-2001-1080 +Priv 2001-06-19 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program.
15336 CVE-2001-1078 Exec Code +Priv 2001-06-21 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
15337 CVE-2001-1067 DoS Exec Code Overflow 2001-08-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.
15338 CVE-2001-1061 2001-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error.
15339 CVE-2001-1053 +Priv Bypass 2001-07-13 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
15340 CVE-2001-1046 Overflow +Priv 2001-06-02 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.
15341 CVE-2001-1027 Exec Code Overflow 2001-08-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.
15342 CVE-2001-1025 2001-08-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
15343 CVE-2001-1011 +Priv 2001-07-25 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
15344 CVE-2001-1009 264 +Priv 2001-08-31 2011-02-16
10.0
Admin Remote Low Not required Complete Complete Complete
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
15345 CVE-2001-0981 2001-08-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
15346 CVE-2001-0972 +Priv 2001-08-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."
15347 CVE-2001-0969 2001-08-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.
15348 CVE-2001-0968 +Priv 2001-08-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges.
15349 CVE-2001-0966 Dir. Trav. 2001-08-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command.
15350 CVE-2001-0961 Exec Code Overflow 2001-09-18 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.