Unknown · CVSS Not scored
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass."
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Worm HTTP server allows remote attackers to cause a denial of service via a long URL.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AIX techlibss allows local users to overwrite files via a symlink attack.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions.
Published Jan 22, 2001 · Updated Aug 8, 2024