High · CVSS 7.5
Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.
Published Nov 22, 2001 · Updated Apr 23, 2025
Unknown · CVSS Not scored
Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS, (4) PORT, (5) DELE, (6) REST, (7) RMD, or (8) MKD.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability."
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.
Published Nov 30, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file.
Published Nov 30, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status.
Published Nov 28, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request.
Published Nov 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges.
Published Nov 22, 2001 · Updated Aug 8, 2024