Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1035 1 Slrn Development Team 1 Slrn 2026-04-16 N/A
Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post.
CVE-2001-1036 2 Gnu, Slackware 2 Findutils, Slackware Linux 2026-04-16 N/A
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.
CVE-2001-1038 1 Cisco 1 Sn 5420 Storage Router Firmware 2026-04-16 N/A
Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023.
CVE-2001-1041 1 Oracle 1 Database Server 2026-04-16 N/A
oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable.
CVE-2001-1044 1 Basilix 1 Basilix Webmail 2026-04-16 N/A
Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.
CVE-2001-1047 1 Openbsd 1 Openbsd 2026-04-16 N/A
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
CVE-2001-1051 1 Dark Hart Portal 1 Darkportal-unix 2026-04-16 N/A
Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
CVE-2004-2207 1 Ideal Science 1 Idealbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2001-1056 1 Linux 1 Linux Kernel 2026-04-16 N/A
IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.
CVE-2001-1066 1 Sun 1 Solaris 2026-04-16 N/A
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
CVE-2001-1068 1 Qualcomm 1 Qpopper 2026-04-16 N/A
qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system.
CVE-2001-1069 1 Adobe 1 Acrobat Reader 2026-04-16 N/A
libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior.
CVE-2001-1070 1 Sage Software 1 Mas 200 2026-04-16 N/A
Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters.
CVE-2001-1071 1 Cisco 2 Catos, Ios 2026-04-16 N/A
Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements.
CVE-2001-1074 1 Webmin 1 Webmin 2026-04-16 N/A
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
CVE-2001-1080 1 Ibm 1 Aix 2026-04-16 N/A
diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program.
CVE-2001-1082 2 Lucent, Simon Horms 2 Radius, Radius 2026-04-16 N/A
Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2001-1084 1 Macromedia 1 Jrun 2026-04-16 N/A
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.
CVE-2001-1086 1 Xfree86 Project 1 X11r6 2026-04-16 N/A
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
CVE-2001-1087 1 Network Appliance 1 Netcache 2026-04-16 N/A
The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device.