VYPR

CVEs

100,075 total · page 2001 of 2,002

  • CVE-2002-0628HigJan 7, 2003
    risk 0.49cvss 7.5epss 0.02

    The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute force attack.

  • CVE-2002-1872HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.06

    Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.

  • CVE-2002-1721HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte.

  • CVE-2002-1745HigDec 31, 2002
    risk 0.50cvss 7.5epss 0.18

    Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.

  • CVE-2002-2323HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions.

  • CVE-2002-1657HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.01

    PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.

  • CVE-2002-1706HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.01

    Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature,…

  • CVE-2002-2069HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

  • CVE-2002-1697HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.01

    Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information.

  • CVE-2002-1910HigDec 31, 2002
    risk 0.52cvss 7.5epss 0.03

    Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords.

  • CVE-2002-1796HigDec 31, 2002
    risk 0.51cvss 7.8epss 0.00

    ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services.

  • CVE-2002-1800HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.01

    phpRank 1.8 stores the administrative password in plaintext on the server and in the "ap" cookie, which allows remote attackers to retrieve the administrative password.

  • CVE-2002-1810HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration…

  • CVE-2002-2067HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

  • CVE-2002-1912HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.03

    SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets.

  • CVE-2002-1850HigDec 31, 2002
    risk 0.53cvss 7.5epss 0.17

    mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI…

  • CVE-2002-1844HigDec 31, 2002
    risk 0.51cvss 7.8epss 0.01

    Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.

  • CVE-2002-1949HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.01

    The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.

  • CVE-2002-2058HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.01

    TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.

  • CVE-2002-2066HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

  • CVE-2002-2070HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

  • CVE-2002-2068HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.02

    Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

  • CVE-2002-1372HigDec 26, 2002
    risk 0.49cvss 7.5epss 0.03

    Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not…

  • CVE-2002-0969HigOct 11, 2002
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the…

  • CVE-2002-0485HigAug 12, 2002
    risk 0.49cvss 7.5epss 0.01

    Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.

  • CVE-2002-0844HigAug 12, 2002
    risk 0.51cvss 7.8epss 0.01

    Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.

  • CVE-2002-0704HigJul 26, 2002
    risk 0.49cvss 7.5epss 0.03

    The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.

  • CVE-2002-0653HigJul 11, 2002
    risk 0.54cvss 7.8epss 0.01

    Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.

  • CVE-2002-0367HigKEVJun 25, 2002
    risk 0.66cvss 7.8epss 0.05

    smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

  • CVE-2002-0401HigJun 18, 2002
    risk 0.49cvss 7.5epss 0.06

    SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.

  • CVE-2002-0184HigMay 16, 2002
    risk 0.47cvss 7.8epss 0.01

    Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

  • CVE-2002-0051HigApr 4, 2002
    risk 0.51cvss 7.8epss 0.01

    Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.

  • CVE-2001-1546HigDec 31, 2001
    risk 0.54cvss 7.8epss 0.00

    Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.

  • CVE-2001-1537HigDec 31, 2001
    risk 0.49cvss 7.5epss 0.01

    The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.

  • CVE-2001-1515HigDec 31, 2001
    risk 0.49cvss 7.5epss 0.04

    Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.

  • CVE-2001-1536HigDec 31, 2001
    risk 0.49cvss 7.5epss 0.01

    Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.

  • CVE-2001-0827HigDec 6, 2001
    risk 0.49cvss 7.5epss 0.01

    Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.

  • CVE-2001-0830HigDec 6, 2001
    risk 0.52cvss 7.5epss 0.06

    6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server.

  • CVE-2001-0950HigDec 4, 2001
    risk 0.49cvss 7.5epss 0.02

    ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which…

  • CVE-2001-0667HigOct 30, 2001
    risk 0.49cvss 7.3epss 0.15

    Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed,…

  • CVE-2001-0795HigOct 18, 2001
    risk 0.49cvss 7.5epss 0.02

    Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names.

  • CVE-2001-1452HigAug 31, 2001
    risk 0.50cvss 7.5epss 0.09

    By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.

  • CVE-2001-1471HigJul 31, 2001
    risk 0.61cvss 8.8epss 0.08

    prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified…

  • CVE-2001-0497HigJul 21, 2001
    risk 0.51cvss 7.8epss 0.00

    dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.

  • CVE-2001-1238HigJul 16, 2001
    risk 0.51cvss 7.8epss 0.01

    Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the…

  • CVE-2001-1042HigJul 2, 2001
    risk 0.49cvss 7.5epss 0.03

    Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.

  • CVE-2001-1386HigJul 1, 2001
    risk 0.49cvss 7.5epss 0.03

    WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.

  • CVE-2001-1043HigJul 1, 2001
    risk 0.49cvss 7.5epss 0.03

    ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.

  • CVE-2001-0334HigJun 27, 2001
    risk 0.50cvss 7.5epss 0.15

    FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.

  • CVE-2001-0195HigMar 26, 2001
    risk 0.51cvss 7.8epss 0.00

    sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.