Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-0999 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script.
CVE-2001-1000 1 Merit 1 Aaa Radius Server 2026-04-16 N/A
rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file.
CVE-2001-1002 1 Redhat 1 Linux 2026-04-16 N/A
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.
CVE-2001-1003 1 Webct 1 Respondus 2026-04-16 N/A
Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges.
CVE-2001-1005 1 Starfish 1 Truesync Desktop 2026-04-16 N/A
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges.
CVE-2001-1006 1 Starfish 1 Truesync Desktop 2026-04-16 N/A
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application.
CVE-2001-1008 1 Sun 2 Java Plug-in, Jre 2026-04-16 N/A
Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.
CVE-2001-1010 1 Sambar 1 Sambar Server 2026-04-16 N/A
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter.
CVE-2001-1020 1 Vibechild 1 Directory Manager 2026-04-16 N/A
edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.
CVE-2001-1023 1 Xcache Technologies 1 Xcache 2026-04-16 N/A
Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header.
CVE-2001-1024 1 Entrust 1 Getaccess 2026-04-16 N/A
login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument.
CVE-2001-1025 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
CVE-2001-1027 1 Windowmaker 1 Windowmaker 2026-04-16 N/A
Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.
CVE-2001-1028 1 Redhat 1 Linux 2026-04-16 N/A
Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.
CVE-2001-1029 2 Freebsd, Openbsd 2 Freebsd, Openssh 2026-04-16 N/A
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
CVE-2001-1031 1 Charles Clark 1 Meteor Ftpd 2026-04-16 N/A
Directory traversal vulnerability in Meteor FTP 1.0 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the ls/LIST command, or (2) a ... in the cd/CWD command.
CVE-2001-1032 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy.
CVE-2001-1034 1 Freebsd 1 Freebsd 2026-04-16 N/A
Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.
CVE-2001-1035 1 Slrn Development Team 1 Slrn 2026-04-16 N/A
Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post.
CVE-2001-1036 2 Gnu, Slackware 2 Findutils, Slackware Linux 2026-04-16 N/A
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.