Latest CVE Feed
-
10.0
HIGHCVE-2001-1291
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.... Read more
- EPSS Score: %9.89
- Published: Jul. 12, 2001
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2001-1367
The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.... Read more
Affected Products : phpslice- EPSS Score: %0.93
- Published: Jul. 19, 2001
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2001-1355
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup comma... Read more
- EPSS Score: %1.33
- Published: Jul. 20, 2001
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2001-1356
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.... Read more
Affected Products : surgeftp- EPSS Score: %1.10
- Published: Aug. 04, 2001
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2001-1260
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.... Read more
Affected Products : argent_office- EPSS Score: %0.52
- Published: Aug. 07, 2001
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2001-0555
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.... Read more
- EPSS Score: %23.60
- Published: Aug. 14, 2001
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2001-0981
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.... Read more
Affected Products : cifs-9000_server- EPSS Score: %0.39
- Published: Aug. 31, 2001
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2001-1053
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.... Read more
Affected Products : adcycle- EPSS Score: %0.46
- Published: Jul. 13, 2001
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2001-1252
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and... Read more
Affected Products : keyserver- EPSS Score: %1.12
- Published: Sep. 28, 2001
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2001-0808
gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.... Read more
Affected Products : gnatsweb- EPSS Score: %3.10
- Published: Dec. 06, 2001
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2001-0840
Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.... Read more
Affected Products : insight_manager_xe- EPSS Score: %12.53
- Published: Dec. 06, 2001
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2001-0953
Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root.... Read more
Affected Products : kebi_community- EPSS Score: %1.10
- Published: Dec. 08, 2001
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2002-0007
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.... Read more
Affected Products : bugzilla- EPSS Score: %1.84
- Published: Jan. 31, 2002
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2001-1061
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error.... Read more
Affected Products : aix- EPSS Score: %0.56
- Published: Aug. 31, 2001
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2002-1621
Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.... Read more
Affected Products : aix- EPSS Score: %26.37
- Published: Apr. 22, 2002
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2002-0267
preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into ... Read more
Affected Products : sips- EPSS Score: %1.19
- Published: May. 29, 2002
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2002-0287
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.... Read more
Affected Products : pforum- EPSS Score: %0.69
- Published: May. 31, 2002
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2002-0335
Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request.... Read more
- EPSS Score: %8.65
- Published: Jun. 25, 2002
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2002-0665
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.... Read more
Affected Products : jrun- EPSS Score: %3.54
- Published: Jul. 11, 2002
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2002-0450
Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe.... Read more
Affected Products : web\+_server- EPSS Score: %6.33
- Published: Jul. 26, 2002
- Modified: Apr. 03, 2025