Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-1147 1 Andries Brouwer 1 Util-linux 2008-09-05 7.2 HIGH N/A
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
CVE-2001-1149 1 Panda 1 Panda Antivirus Platinum 2008-09-05 5.0 MEDIUM N/A
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.
CVE-2001-1150 1 Trend Micro 2 Officescan, Virus Buster 2008-09-05 5.0 MEDIUM N/A
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
CVE-2001-1152 1 Baltimore Technologies 1 Websweeper 2008-09-05 7.5 HIGH N/A
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
CVE-2001-1155 1 Freebsd 1 Freebsd 2008-09-05 7.5 HIGH N/A
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
CVE-2001-1156 1 Typsoft 1 Typsoft Ftp Server 2008-09-05 5.0 MEDIUM N/A
TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.
CVE-2001-1157 1 Baltimore Technologies 1 Websweeper 2008-09-05 7.5 HIGH N/A
Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode.
CVE-2001-1159 1 Squirrelmail 1 Squirrelmail 2008-09-05 7.5 HIGH N/A
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.
CVE-2001-1161 1 Lotus 1 Domino R5 Server 2008-09-05 7.5 HIGH N/A
Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.
CVE-2001-1163 1 Munica 1 Netsql 2008-09-05 10.0 HIGH N/A
Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500.
CVE-2001-1164 1 Caldera 1 Unixware 2008-09-05 7.2 HIGH N/A
Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.
CVE-2001-1165 1 Intego 2 Diskguard, Fileguard 2008-09-05 4.6 MEDIUM N/A
Intego FileGuard 4.0 uses weak encryption to store user information and passwords, which allows local users to gain privileges by decrypting the information, e.g., with the Disengage tool.
CVE-2001-1166 1 Freebsd 1 Freebsd 2008-09-05 5.0 MEDIUM N/A
linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.
CVE-2001-1169 1 Bell Communications Research 1 S Key 2008-09-05 7.5 HIGH N/A
keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo.
CVE-2001-1171 1 Checkpoint 1 Firewall-1 2008-09-05 7.2 HIGH N/A
Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy.
CVE-2001-1179 1 Xfree86 Project 1 X11r6 2008-09-05 7.2 HIGH N/A
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.
CVE-2001-1184 1 Denicomp 1 Winsock Rshd Nt 2008-09-05 5.0 MEDIUM N/A
wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number, which causes a connection attempt to that port and all ports below 1024, and (2) in 2.21.00, a port number of 1024.
CVE-2001-1185 1 Freebsd 1 Freebsd 2008-09-05 6.2 MEDIUM N/A
Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.
CVE-2001-1188 1 Brian Dorricott 1 Mailto 2008-09-05 7.5 HIGH N/A
mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields.
CVE-2001-1189 1 Ibm 1 Websphere Application Server 2008-09-05 4.6 MEDIUM N/A
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.