Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1248 1 Vwebserver 1 Vwebserver 2026-04-16 N/A
vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).
CVE-2001-1249 1 Vwebserver 1 Vwebserver 2026-04-16 N/A
vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.
CVE-2001-1250 1 Vwebserver 1 Vwebserver 2026-04-16 N/A
vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow.
CVE-2001-1252 1 Pgp 1 Keyserver 2026-04-16 N/A
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
CVE-2001-1271 1 Rarsoft 1 Rar 2026-04-16 N/A
Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.
CVE-2001-1272 1 Wliang 1 Wmtv 2026-04-16 N/A
wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.
CVE-2001-1273 2 Linux, Redhat 2 Linux Kernel, Linux 2026-04-16 N/A
The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).
CVE-2001-1274 2 Oracle, Redhat 2 Mysql, Linux 2026-04-16 N/A
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
CVE-2001-1275 2 Oracle, Redhat 2 Mysql, Linux 2026-04-16 N/A
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
CVE-2001-1276 2 Itcorp, Redhat 2 Ispell, Linux 2026-04-16 N/A
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.
CVE-2001-1277 1 Wolfram Schneider 1 Makewhatis 2026-04-16 N/A
makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.
CVE-2001-1280 1 Ipswitch 1 Imail 2026-04-16 N/A
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.
CVE-2001-1281 1 Ipswitch 1 Imail 2026-04-16 N/A
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.
CVE-2001-1282 1 Ipswitch 1 Imail 2026-04-16 N/A
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
CVE-2001-1283 1 Ipswitch 1 Imail 2026-04-16 N/A
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.
CVE-2001-1284 1 Ipswitch 1 Imail 2026-04-16 N/A
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
CVE-2001-1285 1 Ipswitch 1 Imail 2026-04-16 N/A
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
CVE-2001-1286 1 Ipswitch 1 Imail 2026-04-16 N/A
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
CVE-2001-1289 1 Id Software 1 Quake 3 Arena 2026-04-16 N/A
Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters.
CVE-2001-1290 1 Active Web Suite Technologies 1 Active Classifieds 2026-04-16 N/A
admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter.