Search Results (363715 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1464 1 Businessobjects 1 Crystal Reports 2026-04-16 N/A
Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.
CVE-2001-1465 1 Surfcontrol 1 Superscout Web Filter 2026-04-16 N/A
SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements.
CVE-2001-1466 1 Van Dyke Technologies 1 Securecrt 2026-04-16 N/A
Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
CVE-2001-1467 1 Don Libes 1 Expect 2026-04-16 N/A
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.
CVE-2001-1468 1 Secure Reality 1 Phpsecurepages 2026-04-16 N/A
PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code.
CVE-2001-1477 1 Bea 1 Tuxedo 2026-04-16 N/A
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.
CVE-2001-1469 1 Ssh 1 Ssh 2026-04-16 N/A
The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check (CRC) with the CRC of a mask consisting of all the bits of the original message that were modified.
CVE-2001-1470 1 Ssh 1 Ssh 2026-04-16 N/A
The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message.
CVE-2001-1471 1 Phpbb 1 Phpbb 2026-04-16 8.8 High
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
CVE-2001-1472 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
CVE-2001-1473 1 Ssh 1 Ssh 2026-04-16 N/A
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
CVE-2001-1474 1 Ssh 1 Ssh 2026-04-16 N/A
SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache.
CVE-2001-1475 1 Ssh 1 Ssh 2026-04-16 N/A
SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated.
CVE-2001-1476 1 Ssh 1 Ssh 2026-04-16 N/A
SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not.
CVE-2001-1479 1 Sun 1 Management\+center 2026-04-16 N/A
smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT.
CVE-2001-1480 2 Apple, Sun 4 Mac Os Runtime For Java, Jdk, Jre and 1 more 2026-04-16 N/A
Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.
CVE-2001-1481 1 Xitami 1 Xitami 2026-04-16 9.8 Critical
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
CVE-2001-1482 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.
CVE-2001-1483 1 Nrl.navy 1 One-time Passwords In Everything 2026-04-16 N/A
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.
CVE-2001-1484 1 Alcatel 2 Adsl Modem 1000, Speed Touch Adsl Modem 2026-04-16 N/A
Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication.