Search Results (363673 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1241 1 Steve Grimm 1 Un-cgi 2026-04-16 N/A
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
CVE-2001-1242 1 Steve Grimm 1 Un-cgi 2026-04-16 N/A
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
CVE-2001-1243 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
CVE-2001-1244 7 Freebsd, Hp, Linux and 4 more 9 Freebsd, Hp-ux, Vvos and 6 more 2026-04-16 N/A
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
CVE-2001-1245 1 Opera Software 1 Opera Web Browser 2026-04-16 N/A
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
CVE-2001-1246 2 Php, Redhat 3 Php, Enterprise Linux, Linux 2026-04-16 N/A
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2001-1247 2 Php, Redhat 2 Php, Linux 2026-04-16 N/A
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
CVE-2001-1248 1 Vwebserver 1 Vwebserver 2026-04-16 N/A
vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).
CVE-2001-1249 1 Vwebserver 1 Vwebserver 2026-04-16 N/A
vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.
CVE-2001-1250 1 Vwebserver 1 Vwebserver 2026-04-16 N/A
vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow.
CVE-2001-1251 2 Max Feoktistov, Vwebserver 2 Small Http Server, Vwebserver 2026-04-16 N/A
SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests.
CVE-2001-1252 1 Pgp 1 Keyserver 2026-04-16 N/A
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
CVE-2001-1253 1 Com2001 1 Alexis Server 2026-04-16 N/A
Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users.
CVE-2001-1254 1 Com2001 1 Alexis Server 2026-04-16 N/A
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.
CVE-2001-1255 2 Mysql, Oracle 2 Winmysqladmin, Mysql 2026-04-16 N/A
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
CVE-2001-1256 1 Hp 1 Hp-ux 2026-04-16 N/A
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
CVE-2001-1257 1 Horde 1 Imp 2026-04-16 N/A
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
CVE-2001-1258 1 Horde 1 Imp 2026-04-16 N/A
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
CVE-2001-1259 1 Avaya 1 Argent Office 2026-04-16 N/A
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.
CVE-2001-1260 1 Avaya 1 Argent Office 2026-04-16 N/A
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.