Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2001-12-06 | CVE-2001-0839 | Unspecified vulnerability in Ibill Internet Billing Company Processing Plus ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing. | 7.5 |
2001-12-06 | CVE-2001-0838 | Remote Security vulnerability in Network Solutions Rwhoisd 1.5.X Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command. | 7.5 |
2001-12-06 | CVE-2001-0836 | Unspecified vulnerability in Oracle Application Server web Cache 2.0.0.1 Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. | 7.5 |
2001-12-06 | CVE-2001-0835 | Unspecified vulnerability in Bradford Barrett Webalizer Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup. | 7.5 |
2001-12-06 | CVE-2001-0833 | Buffer Overflow vulnerability in Oracle OTRCREP Oracle Home Environment Variable Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability." | 7.2 |
2001-12-06 | CVE-2001-0830 | Missing Release of Resource after Effective Lifetime vulnerability in 6Tunnel Project 6Tunnel 0.08 6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server. | 7.5 |
2001-12-06 | CVE-2001-0824 | Cross-Site Scripting vulnerability in IBM WebSphere Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. | 7.5 |
2001-12-06 | CVE-2001-0823 | Symbolic Link vulnerability in SGI Performance Co-Pilot pmpost The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR). | 7.2 |
2001-12-06 | CVE-2001-0820 | Buffer Overflow vulnerability in Gaztek Ghttp 1.4 Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c. | 7.5 |
2001-12-06 | CVE-2001-0819 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header. | 7.5 |