Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29922 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2001-1372 1 Oracle 1 Application Server 2026-06-16 5.0 MEDIUM N/A
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.
CVE-2001-1370 1 Phplib Team 1 Phplib 2026-06-16 10.0 HIGH N/A
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
CVE-2001-1369 1 Leon J Breedt 1 Pam-pgsql 2026-06-16 7.5 HIGH N/A
Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.
CVE-2001-1368 1 Iplanet 1 Iplanet Web Server 2026-06-16 5.0 MEDIUM N/A
Vulnerability in iPlanet Web Server 4 included in Virtualvault Operating System (VVOS) 4.0 running HP-UX 11.04 could allow attackers to corrupt data.
CVE-2001-1367 1 Phpslice 1 Phpslice 2026-06-16 10.0 HIGH N/A
The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.
CVE-2001-1366 1 Netscript Project 1 Netscript 2026-06-16 5.0 MEDIUM N/A
netscript before 1.6.3 parses dynamic variables, which could allow remote attackers to alter program behavior or obtain sensitive information.
CVE-2001-1365 1 Osi Codes Inc. 1 Intragnat 2026-06-16 7.5 HIGH N/A
Vulnerability in IntraGnat before 1.4.
CVE-2001-1364 1 Project Purple 1 Autodns 2026-06-16 7.5 HIGH N/A
Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified.
CVE-2001-1363 1 Phpwebsite Development Team 1 Phpwebsite 2026-06-16 10.0 HIGH N/A
Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges.
CVE-2001-1362 1 Horsburgh 1 Npulse 2026-06-16 7.5 HIGH N/A
Vulnerability in the server for nPULSE before 0.53p4.
CVE-2001-1361 1 Twig Development Team 1 Twig 2026-06-16 7.5 HIGH N/A
Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.
CVE-2001-1360 1 Mostang 1 Sane 2026-06-16 7.2 HIGH N/A
Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned.
CVE-2001-1359 1 Caldera 1 Volution 2026-06-16 10.0 HIGH N/A
Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server.
CVE-2001-1358 1 Phpheaven 1 Phpmychat 2026-06-16 7.2 HIGH N/A
Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter.
CVE-2001-1357 1 Phpheaven 1 Phpmychat 2026-06-16 7.5 HIGH N/A
Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables.
CVE-2001-1356 1 Netwin 1 Surgeftp 2026-06-16 10.0 HIGH N/A
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
CVE-2001-1355 1 Netwin 2 Dmail, Surgeftp 2026-06-16 10.0 HIGH N/A
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
CVE-2001-1354 1 Netwin 2 Dmail, Surgeftp 2026-06-16 4.6 MEDIUM N/A
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
CVE-2001-1353 1 Aladdin Enterprises 1 Ghostscript 2026-06-16 2.6 LOW N/A
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.
CVE-2001-1352 1 Namazu 1 Namazu 2026-06-16 7.5 HIGH N/A
Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter.