National Vulnerability Database

(308747)

CVE-2001-1350
Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter.
CVE-2001-1349
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.
CVE-2001-1348
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.
CVE-2001-1347
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
CVE-2001-1346
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
CVE-2001-1345
bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a Trojan horse program.
CVE-2001-1344
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot).
CVE-2001-1343
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.
CVE-2001-1342
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
CVE-2001-1341
The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program.
  30462  
2013