CVE List
Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
---|---|---|---|---|---|---|---|
3811 | CVE-2001-1007 | Candidate | Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack. | Proposed (20020131) | ACCEPT(1) Green | MODIFY(1) Frech | NOOP(4) Armstrong, Cole, Foat, Wall | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:truesync-desktop-devicekeys-bruteforce(8712) | View |
3829 | CVE-2001-1025 | Candidate | PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php. | Proposed (20020131) | ACCEPT(1) Green | MODIFY(1) Frech | NOOP(4) Armstrong, Cole, Foat, Wall | Frech> XF:php-nuke-prefix-admin-access(6945) | View |
3776 | CVE-2001-0971 | Candidate | Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. | Modified (20020313-01) | ACCEPT(1) Green | MODIFY(1) Frech | NOOP(4) Armstrong, Cole, Foat, Wall | REJECT(1) Christey | Christey> According to an email message from the vendor | (bcoveney@4d.com) on March 13, 2002, this problem is only | possible if the server admin has already configured the | server"s web root to be at the top-level folder. This is not | the default. As such, any "directory traversal" attack would | not escape above the folder that has already been specified by | the admin. Since this is a generic misconfiguration problem | for all web servers, and not a default configuration of ACI | 4D, then this candidate should not be included in CVE. | | The quote from the vendor is: "By default the 4D WebServer | doesn"t have this behavior. A property has to be turned on to allow | this (despite our warnings of the consequences). We don"t allow pages | outside of our web folder to be served but if the developer of the | site wishes they can set the webroot folder to be whatever they | want. In the system that "krfinisterre@checkfree.com" evaluated the | developer had chosen to set their root folder to be the root of the | computer system (C:) and therefore all the files on the system were | available. By default we set the root folder at the same level as the | database folder so this doesn"t happen. You cannot look at any files | outside the designated WebFolder root tree." | Frech> XF:4d-webserver-directory-traversal(7010) | View |
4043 | CVE-2001-1239 | Candidate | PowerNet IX allows remote attackers to cause a denial of service via a port scan. | Proposed (20020502) | ACCEPT(1) Green | MODIFY(1) Frech | NOOP(4) Cole, Cox, Foat, Wall | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:powernet-ix-portscan-dos(9994) | View |
4053 | CVE-2001-1249 | Candidate | vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names. | Proposed (20020502) | ACCEPT(1) Green | MODIFY(1) Frech | NOOP(4) Cole, Cox, Foat, Wall | Frech> XF:vwebserver-device-dos(6770) | View |
Page 725 of 20943, showing 5 records out of 104715 total, starting on record 3621, ending on 3625