CVE List

Id CVE No. Status Description Phase Votes Comments Actions
3811  CVE-2001-1007  Candidate  Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack.  Proposed (20020131)  ACCEPT(1) Green | MODIFY(1) Frech | NOOP(4) Armstrong, Cole, Foat, Wall  CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:truesync-desktop-devicekeys-bruteforce(8712)  View
3829  CVE-2001-1025  Candidate  PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.  Proposed (20020131)  ACCEPT(1) Green | MODIFY(1) Frech | NOOP(4) Armstrong, Cole, Foat, Wall  Frech> XF:php-nuke-prefix-admin-access(6945)  View
3776  CVE-2001-0971  Candidate  Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request.  Modified (20020313-01)  ACCEPT(1) Green | MODIFY(1) Frech | NOOP(4) Armstrong, Cole, Foat, Wall | REJECT(1) Christey  Christey> According to an email message from the vendor | (bcoveney@4d.com) on March 13, 2002, this problem is only | possible if the server admin has already configured the | server"s web root to be at the top-level folder. This is not | the default. As such, any "directory traversal" attack would | not escape above the folder that has already been specified by | the admin. Since this is a generic misconfiguration problem | for all web servers, and not a default configuration of ACI | 4D, then this candidate should not be included in CVE. | | The quote from the vendor is: "By default the 4D WebServer | doesn"t have this behavior. A property has to be turned on to allow | this (despite our warnings of the consequences). We don"t allow pages | outside of our web folder to be served but if the developer of the | site wishes they can set the webroot folder to be whatever they | want. In the system that "krfinisterre@checkfree.com" evaluated the | developer had chosen to set their root folder to be the root of the | computer system (C:) and therefore all the files on the system were | available. By default we set the root folder at the same level as the | database folder so this doesn"t happen. You cannot look at any files | outside the designated WebFolder root tree." | Frech> XF:4d-webserver-directory-traversal(7010)  View
4043  CVE-2001-1239  Candidate  PowerNet IX allows remote attackers to cause a denial of service via a port scan.  Proposed (20020502)  ACCEPT(1) Green | MODIFY(1) Frech | NOOP(4) Cole, Cox, Foat, Wall  CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:powernet-ix-portscan-dos(9994)  View
4053  CVE-2001-1249  Candidate  vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.  Proposed (20020502)  ACCEPT(1) Green | MODIFY(1) Frech | NOOP(4) Cole, Cox, Foat, Wall  Frech> XF:vwebserver-device-dos(6770)  View

Page 725 of 20943, showing 5 records out of 104715 total, starting on record 3621, ending on 3625

Actions