Full List

Search

Recent Vulnerabilities

• CVE-2001-1095 • published on June 25, 2002 Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter.
• CVE-2001-1074 • published on June 25, 2002 Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
• CVE-2001-1085 • published on June 25, 2002 Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
• CVE-2001-1046 • published on June 25, 2002 Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.
• CVE-2001-1088 • published on June 25, 2002 Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
• CVE-2001-1072 • published on June 25, 2002 Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
• CVE-2001-1083 • published on June 25, 2002 Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).
• CVE-2001-1089 • published on June 25, 2002 libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
• CVE-2001-1096 • published on June 25, 2002 Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code.
• CVE-2001-1119 • published on June 25, 2002 cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack.
• CVE-2001-1149 • published on June 25, 2002 Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.
• CVE-2001-1108 • published on June 25, 2002 Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. (dot dot) attack in the requested URL.
• CVE-2001-1153 • published on June 25, 2002 lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument.
• CVE-2001-1160 • published on June 25, 2002 udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the category_file field.
• CVE-2001-1099 • published on June 25, 2002 The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
• CVE-2001-1100 • published on June 25, 2002 sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.
• CVE-2001-1116 • published on June 25, 2002 Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display.
• CVE-2001-1118 • published on June 25, 2002 A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.
• CVE-2001-1144 • published on June 25, 2002 Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.
• CVE-2001-1146 • published on June 25, 2002 AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.