Full List

Search

Recent Vulnerabilities

• CVE-2001-1360 • published on June 11, 2002 Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned.
• CVE-2001-1361 • published on June 11, 2002 Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.
• CVE-2001-1362 • published on June 11, 2002 Vulnerability in the server for nPULSE before 0.53p4.
• CVE-2001-1364 • published on June 11, 2002 Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified.
• CVE-2001-1366 • published on June 11, 2002 netscript before 1.6.3 parses dynamic variables, which could allow remote attackers to alter program behavior or obtain sensitive information.
• CVE-2001-1368 • published on June 11, 2002 Vulnerability in iPlanet Web Server 4 included in Virtualvault Operating System (VVOS) 4.0 running HP-UX 11.04 could allow attackers to corrupt data.
• CVE-2001-1377 • published on June 11, 2002 Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
• CVE-2001-1365 • published on June 11, 2002 Vulnerability in IntraGnat before 1.4.
• CVE-2001-1355 • published on June 11, 2002 Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
• CVE-2001-1356 • published on June 11, 2002 NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
• CVE-2001-1376 • published on June 11, 2002 Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
• CVE-2002-0031 • published on June 11, 2002 Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.
• CVE-2002-0393 • published on June 11, 2002 Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web interface allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long administration password.
• CVE-2002-0407 • published on June 11, 2002 htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
• CVE-2002-0408 • published on June 11, 2002 htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message.
• CVE-2002-0413 • published on June 11, 2002 Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.
• CVE-2002-0418 • published on June 11, 2002 Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.
• CVE-2002-0432 • published on June 11, 2002 Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server.
• CVE-2002-0438 • published on June 11, 2002 ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial of service via an ARP packet with the firewall's IP address and an incorrect MAC address, which causes the firewall to disable the LAN interface.
• CVE-2002-0446 • published on June 11, 2002 categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows remote attackers to determine the absolute path of the web server via an invalid category ID (cid) parameter, which leaks the pathname in an error message.