Full List

Search

Recent Vulnerabilities

• CVE-2001-1320 • published on May 3, 2002 Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.
• CVE-2001-1324 • published on May 3, 2002 cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.
• CVE-2001-1326 • published on May 3, 2002 Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.
• CVE-2001-1330 • published on May 3, 2002 Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
• CVE-2001-1332 • published on May 3, 2002 Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
• CVE-2001-1333 • published on May 3, 2002 Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
• CVE-2001-1306 • published on May 3, 2002 iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite.
• CVE-2001-1308 • published on May 3, 2002 Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
• CVE-2001-1310 • published on May 3, 2002 IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite.
• CVE-2001-1315 • published on May 3, 2002 Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
• CVE-2001-1323 • published on May 3, 2002 Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.
• CVE-2001-1325 • published on May 3, 2002 Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
• CVE-2001-1341 • published on May 3, 2002 The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program.
• CVE-2001-1346 • published on May 3, 2002 Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
• CVE-2001-1348 • published on May 3, 2002 TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.
• CVE-2001-1294 • published on May 3, 2002 Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password.
• CVE-2001-1307 • published on May 3, 2002 Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
• CVE-2001-1309 • published on May 3, 2002 Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
• CVE-2001-1312 • published on May 3, 2002 Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
• CVE-2001-1336 • published on May 3, 2002 CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.