Full List

Search

Recent Vulnerabilities

• CVE-2001-1090 • published on March 15, 2002 nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
• CVE-2001-1093 • published on March 15, 2002 Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument.
• CVE-2001-1094 • published on March 15, 2002 NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version.
• CVE-2001-1092 • published on March 15, 2002 msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file.
• CVE-2001-1086 • published on March 15, 2002 XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
• CVE-2001-1091 • published on March 15, 2002 The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.
• CVE-2001-1097 • published on March 15, 2002 Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.
• CVE-2001-1101 • published on March 15, 2002 The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.
• CVE-2001-1104 • published on March 15, 2002 SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
• CVE-2001-1112 • published on March 15, 2002 Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters.
• CVE-2001-1120 • published on March 15, 2002 Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
• CVE-2001-1125 • published on March 15, 2002 Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
• CVE-2001-1131 • published on March 15, 2002 Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command.
• CVE-2001-1135 • published on March 15, 2002 ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known.
• CVE-2001-1136 • published on March 15, 2002 The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.
• CVE-2001-1137 • published on March 15, 2002 D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments.
• CVE-2001-1138 • published on March 15, 2002 Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter.
• CVE-2001-1139 • published on March 15, 2002 Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request.
• CVE-2001-1142 • published on March 15, 2002 ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.
• CVE-2001-1143 • published on March 15, 2002 IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.