Full List

Search

Recent Vulnerabilities

• CVE-2001-0644 • published on March 9, 2002 Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server.
• CVE-2001-0665 • published on March 9, 2002 Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."
• CVE-2001-0670 • published on March 9, 2002 Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
• CVE-2001-0653 • published on March 9, 2002 Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
• CVE-2001-0660 • published on March 9, 2002 Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).
• CVE-2001-0667 • published on March 9, 2002 Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150.
• CVE-2001-0692 • published on March 9, 2002 SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a remote attacker to bypass firewall filtering via a base64 MIME encoded email attachment whose boundary name ends in two dashes.
• CVE-2001-0701 • published on March 9, 2002 Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument.
• CVE-2001-0728 • published on March 9, 2002 Buffer overflow in Compaq Management Agents before 5.2, included in Compaq Web-enabled Management Software, allows local users to gain privileges.
• CVE-2001-0733 • published on March 9, 2002 The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code.
• CVE-2001-0751 • published on March 9, 2002 Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.
• CVE-2001-0752 • published on March 9, 2002 Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set.
• CVE-2001-0754 • published on March 9, 2002 Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets.
• CVE-2001-0765 • published on March 9, 2002 BisonFTP V4R1 allows local users to access directories outside of their home directory by uploading .bdl files, which can then be linked to other directories.
• CVE-2001-0595 • published on March 9, 2002 Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program.
• CVE-2001-0615 • published on March 9, 2002 Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'.
• CVE-2001-0641 • published on March 9, 2002 Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.
• CVE-2001-0648 • published on March 9, 2002 Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module.
• CVE-2001-0650 • published on March 9, 2002 Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.
• CVE-2001-0652 • published on March 9, 2002 Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.