Full List

Search

Recent Vulnerabilities

• CVE-2001-0632 • published on July 27, 2001 Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges.
• CVE-2001-0592 • published on July 27, 2001 Watchguard Firebox II prior to 4.6 allows a remote attacker to create a denial of service in the kernel via a large stream (10,000) of malformed ICMP or TCP packets.
• CVE-2001-0602 • published on July 27, 2001 Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (400) URL requests for DOS devices.
• CVE-2001-0614 • published on July 27, 2001 Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL.
• CVE-2001-0617 • published on July 27, 2001 Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled.
• CVE-2001-0618 • published on July 27, 2001 Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the 'Network Name' or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic.
• CVE-2001-0601 • published on July 27, 2001 Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters.
• CVE-2001-0604 • published on July 27, 2001 Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (8Kb) containing a large number of '/' characters.
• CVE-2001-0606 • published on July 27, 2001 Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service.
• CVE-2001-0607 • published on July 27, 2001 asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.
• CVE-2001-0609 • published on July 27, 2001 Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
• CVE-2001-0610 • published on July 27, 2001 kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.
• CVE-2001-0620 • published on July 27, 2001 iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions.
• CVE-2001-0624 • published on July 27, 2001 QNX 2.4 allows a local user to read arbitrary files by directly accessing the mount point for the FAT disk partition, e.g. /fs-dos.
• CVE-2001-0633 • published on July 27, 2001 Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'.
• CVE-2001-0597 • published on July 27, 2001 Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.
• CVE-2001-0598 • published on July 27, 2001 Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large ( 45Kb) amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled.
• CVE-2001-0599 • published on July 27, 2001 Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier as included with Symantec Ghost 6.5 allows a remote attacker to create a denial of service by sending large ( 45Kb) amounts of data to port 2638.
• CVE-2001-0605 • published on July 27, 2001 Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data.
• CVE-2001-0619 • published on July 27, 2001 The Lucent Closed Network protocol can allow remote attackers to join Closed Network networks which they do not have access to. The 'Network Name' or SSID, which is used as a shared secret to join the network, is transmitted in the clear.