Full List

Search

Recent Vulnerabilities

• CVE-2001-0372 • published on May 24, 2001 Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores (1) barry, (2) basic, or (3) construct.
• CVE-2001-0384 • published on May 24, 2001 ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file.
• CVE-2001-0391 • published on May 24, 2001 Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.
• CVE-2001-0262 • published on May 24, 2001 Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.
• CVE-2001-0263 • published on May 24, 2001 Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled.
• CVE-2001-0337 • published on May 24, 2001 The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.
• CVE-2001-0355 • published on May 24, 2001 Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies.
• CVE-2001-0358 • published on May 24, 2001 Buffer overflows in Sierra Half-Life build 1573 and earlier allow remote attackers to execute arbitrary code via (1) a long map command, (2) a long exec command, or (3) long input in a configuration file.
• CVE-2001-0360 • published on May 24, 2001 Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and earlier allows a remote attacker to read arbitrary files via a .. (dot dot) attack in the helpon parameter.
• CVE-2001-0374 • published on May 24, 2001 The HTTP server in Compaq web-enabled management software for (1) Foundation Agents, (2) Survey, (3) Power Manager, (4) Availability Agents, (5) Intelligent Cluster Administrator, and (6) Insight Manager can be used as a generic proxy server, which allows remote attackers to bypass access restrictions via the management port, 2301.
• CVE-2001-0389 • published on May 24, 2001 IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.
• CVE-2001-0393 • published on May 24, 2001 Navision Financials Server 2.0 allows remote attackers to cause a denial of service via a series of connections to the server without providing a username/password combination, which consumes the license limits.
• CVE-2001-0395 • published on May 24, 2001 Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.
• CVE-2001-0404 • published on May 24, 2001 Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory.
• CVE-2001-0403 • published on May 24, 2001 /opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI.
• CVE-2001-0424 • published on May 24, 2001 BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.
• CVE-2001-0431 • published on May 24, 2001 Vulnerability in iPlanet Web Server Enterprise Edition 4.x.
• CVE-2001-0432 • published on May 24, 2001 Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands.
• CVE-2001-0433 • published on May 24, 2001 Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header.
• CVE-2001-0437 • published on May 24, 2001 upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.