Full List

Search

Recent Vulnerabilities

• CVE-2001-0426 • published on May 24, 2001 Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable.
• CVE-2001-0446 • published on May 24, 2001 IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
• CVE-2001-0448 • published on May 24, 2001 Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories with legacy DOS device names.
• CVE-2001-0451 • published on May 24, 2001 INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1.
• CVE-2001-0400 • published on May 24, 2001 nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address.
• CVE-2001-0401 • published on May 24, 2001 Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
• CVE-2001-0406 • published on May 24, 2001 Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
• CVE-2001-0411 • published on May 24, 2001 Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet.
• CVE-2001-0417 • published on May 24, 2001 Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
• CVE-2001-0419 • published on May 24, 2001 Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.
• CVE-2001-0438 • published on May 24, 2001 Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu.
• CVE-2001-0468 • published on May 24, 2001 Buffer overflow in FTPFS allows local users to gain root privileges via a long user name.
• CVE-2001-0471 • published on May 24, 2001 SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack.
• CVE-2001-0472 • published on May 24, 2001 Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request.
• CVE-2001-0480 • published on May 24, 2001 Directory traversal vulnerability in Alex's FTP Server 0.7 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the (1) GET or (2) CD commands.
• CVE-2001-0483 • published on May 24, 2001 Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set.
• CVE-2001-0496 • published on May 24, 2001 kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.
• CVE-2001-0464 • published on May 24, 2001 Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.
• CVE-2001-0470 • published on May 24, 2001 Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name.
• CVE-2001-0490 • published on May 24, 2001 Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.