Full List

Search

Recent Vulnerabilities

• CVE-2001-0014 • published on May 7, 2001 Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability.
• CVE-2001-0041 • published on May 7, 2001 Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts.
• CVE-2001-0050 • published on May 7, 2001 Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name.
• CVE-2001-0053 • published on May 7, 2001 One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.
• CVE-2001-0058 • published on May 7, 2001 The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character.
• CVE-2001-0059 • published on May 7, 2001 patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.
• CVE-2001-0012 • published on May 7, 2001 BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
• CVE-2001-0021 • published on May 7, 2001 MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.
• CVE-2001-0034 • published on May 7, 2001 KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.
• CVE-2001-0036 • published on May 7, 2001 KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.
• CVE-2001-0060 • published on May 7, 2001 Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username.
• CVE-2001-0062 • published on May 7, 2001 procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang.
• CVE-2001-0003 • published on May 7, 2001 Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
• CVE-2001-0005 • published on May 7, 2001 Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
• CVE-2001-0006 • published on May 7, 2001 The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
• CVE-2001-0011 • published on May 7, 2001 Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
• CVE-2001-0017 • published on May 7, 2001 Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability.
• CVE-2001-0028 • published on May 7, 2001 Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters.
• CVE-2001-0035 • published on May 7, 2001 Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request.
• CVE-2001-0043 • published on May 7, 2001 phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.