Full List

Search

Recent Vulnerabilities

• CVE-2001-0054 • published on May 7, 2001 Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.
• CVE-2001-0055 • published on May 7, 2001 CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets.
• CVE-2001-0061 • published on May 7, 2001 procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space.
• CVE-2001-0009 • published on May 7, 2001 Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
• CVE-2001-0010 • published on May 7, 2001 Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.
• CVE-2001-0013 • published on May 7, 2001 Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
• CVE-2001-0015 • published on May 7, 2001 Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process.
• CVE-2001-0016 • published on May 7, 2001 NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access.
• CVE-2001-0026 • published on May 7, 2001 rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.
• CVE-2001-0033 • published on May 7, 2001 KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.
• CVE-2001-0040 • published on May 7, 2001 APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.
• CVE-2001-0039 • published on May 7, 2001 IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.
• CVE-2001-0056 • published on May 7, 2001 The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection.
• CVE-2001-0057 • published on May 7, 2001 Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet.
• CVE-2001-0063 • published on May 7, 2001 procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges.
• CVE-2001-0069 • published on May 7, 2001 dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack.
• CVE-2001-0081 • published on May 7, 2001 swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys.
• CVE-2001-0083 • published on May 7, 2001 Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability.
• CVE-2001-0090 • published on May 7, 2001 The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability.
• CVE-2001-0100 • published on May 7, 2001 bslist.cgi mailing list script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.