Full List

Search

Recent Vulnerabilities

• CVE-2001-0142 • published on May 7, 2001 squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
• CVE-2001-0152 • published on May 7, 2001 The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.
• CVE-2001-0157 • published on May 7, 2001 Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled.
• CVE-2001-0170 • published on May 7, 2001 glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
• CVE-2001-0178 • published on May 7, 2001 kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
• CVE-2001-0183 • published on May 7, 2001 ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection.
• CVE-2001-0193 • published on May 7, 2001 Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.
• CVE-2001-0130 • published on May 7, 2001 Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier.
• CVE-2001-0141 • published on May 7, 2001 mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
• CVE-2001-0143 • published on May 7, 2001 vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
• CVE-2001-0148 • published on May 7, 2001 The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.
• CVE-2001-0150 • published on May 7, 2001 Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.
• CVE-2001-0153 • published on May 7, 2001 Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands.
• CVE-2001-0154 • published on May 7, 2001 HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
• CVE-2001-0166 • published on May 7, 2001 Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file.
• CVE-2001-0179 • published on May 7, 2001 Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."
• CVE-2001-0185 • published on May 7, 2001 Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash.
• CVE-2001-0194 • published on May 7, 2001 Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.
• CVE-2001-0196 • published on May 7, 2001 inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group.
• CVE-2001-0222 • published on May 7, 2001 webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.