Full List

Search

Recent Vulnerabilities

• CVE-1999-0923 • published on February 14, 2001 Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.
• CVE-2000-0312 • published on February 14, 2001 cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
• CVE-2001-0107 • published on February 14, 2001 Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang.
• CVE-2001-0114 • published on February 14, 2001 statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter.
• CVE-2001-0112 • published on February 14, 2001 Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands.
• CVE-2001-0113 • published on February 14, 2001 statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script.
• CVE-2001-0133 • published on February 14, 2001 The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.
• CVE-2001-0127 • published on February 14, 2001 Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag.
• CVE-2001-0135 • published on February 14, 2001 The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs.
• CVE-2001-0132 • published on February 14, 2001 Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack.
• CVE-2001-0134 • published on February 14, 2001 Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.
• CVE-2001-0131 • published on February 14, 2001 htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
• CVE-2000-0893 • published on February 2, 2001 The presence of the Distributed GL Daemon (dgld) service on port 5232 on SGI IRIX systems allows remote attackers to identify the target host as an SGI system.
• CVE-2000-0889 • published on February 2, 2001 Two Sun security certificates have been compromised, which could allow attackers to insert malicious code such as applets and make it appear that it is signed by Sun.
• CVE-2000-1090 • published on February 2, 2001 Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.
• CVE-2001-0024 • published on February 2, 2001 simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter.
• CVE-2001-0031 • published on February 2, 2001 BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist.
• CVE-2001-0038 • published on February 2, 2001 Offline Explorer 1.4 before Service Release 2 allows remote attackers to read arbitrary files by specifying the drive letter (e.g. C:) in the requested URL.
• CVE-2001-0051 • published on February 2, 2001 IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database.
• CVE-2001-0052 • published on February 2, 2001 IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query.