National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 136,525 matching records.
Displaying matches 133161 through 133180.
Vuln ID Summary CVSS Severity
CVE-2001-1320

Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.

Published: July 16, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-1321

Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.

Published: July 16, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-1053

AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.

Published: July 13, 2001; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2001-1082

Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a .. (dot dot) attack.

Published: July 13, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1142

ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.

Published: July 12, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1176

Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.

Published: July 12, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-1183

PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.

Published: July 12, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1267

Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).

Published: July 12, 2001; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2001-1268

Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.

Published: July 12, 2001; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2001-1269

Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.

Published: July 12, 2001; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2001-1270

Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files.

Published: July 12, 2001; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2001-1271

Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.

Published: July 12, 2001; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2001-1291

The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.

Published: July 12, 2001; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2001-1038

Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023.

Published: July 11, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1120

Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.

Published: July 11, 2001; 12:00:00 AM -04:00
    V2: 6.4 MEDIUM
CVE-2001-1143

IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.

Published: July 11, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1144

Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.

Published: July 11, 2001; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2001-1146

AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.

Published: July 11, 2001; 12:00:00 AM -04:00
    V2: 1.2 LOW
CVE-2001-1178

Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.

Published: July 11, 2001; 12:00:00 AM -04:00
    V2: 7.2 HIGH
CVE-2001-1240

The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.

Published: July 11, 2001; 12:00:00 AM -04:00
    V2: 10.0 HIGH