Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2001-10-05 CVE-2001-1125 Download of Code Without Integrity Check vulnerability in Symantec Liveupdate 1.0/1.4/1.5
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
network
low complexity
symantec CWE-494
critical
9.8
2001-08-31 CVE-2001-1452 Origin Validation Error vulnerability in Microsoft Windows 2000 and Windows NT
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
network
low complexity
microsoft CWE-346
7.5
2001-08-31 CVE-2001-0967 Use of Password Hash With Insufficient Computational Effort vulnerability in Arkeia 4.2/4.2.82
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing.
network
low complexity
arkeia CWE-916
critical
9.8
2001-08-31 CVE-2000-1198 Improper Locking vulnerability in Qualcomm Qpopper 2.53/3.0
qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.
local
low complexity
qualcomm CWE-667
5.5
2001-08-29 CVE-2001-0682 Improper Locking vulnerability in multiple products
ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.
local
low complexity
zonelabs checkpoint CWE-667
5.5
2001-08-23 CVE-2001-1155 Incorrect Authorization vulnerability in Freebsd 4.1.1/4.2/4.3
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
network
low complexity
freebsd CWE-863
critical
9.8
2001-08-02 CVE-2001-0609 Off-by-one Error vulnerability in Infodrom Cfingerd
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
network
low complexity
infodrom CWE-193
critical
9.8
2001-07-31 CVE-2001-1471 Improper Initialization vulnerability in PHPbb 1.4.0
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
network
low complexity
phpbb CWE-665
8.8
2001-07-21 CVE-2001-0497 Incorrect Default Permissions vulnerability in ISC Bind
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
local
low complexity
isc CWE-276
7.8
2001-07-16 CVE-2001-1238 Improper Handling of Case Sensitivity vulnerability in Microsoft Windows 2000
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
local
low complexity
microsoft CWE-178
7.8