Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2001-08-02 | CVE-2001-0609 | Off-by-one Error vulnerability in Infodrom Cfingerd Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. | 9.8 |
2001-07-31 | CVE-2001-1471 | Improper Initialization vulnerability in PHPbb 1.4.0 prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement. | 8.8 |
2001-07-21 | CVE-2001-0497 | Incorrect Default Permissions vulnerability in ISC Bind dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | 7.8 |
2001-07-16 | CVE-2001-1238 | Improper Handling of Case Sensitivity vulnerability in Microsoft Windows 2000 Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. | 7.8 |
2001-07-12 | CVE-2001-1291 | Improper Restriction of Excessive Authentication Attempts vulnerability in 3Com Superstack II PS HUB 40 Firmware The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing. | 9.8 |
2001-07-02 | CVE-2001-1042 | Link Following vulnerability in Transsoft Broker FTP Server 5.9.5.0 Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | 7.5 |
2001-07-02 | CVE-2001-0395 | Improper Restriction of Excessive Authentication Attempts vulnerability in Lightwavemo Consoleserver 3200 Firmware Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing. | 9.8 |
2001-07-01 | CVE-2001-1386 | Link Following vulnerability in Texasimperialsoftware Wftpd 3.00 WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. | 7.5 |
2001-07-01 | CVE-2001-1043 | Link Following vulnerability in Argosoft FTP Server 1.2.2.2 ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | 7.5 |
2001-06-27 | CVE-2001-0334 | Incorrect Calculation of Buffer Size vulnerability in Microsoft Internet Information Server FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. | 7.5 |