Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2001-06-18 CVE-2001-0249 Incorrect Calculation of Buffer Size vulnerability in multiple products
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
network
low complexity
hp oracle sgi CWE-131
critical
9.8
2001-06-18 CVE-2001-0248 Incorrect Calculation of Buffer Size vulnerability in multiple products
Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.
network
low complexity
sgi hp CWE-131
critical
9.8
2001-05-24 CVE-2001-1339 Improper Restriction of Excessive Authentication Attempts vulnerability in Anybus Ipc@Chip Firmware
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks.
network
low complexity
anybus CWE-307
critical
9.8
2001-04-17 CVE-2001-1391 Off-by-one Error vulnerability in Linux Kernel
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.
local
low complexity
linux CWE-193
5.5
2001-03-26 CVE-2001-0195 Improper Preservation of Permissions vulnerability in Debian Linux 2.2
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
local
low complexity
debian CWE-281
7.8
2001-02-12 CVE-2001-0006 Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Windows NT 4.0
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
local
low complexity
microsoft CWE-732
7.1
2001-01-09 CVE-2000-1178 Link Following vulnerability in Joseph Allen JOE 2.8
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
local
low complexity
joseph-allen CWE-59
5.5
2000-12-19 CVE-2000-0972 Link Following vulnerability in HP Hp-Ux 11.00
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
local
low complexity
hp CWE-59
5.5
2000-12-19 CVE-2000-0944 Insufficiently Protected Credentials vulnerability in CGI Script Center News Update 1.1
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.
network
low complexity
cgi CWE-522
critical
9.8
2000-06-08 CVE-2000-0499 Improper Handling of Case Sensitivity vulnerability in BEA Weblogic Server
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
network
low complexity
bea CWE-178
7.5