Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2001-06-18 CVE-2001-0249 Incorrect Calculation of Buffer Size vulnerability in multiple products
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
network
low complexity
hp oracle sgi CWE-131
critical
9.8
2001-06-18 CVE-2001-0248 Incorrect Calculation of Buffer Size vulnerability in multiple products
Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.
network
low complexity
sgi hp CWE-131
critical
9.8
2001-05-24 CVE-2001-1339 Improper Restriction of Excessive Authentication Attempts vulnerability in Anybus Ipc@Chip Firmware
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks.
network
low complexity
anybus CWE-307
critical
9.8
2000-12-19 CVE-2000-0944 Insufficiently Protected Credentials vulnerability in CGI Script Center News Update 1.1
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.
network
low complexity
cgi CWE-522
critical
9.8
2000-04-14 CVE-2000-1218 Origin Validation Error vulnerability in Microsoft products
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
network
low complexity
microsoft CWE-346
critical
9.8
1999-12-31 CVE-1999-1324 Improper Restriction of Excessive Authentication Attempts vulnerability in HP Openvms VAX 5.3/5.4/5.5
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
network
low complexity
hp CWE-307
critical
9.8
1999-03-01 CVE-1999-0426 Incorrect Default Permissions vulnerability in Suse Linux 6.0
The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing.
network
low complexity
suse CWE-276
critical
9.8