Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-12-30 | CVE-2001-1207 | Buffer Overflow vulnerability in DayDream BBS Control Code Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA. | 7.5 |
| 2001-12-30 | CVE-2001-1206 | Remote Command Execution vulnerability in Matrixs CGI Vault Last Lines 2.0 Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $error_log variable. | 7.5 |
| 2001-12-29 | CVE-2001-1433 | Unspecified vulnerability in Cherokee Httpd Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities. | 7.5 |
| 2001-12-29 | CVE-2001-1432 | Path Traversal vulnerability in Cherokee Httpd Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. | 7.8 |
| 2001-12-28 | CVE-2001-1202 | Cross-Site Scripting vulnerability in DeleGate Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error. | 7.5 |
| 2001-12-27 | CVE-2001-1352 | Unspecified vulnerability in Namazu Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter. | 7.5 |
| 2001-12-27 | CVE-2001-1203 | Unspecified vulnerability in Alessandro Rubini GPM 1.17.18/1.17.8 Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges. | 7.2 |
| 2001-12-25 | CVE-2001-1351 | Unspecified vulnerability in Namazu Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers. | 7.5 |
| 2001-12-23 | CVE-2001-1224 | SQL Injection vulnerability in LES Vanbrunt Adrotate PRO 2.0 get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack. | 7.5 |
| 2001-12-21 | CVE-2001-1216 | Buffer Overflow vulnerability in Oracle Application Server 1.0.2 Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. | 7.5 |