Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2001-08-31 CVE-2001-1452 Origin Validation Error vulnerability in Microsoft Windows 2000 and Windows NT
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
network
low complexity
microsoft CWE-346
7.5
2001-07-31 CVE-2001-1471 Improper Initialization vulnerability in PHPbb 1.4.0
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
network
low complexity
phpbb CWE-665
8.8
2001-07-21 CVE-2001-0497 Incorrect Default Permissions vulnerability in ISC Bind
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
local
low complexity
isc CWE-276
7.8
2001-07-16 CVE-2001-1238 Improper Handling of Case Sensitivity vulnerability in Microsoft Windows 2000
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
local
low complexity
microsoft CWE-178
7.8
2001-07-02 CVE-2001-1042 Link Following vulnerability in Transsoft Broker FTP Server 5.9.5.0
Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
network
low complexity
transsoft CWE-59
7.5
2001-07-01 CVE-2001-1386 Link Following vulnerability in Texasimperialsoftware Wftpd 3.00
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.
network
low complexity
texasimperialsoftware CWE-59
7.5
2001-07-01 CVE-2001-1043 Link Following vulnerability in Argosoft FTP Server 1.2.2.2
ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
network
low complexity
argosoft CWE-59
7.5
2001-06-27 CVE-2001-0334 Incorrect Calculation of Buffer Size vulnerability in Microsoft Internet Information Server
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
network
low complexity
microsoft CWE-131
7.5
2001-03-26 CVE-2001-0195 Improper Preservation of Permissions vulnerability in Debian Linux 2.2
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
local
low complexity
debian CWE-281
7.8
2001-02-12 CVE-2001-0006 Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Windows NT 4.0
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
local
low complexity
microsoft CWE-732
7.1