Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2001-08-31 | CVE-2001-1452 | Origin Validation Error vulnerability in Microsoft Windows 2000 and Windows NT By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | 7.5 |
2001-07-31 | CVE-2001-1471 | Improper Initialization vulnerability in PHPbb 1.4.0 prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement. | 8.8 |
2001-07-21 | CVE-2001-0497 | Incorrect Default Permissions vulnerability in ISC Bind dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | 7.8 |
2001-07-16 | CVE-2001-1238 | Improper Handling of Case Sensitivity vulnerability in Microsoft Windows 2000 Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. | 7.8 |
2001-07-02 | CVE-2001-1042 | Link Following vulnerability in Transsoft Broker FTP Server 5.9.5.0 Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | 7.5 |
2001-07-01 | CVE-2001-1386 | Link Following vulnerability in Texasimperialsoftware Wftpd 3.00 WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. | 7.5 |
2001-07-01 | CVE-2001-1043 | Link Following vulnerability in Argosoft FTP Server 1.2.2.2 ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | 7.5 |
2001-06-27 | CVE-2001-0334 | Incorrect Calculation of Buffer Size vulnerability in Microsoft Internet Information Server FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. | 7.5 |
2001-03-26 | CVE-2001-0195 | Improper Preservation of Permissions vulnerability in Debian Linux 2.2 sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking. | 7.8 |
2001-02-12 | CVE-2001-0006 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Windows NT 4.0 The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. | 7.1 |