Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 10.0

    HIGH
    CVE-2001-1291

    The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.... Read more

    • EPSS Score: %9.89
    • Published: Jul. 12, 2001
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2001-1367

    The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.... Read more

    Affected Products : phpslice
    • EPSS Score: %0.93
    • Published: Jul. 19, 2001
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2001-1355

    Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup comma... Read more

    Affected Products : surgeftp dmail
    • EPSS Score: %1.33
    • Published: Jul. 20, 2001
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2001-1356

    NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.... Read more

    Affected Products : surgeftp
    • EPSS Score: %1.10
    • Published: Aug. 04, 2001
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2001-1260

    Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.... Read more

    Affected Products : argent_office
    • EPSS Score: %0.52
    • Published: Aug. 07, 2001
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2001-0555

    ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.... Read more

    Affected Products : siteware iis
    • EPSS Score: %23.60
    • Published: Aug. 14, 2001
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2001-0981

    HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.... Read more

    Affected Products : cifs-9000_server
    • EPSS Score: %0.39
    • Published: Aug. 31, 2001
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2001-1053

    AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.... Read more

    Affected Products : adcycle
    • EPSS Score: %0.46
    • Published: Jul. 13, 2001
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2001-1252

    Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and... Read more

    Affected Products : keyserver
    • EPSS Score: %1.12
    • Published: Sep. 28, 2001
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2001-0808

    gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.... Read more

    Affected Products : gnatsweb
    • EPSS Score: %3.10
    • Published: Dec. 06, 2001
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2001-0840

    Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.... Read more

    Affected Products : insight_manager_xe
    • EPSS Score: %12.53
    • Published: Dec. 06, 2001
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2001-0953

    Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root.... Read more

    Affected Products : kebi_community
    • EPSS Score: %1.10
    • Published: Dec. 08, 2001
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2002-0007

    CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.... Read more

    Affected Products : bugzilla
    • EPSS Score: %1.84
    • Published: Jan. 31, 2002
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2001-1061

    Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error.... Read more

    Affected Products : aix
    • EPSS Score: %0.56
    • Published: Aug. 31, 2001
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2002-1621

    Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : aix
    • EPSS Score: %26.37
    • Published: Apr. 22, 2002
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2002-0267

    preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into ... Read more

    Affected Products : sips
    • EPSS Score: %1.19
    • Published: May. 29, 2002
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2002-0287

    pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.... Read more

    Affected Products : pforum
    • EPSS Score: %0.69
    • Published: May. 31, 2002
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2002-0335

    Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request.... Read more

    • EPSS Score: %8.65
    • Published: Jun. 25, 2002
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2002-0665

    Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.... Read more

    Affected Products : jrun
    • EPSS Score: %3.54
    • Published: Jul. 11, 2002
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2002-0450

    Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe.... Read more

    Affected Products : web\+_server
    • EPSS Score: %6.33
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 292199 Results