Latest CVE Feed
-
5.0
MEDIUMCVE-2001-1554
IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets.... Read more
Affected Products : aix- EPSS Score: %0.79
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2001-1520
Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN.... Read more
Affected Products : xircom_rex_6000- EPSS Score: %0.15
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2001-1511
JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570".... Read more
Affected Products : jrun- EPSS Score: %0.59
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2001-1491
Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.... Read more
Affected Products : opera_web_browser- EPSS Score: %4.72
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2001-1527
easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access.... Read more
Affected Products : easynews- EPSS Score: %0.06
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2001-1525
Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter.... Read more
Affected Products : easynews- EPSS Score: %4.43
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2001-1510
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the re... Read more
Affected Products : jrun- EPSS Score: %3.38
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2001-1572
The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.... Read more
Affected Products : linux_kernel- EPSS Score: %0.40
- Published: Dec. 31, 2001
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2001-1207
Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA.... Read more
Affected Products : daydream_bbs- EPSS Score: %9.49
- Published: Dec. 30, 2001
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2001-1466
Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password.... Read more
Affected Products : securecrt- EPSS Score: %4.79
- Published: Dec. 30, 2001
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2001-1206
Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $error_log variable.... Read more
Affected Products : last_lines- EPSS Score: %0.90
- Published: Dec. 30, 2001
- Modified: Apr. 03, 2025
-
6.4
MEDIUMCVE-2001-1210
Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary commun... Read more
- EPSS Score: %0.61
- Published: Dec. 30, 2001
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2001-1205
Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable.... Read more
Affected Products : last_lines- EPSS Score: %0.86
- Published: Dec. 30, 2001
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2001-1433
Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.... Read more
Affected Products : cherokee_httpd- EPSS Score: %1.27
- Published: Dec. 29, 2001
- Modified: Apr. 03, 2025
-
7.8
HIGHCVE-2001-1432
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.... Read more
Affected Products : cherokee_httpd- EPSS Score: %0.57
- Published: Dec. 29, 2001
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2001-1202
Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.... Read more
Affected Products : delegate- EPSS Score: %3.36
- Published: Dec. 28, 2001
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2001-1204
Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.... Read more
Affected Products : php_rocket_add-in- EPSS Score: %1.89
- Published: Dec. 28, 2001
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2001-1203
Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges.... Read more
Affected Products : gpm- EPSS Score: %0.05
- Published: Dec. 27, 2001
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2001-1352
Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter.... Read more
Affected Products : namazu- EPSS Score: %1.24
- Published: Dec. 27, 2001
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2001-1225
Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.... Read more
Affected Products : msql- EPSS Score: %0.06
- Published: Dec. 26, 2001
- Modified: Apr. 03, 2025