ID: CVE-2001-1209 |
Title: All Servers: Abe Timmerman zml.cgi File Disclosure Vulnerability |
Type: Web |
Bulletins:
CVE-2001-1209 SFBID3759 |
Severity: Medium |
Description: Remote file retrieving. | ||||
Applies to: |
Created: 2001-12-31 |
Updated: 2010-08-21 |
ID: CVE-2001-1210 |
Title: Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary... |
Type: Hardware |
Bulletins:
CVE-2001-1210 SFBID3758 |
Severity: Medium |
Description: Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings. | ||||
Applies to: Cisco uBR 924 Cable Access Router Cisco uBR 925 Cable Access Router |
Created: 2001-12-30 |
Updated: 2020-08-14 |
ID: CVE-2001-1220 |
Title: D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. |
Type: Hardware |
Bulletins:
CVE-2001-1220 SFBID3735 |
Severity: High |
Description: D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. | ||||
Applies to: DWL-1000AP |
Created: 2001-12-21 |
Updated: 2020-08-14 |
ID: CVE-2001-1221 |
Title: D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information. |
Type: Hardware |
Bulletins:
CVE-2001-1221 SFBID3736 |
Severity: Medium |
Description: D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information. | ||||
Applies to: DWL-1000AP |
Created: 2001-12-21 |
Updated: 2020-08-14 |
ID: CVE-2001-0861 |
Title: Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies. |
Type: Hardware |
Bulletins:
CVE-2001-0861 SFBID3534 |
Severity: Medium |
Description: Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies. | ||||
Applies to: Cisco 12000 Router Series |
Created: 2001-12-06 |
Updated: 2020-08-14 |
ID: CVE-2001-0862 |
Title: Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL. |
Type: Hardware |
Bulletins:
CVE-2001-0862 SFBID3535 |
Severity: High |
Description: Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL. | ||||
Applies to: Cisco 12000 Router Series |
Created: 2001-12-06 |
Updated: 2020-08-14 |
ID: CVE-2001-0863 |
Title: Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments. |
Type: Hardware |
Bulletins:
CVE-2001-0863 SFBID3539 |
Severity: Medium |
Description: Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments. | ||||
Applies to: Cisco 12000 Router Series |
Created: 2001-12-06 |
Updated: 2020-08-14 |
ID: CVE-2001-0864 |
Title: Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions. |
Type: Hardware |
Bulletins:
CVE-2001-0864 SFBID3536 |
Severity: High |
Description: Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions. | ||||
Applies to: Cisco 12000 Router Series |
Created: 2001-12-06 |
Updated: 2020-08-14 |
ID: CVE-2001-0865 |
Title: Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access. |
Type: Hardware |
Bulletins:
CVE-2001-0865 SFBID3540 |
Severity: High |
Description: Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access. | ||||
Applies to: Cisco 12000 Router Series |
Created: 2001-12-06 |
Updated: 2020-08-14 |
ID: CVE-2001-0866 |
Title: Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access... |
Type: Hardware |
Bulletins:
CVE-2001-0866 SFBID3537 |
Severity: High |
Description: Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls. | ||||
Applies to: Cisco 12000 Router Series |
Created: 2001-12-06 |
Updated: 2020-08-14 |
ID: CVE-2001-0867 |
Title: Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls. |
Type: Hardware |
Bulletins:
CVE-2001-0867 SFBID3538 |
Severity: High |
Description: Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls. | ||||
Applies to: Cisco 12000 Router Series |
Created: 2001-12-06 |
Updated: 2020-08-14 |
ID: CVE-2001-0929 |
Title: Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists. |
Type: Hardware |
Bulletins:
CVE-2001-0929 SFBID3588 |
Severity: High |
Description: Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists. | ||||
Applies to: |
Created: 2001-11-28 |
Updated: 2020-08-14 |
ID: CVE-2001-0550 |
Title: WU-FTPD glob() function error handling heap corruption |
Type: FTP |
Bulletins:
CVE-2001-0550 SFBID3581 |
Severity: High |
Description: All versions of WU-FTPD alows an attacker to cause a heap corruption, caused by a vulnerability in the glob function. Such function fails to properly signal an error to its caller, and the ftpglob function fails to set the globerr variable under certain situations. The attacker can send a command followed by a tilde and open bracket characters to the FTP server causing a corruption of the process memory space. This allows the execution of arbitrary code on the system with root privileges. In order to detect the vulnerability, the following checks should be enable in the ISS Protection Platform:WuftpGlobHeapCorruptionwuftp-glob-heap-corruptionFor a virtual patch enable the following check in the ISS Protection Platform:FTP_Glob_TildeBrace_VulnsBlock or restrict port 21 in the ISS Protection Platform.For more information on how to do manual protection see: http://xforce.iss.net/xforce/xfdb/7611 | ||||
Applies to: wu-ftpd |
Created: 2001-11-27 |
Updated: 2010-08-21 |
ID: CVE-2001-0895 |
Title: Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the... |
Type: Hardware |
Bulletins:
CVE-2001-0895 SFBID3547 |
Severity: Medium |
Description: Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table. | ||||
Applies to: Cisco Catalyst 2900 Series XL Switches Cisco Catalyst 2950 Series Switches Cisco Catalyst 3500 Series XL Switches Cisco Catalyst 3550 Series Switches Cisco Catalyst 4000 Series Switches Cisco Catalyst C2948G-L3 Ethernet Switch Cisco Catalyst... |
Created: 2001-11-15 |
Updated: 2020-08-14 |
ID: REF000251 |
Title: SSH server accepts Version 1.x connections |
Type: Miscellaneous |
Bulletins: | Severity: Medium |
Description: SSH protocol Version 1 has various vulnerabilities, this should be disabled and only version 2 clients should be allowed to connect. For more information, visit: http://www.ssh.com/company/newsroom/article/210/ | ||||
Applies to: |
Created: 2001-11-07 |
Updated: 2010-08-21 |
ID: CVE-2001-1503 |
Title: Solaris Fingerd Discloses Complete User List |
Type: Miscellaneous |
Bulletins:
CVE-2001-1503 SFBID3457 |
Severity: Medium |
Description: Sensitive information disclosure. | ||||
Applies to: Solaris SunOS |
Created: 2001-10-22 |
Updated: 2010-08-21 |
ID: CVE-2001-0750 |
Title: Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. |
Type: Hardware |
Bulletins:
CVE-2001-0750 SFBID2804 |
Severity: Medium |
Description: Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. | ||||
Applies to: |
Created: 2001-10-18 |
Updated: 2020-08-14 |
ID: CVE-2001-0751 |
Title: Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections. |
Type: Hardware |
Bulletins:
CVE-2001-0751 |
Severity: High |
Description: Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections. | ||||
Applies to: |
Created: 2001-10-18 |
Updated: 2020-08-14 |
ID: CVE-2001-0752 |
Title: Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set. |
Type: Hardware |
Bulletins:
CVE-2001-0752 |
Severity: Medium |
Description: Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set. | ||||
Applies to: |
Created: 2001-10-18 |
Updated: 2020-08-14 |
ID: CVE-2001-0753 |
Title: Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. |
Type: Hardware |
Bulletins:
CVE-2001-0753 |
Severity: High |
Description: Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. | ||||
Applies to: |
Created: 2001-10-18 |
Updated: 2020-08-14 |
ID: CVE-2001-0754 |
Title: Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets. |
Type: Hardware |
Bulletins:
CVE-2001-0754 |
Severity: Medium |
Description: Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets. | ||||
Applies to: |
Created: 2001-10-18 |
Updated: 2020-08-14 |
ID: CVE-2001-0757 |
Title: Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet. |
Type: Hardware |
Bulletins:
CVE-2001-0757 SFBID2874 |
Severity: High |
Description: Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet. | ||||
Applies to: Cisco 6400 Universal Access Concentrator |
Created: 2001-10-18 |
Updated: 2020-08-14 |
ID: CVE-2001-1156 |
Title: TYPSoft FTP Server 0-95-1 and possibly prior for Microsoft Windows Can Be Crashed by Remote Users |
Type: FTP |
Bulletins:
CVE-2001-1156 SFBID3409 |
Severity: Medium |
Description: A vulnerability was reported in TYPSoft’s FTP Server, where remote users can cause the server to crash. There is currently no solution to the vulnerability at the moment. If a remote user accesses the FTP service and sends a STOR or RETR command as shown below, the FTP server goes into a denial of service condition since it will consume nearly all CPU resources.RETR ../../*STOR ../../* | ||||
Applies to: TYPSoft FTP Server |
Created: 2001-10-09 |
Updated: 2010-08-21 |
ID: CVE-2001-1071 |
Title: Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements. |
Type: Hardware |
Bulletins:
CVE-2001-1071 SFBID3412 |
Severity: Medium |
Description: Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements. | ||||
Applies to: |
Created: 2001-10-09 |
Updated: 2020-08-14 |
ID: CVE-2001-0650 |
Title: Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute. |
Type: Hardware |
Bulletins:
CVE-2001-0650 SFBID2733 |
Severity: Medium |
Description: Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute. | ||||
Applies to: |
Created: 2001-09-20 |
Updated: 2020-08-14 |
ID: CVE-1999-0756 |
Title: IIS: Cold Fusion check |
Type: Web |
Bulletins:
CVE-1999-0756 |
Severity: Medium |
Description: Related links: www.isummation.com/securing_coldfusion_pages_through_iis.htmlwww.sans.org/rr/papers/index.php?id=300 | ||||
Applies to: IIS |
Created: 2001-09-18 |
Updated: 2010-08-21 |
ID: REF000106 |
Title: IIS: This computer seems to be infected with Nimda |
Type: Web |
Bulletins: | Severity: High |
Description: This system seems to be compromised. For more information, visit: http://www.cert.org/advisories/CA-2001-26.html | ||||
Applies to: IIS |
Created: 2001-09-18 |
Updated: 2010-08-21 |
ID: CVE-2001-1014 |
Title: All Servers: (e)shop Online-Shop System |
Type: Web |
Bulletins:
CVE-2001-1014 SFBID3340 |
Severity: Medium |
Description: Allows attackers to execute commands (web server privilege). | ||||
Applies to: |
Created: 2001-09-15 |
Updated: 2010-08-21 |
ID: CVE-2001-1137 |
Title: D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments. |
Type: Hardware |
Bulletins:
CVE-2001-1137 SFBID3306 |
Severity: Medium |
Description: D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments. | ||||
Applies to: DI-704 |
Created: 2001-09-06 |
Updated: 2020-08-14 |
ID: CVE-2001-0992 |
Title: All Servers: ShopPlus Cart |
Type: Web |
Bulletins:
CVE-2001-0992 |
Severity: Medium |
Description: Script doesn't check symbols. any user can execute commands on webserver. | ||||
Applies to: ShopPlus Cart |
Created: 2001-09-05 |
Updated: 2010-08-21 |
ID: CVE-2001-0711 |
Title: Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. |
Type: Hardware |
Bulletins:
CVE-2001-0711 |
Severity: Medium |
Description: Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. | ||||
Applies to: |
Created: 2001-08-31 |
Updated: 2020-08-14 |
ID: CVE-2001-1064 |
Title: Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop... |
Type: Hardware |
Bulletins:
CVE-2001-1064 SFBID3236 |
Severity: Medium |
Description: Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets. | ||||
Applies to: |
Created: 2001-08-31 |
Updated: 2020-08-14 |
ID: CVE-2001-1065 |
Title: Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. |
Type: Hardware |
Bulletins:
CVE-2001-1065 |
Severity: Medium |
Description: Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. | ||||
Applies to: |
Created: 2001-08-31 |
Updated: 2020-08-14 |
ID: CVE-2001-1168 |
Title: All Servers: PhpMyExplorer Vulnerable to Directory Traversal |
Type: Web |
Bulletins:
CVE-2001-1168 |
Severity: Medium |
Description: Allows attackers to view and read files that reside outside the normal bound directory. | ||||
Applies to: PhpMyExplorer |
Created: 2001-08-29 |
Updated: 2010-08-21 |
ID: CVE-2001-0589 |
Title: NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns. |
Type: Hardware |
Bulletins:
CVE-2001-0589 SFBID2523 |
Severity: Low |
Description: NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns. | ||||
Applies to: |
Created: 2001-08-22 |
Updated: 2020-08-14 |
ID: CVE-2001-0566 |
Title: Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled. |
Type: Hardware |
Bulletins:
CVE-2001-0566 |
Severity: Medium |
Description: Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled. | ||||
Applies to: Cisco Catalyst 2900 Series XL Switches |
Created: 2001-08-14 |
Updated: 2020-08-14 |
ID: CVE-2001-0621 |
Title: The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. |
Type: Hardware |
Bulletins:
CVE-2001-0621 SFBID2745 |
Severity: High |
Description: The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. | ||||
Applies to: Cisco CSS 11100 Content Services Switch Series |
Created: 2001-08-14 |
Updated: 2020-08-14 |
ID: CVE-2001-0622 |
Title: The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating... |
Type: Hardware |
Bulletins:
CVE-2001-0622 SFBID2806 |
Severity: High |
Description: The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. | ||||
Applies to: Cisco CSS 11100 Content Services Switch Series |
Created: 2001-08-14 |
Updated: 2020-08-14 |
ID: CVE-2001-1117 |
Title: LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. |
Type: Hardware |
Bulletins:
CVE-2001-1117 SFBID3141 |
Severity: Medium |
Description: LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. | ||||
Applies to: BEFSR41 |
Created: 2001-08-10 |
Updated: 2020-08-14 |
ID: CVE-2001-1021 |
Title: Ipswitch WS_FTP Server 2-0-2 Will Execute Remotely-Supplied Arbitrary Code |
Type: FTP |
Bulletins:
CVE-2001-1021 |
Severity: High |
Description: There exists a vulnerability in WS_FTP server, allowing a remote user to execute arbitrary code on the server with system privileges. This is due to a buffer overflow triggered by a valid remote user or an anonymous user. A patch has been release by the vendor, which is available at: http://www.ipswitch.com/support/ws_ftp-server/patch-upgrades.asp. The commands used to create a buffer overflow are: DELE, MDTM, MLST, MKD, RMD, RNFR, RNTO, SIZE, STAT, XMKD, and XRMD. Executing one of these commands with an argument longer than 478 bytes will cause such a buffer overflow. A remote user may also send several NULL characters, causing the WS_FTP to consume 100% of the CPU resources, thus causing it to crash. | ||||
Applies to: Ipswitch WS_FTP Server |
Created: 2001-07-26 |
Updated: 2010-08-21 |
ID: CVE-2001-1104 |
Title: SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. |
Type: Hardware |
Bulletins:
CVE-2001-1104 SFBID3098 |
Severity: High |
Description: SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. | ||||
Applies to: SonicWall Firewall SoHo |
Created: 2001-07-25 |
Updated: 2020-08-14 |
ID: CVE-2001-1097 |
Title: Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. |
Type: Hardware |
Bulletins:
CVE-2001-1097 SFBID3096 |
Severity: Medium |
Description: Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. | ||||
Applies to: |
Created: 2001-07-24 |
Updated: 2020-08-14 |
ID: CVE-2001-0514 |
Title: SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such... |
Type: Hardware |
Bulletins:
CVE-2001-0514 SFBID2896 |
Severity: High |
Description: SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network. | ||||
Applies to: wap11 |
Created: 2001-07-21 |
Updated: 2020-08-14 |
ID: CVE-2001-0537 |
Title: HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. |
Type: Hardware |
Bulletins:
CVE-2001-0537 SFBID2936 |
Severity: High |
Description: HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. | ||||
Applies to: |
Created: 2001-07-21 |
Updated: 2020-08-14 |
ID: REF000105 |
Title: IIS: This computer is infected with CodeRed |
Type: Web |
Bulletins: | Severity: High |
Description: This system seems to be compromised. For more information, visit: http://www.securiteam.com/windowsntfocus/5WP0L004US.html | ||||
Applies to: IIS |
Created: 2001-07-20 |
Updated: 2010-08-21 |
ID: CVE-2001-0804 |
Title: All Servers: Directory traversal vulnerability in story.pl |
Type: Web |
Bulletins:
CVE-2001-0804 SFBID3028 |
Severity: Medium |
Description: Directory traversal. | ||||
Applies to: |
Created: 2001-07-15 |
Updated: 2010-08-21 |
ID: CVE-2001-1183 |
Title: PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. |
Type: Hardware |
Bulletins:
CVE-2001-1183 SFBID3022 |
Severity: Medium |
Description: PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. | ||||
Applies to: |
Created: 2001-07-12 |
Updated: 2020-08-14 |
ID: CVE-2001-0429 |
Title: Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service. |
Type: Hardware |
Bulletins:
CVE-2001-0429 SFBID2604 |
Severity: Medium |
Description: Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service. | ||||
Applies to: |
Created: 2001-07-02 |
Updated: 2020-08-14 |
ID: CVE-2001-0444 |
Title: Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. |
Type: Hardware |
Bulletins:
CVE-2001-0444 SFBID2635 |
Severity: Low |
Description: Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. | ||||
Applies to: |
Created: 2001-07-02 |
Updated: 2020-08-14 |
ID: CVE-2001-0455 |
Title: Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. |
Type: Hardware |
Bulletins:
CVE-2001-0455 |
Severity: High |
Description: Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. | ||||
Applies to: Cisco Aironet Ap340 |
Created: 2001-06-27 |
Updated: 2020-08-14 |
ID: CVE-2001-0698 |
Title: SurgeFTP nlist directory traversal |
Type: FTP |
Bulletins:
CVE-2001-0698 SFBID2892 |
Severity: Medium |
Description: SurgeFTP Server version 2.0a is prone to a vulnerability where a remote attacker can traverse directories, if the attacker issues an NLIST command followed by a ‘dot dot’ (/../) sequence. The attacker will be able to view any file on the server. This vulnerability issue can be solved by upgrading to the latest version i.e. 20.b or later, which can be found at: http://www.netwinsite.com/surgeftp/ | ||||
Applies to: SurgeFTP |
Created: 2001-06-19 |
Updated: 2010-08-21 |
ID: CVE-2001-0821 |
Title: All Servers: DCShop vulnerability |
Type: Web |
Bulletins:
CVE-2001-0821 SFBID2889 |
Severity: High |
Description: Possible retrieval of sensitive information. | ||||
Applies to: DCShop |
Created: 2001-06-18 |
Updated: 2010-08-21 |
ID: CVE-2001-0375 |
Title: Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. |
Type: Hardware |
Bulletins:
CVE-2001-0375 SFBID2551 |
Severity: Medium |
Description: Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. | ||||
Applies to: Cisco PIX 515 Firewall Cisco PIX 520 Firewall |
Created: 2001-06-18 |
Updated: 2020-08-14 |
ID: CVE-2001-0412 |
Title: Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. |
Type: Hardware |
Bulletins:
CVE-2001-0412 SFBID2559 |
Severity: High |
Description: Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. | ||||
Applies to: Cisco CSS 11050 Content Services Switch Cisco CSS 11150 Content Services Switch Cisco CSS 11800 Content Services Switch |
Created: 2001-06-18 |
Updated: 2020-08-14 |
ID: CVE-2001-0427 |
Title: Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several... |
Type: Hardware |
Bulletins:
CVE-2001-0427 |
Severity: High |
Description: Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts. | ||||
Applies to: Cisco VPN 3015 Concentrator Cisco VPN 3030 Concentrator Cisco VPN 3060 Concentrator Cisco VPN 3080 Concentrator Cisco Vpn 3005 Concentrator |
Created: 2001-06-18 |
Updated: 2020-08-14 |
ID: CVE-2001-0376 |
Title: SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This... |
Type: Hardware |
Bulletins:
CVE-2001-0376 |
Severity: High |
Description: SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used. | ||||
Applies to: SonicWall Firewall SoHo 2 SonicWall Firewall Tele 2 |
Created: 2001-06-18 |
Updated: 2020-08-14 |
ID: CVE-2001-0820 |
Title: Possible Gaztek HTTP Daemon (ghttpd) buffer overflow |
Type: Miscellaneous |
Bulletins:
CVE-2001-0820 SFBID2879 |
Severity: Medium |
Description: Run arbitrary code (ghttpd privileges). | ||||
Applies to: ghttpd |
Created: 2001-06-17 |
Updated: 2010-08-21 |
ID: CVE-2001-0688 |
Title: Broker FTP server 5.9.5.0 |
Type: FTP |
Bulletins:
CVE-2001-0688 SFBID2851 |
Severity: Medium |
Description: Broker FTP Server 5.9.5.0 is prone to two vulnerabilities, one being a Buffer Overflow, which may cause a Denial of Service (DoS) condition, while the other one leads to a Directory Traversal, where an attacker will be able to look through the files and folders of a system. There is currently no solution for any of the above vulnerabilities. The buffer overflow can be generated by repeatedly sending the following command:CWD . . orCD . . (for an FTP client). An attacker could also add some more spaces between the dots for a worse effect. The server will add these directory paths to the current path, causing a DoS condition after a certain bound has been reached. One can go through the contents of a drive available on the system, by first going to the home directory when typing the following command:CD C: or CD C:\One can then use the LS command to go through the available files. Although one will be able to go through the files available, it is not possible to send or receive files. | ||||
Applies to: Broker FTP server |
Created: 2001-06-10 |
Updated: 2010-08-21 |
ID: CVE-2001-0767 |
Title: GuildFTPD FTP |
Type: FTP |
Bulletins:
CVE-2001-0767 SFBID2789 |
Severity: Medium |
Description: There exists a vulnerability in GuildFTPd version 0.97 known as a directory traversal. This allows anyone with a valid FTP login to read arbitrary files on the system. In order to resolve this problem one will have to upgrade the FTP server to a later version. The commands which cause the directory traversal are:CD ../CD .../CD /.../CD C:\ and others. All of these commands give the ‘550 Access denied’ error. | ||||
Applies to: GuildFTPD |
Created: 2001-05-26 |
Updated: 2010-08-21 |
ID: CVE-2001-0561 |
Title: All Servers: A1Stats |
Type: Web |
Bulletins:
CVE-2001-0561 CVE-2001-0562 SFBID2705 |
Severity: Medium |
Description: Remote file retrieving. | ||||
Applies to: A1Stats |
Created: 2001-05-07 |
Updated: 2010-08-21 |
ID: CVE-1999-0922 |
Title: IIS: Cold Fusion check |
Type: Web |
Bulletins:
CVE-1999-0922 |
Severity: Medium |
Description: Related links: www.macromedia.com/devnet/coldfusion/security.html www.isummation.com/securing_coldfusion_pages_through_iis.html www.sans.org/rr/papers/index.php?id=300 | ||||
Applies to: IIS |
Created: 2001-05-07 |
Updated: 2010-08-21 |
ID: CVE-2001-0288 |
Title: Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. |
Type: Hardware |
Bulletins:
CVE-2001-0288 |
Severity: High |
Description: Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. | ||||
Applies to: |
Created: 2001-05-03 |
Updated: 2020-08-14 |
ID: CVE-2001-0463 |
Title: All Servers: PerlCal allows remote file retrieving |
Type: Web |
Bulletins:
CVE-2001-0463 SFBID2663 |
Severity: Medium |
Description: Remove file retrieving. | ||||
Applies to: PerlCal |
Created: 2001-04-27 |
Updated: 2010-08-21 |
ID: CVE-2001-0272 |
Title: All Servers: sendtemp.pl |
Type: Web |
Bulletins:
CVE-2001-0272 |
Severity: Medium |
Description: Remote file retrieving. | ||||
Applies to: |
Created: 2001-04-04 |
Updated: 2010-08-21 |
ID: CVE-2001-0466 |
Title: All Servers: uStorekeeper allows remote file retrieving |
Type: Web |
Bulletins:
CVE-2001-0466 |
Severity: Medium |
Description: Remote file retrieving. | ||||
Applies to: uStorekeeper |
Created: 2001-04-03 |
Updated: 2010-08-21 |
ID: CVE-2001-0236 |
Title: Possible snmpXdmid SunOS buffer overflow |
Type: RPC |
Bulletins:
CVE-2001-0236 SFBID2417 |
Severity: High |
Description: Some versions of this service are vulnerable (Run arbitrary commands as root). | ||||
Applies to: |
Created: 2001-03-15 |
Updated: 2010-08-21 |
ID: CVE-2000-0368 |
Title: Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. |
Type: Hardware |
Bulletins:
CVE-2000-0368 |
Severity: Low |
Description: Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. | ||||
Applies to: |
Created: 2001-03-12 |
Updated: 2020-08-14 |
ID: CVE-2001-0360 |
Title: All Servers: Ikonboard allows remote file retrieving |
Type: Web |
Bulletins:
CVE-2001-0360 SFBID2471 |
Severity: Medium |
Description: Remote file retrieving. | ||||
Applies to: Ikonboard |
Created: 2001-03-11 |
Updated: 2010-08-21 |
ID: CVE-2001-0293 |
Title: FtpXQ FTP Server |
Type: FTP |
Bulletins:
CVE-2001-0293 SFBID2426 |
Severity: Medium |
Description: FTPXQ FTP Server 2.0.93 is prone to a vulnerability known as directory traversal, where remote attackers read arbitrary files via a .. (dot dot) in the GET command. An attacker will thus have the ability to view any file on a remote computer. There is currently a fix available for such a vulnerability. | ||||
Applies to: FtpXQ FTP Server |
Created: 2001-02-28 |
Updated: 2010-08-21 |
ID: CVE-2002-0558 |
Title: TYPSoft FTP Server 0-97-1 and prior Discloses Listing of Directory Contents for Any Directory on the |
Type: FTP |
Bulletins:
CVE-2002-0558 SFBID2489 |
Severity: Medium |
Description: TYPSoft’s FTP server is prone to a vulnerability, where a remote user can obtain a listing of the files located on the same drive as the FTP server. This vulnerability has been solved with the new fixed version 0.97.5, which is available at the vendor’s web site at: http://www.typsoft.com/Some example of FTP commands which cause the crash are:ls ../../*.*ls "../../My%20files/*.*" | ||||
Applies to: TYPSoft FTP Server |
Created: 2001-02-28 |
Updated: 2010-08-21 |
ID: CVE-2001-1434 |
Title: Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created. |
Type: Hardware |
Bulletins:
CVE-2001-1434 |
Severity: Medium |
Description: Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created. | ||||
Applies to: |
Created: 2001-02-28 |
Updated: 2020-08-14 |
ID: CVE-2004-1776 |
Title: Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. |
Type: Hardware |
Bulletins:
CVE-2004-1776 |
Severity: High |
Description: Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. | ||||
Applies to: |
Created: 2001-02-28 |
Updated: 2020-08-14 |
ID: SFBID2698 |
Title: Multiple WarFTPd (1-71) DoS |
Type: FTP |
Bulletins:
SFBID2698 |
Severity: Medium |
Description: A vulnerability exists in the following FTP servers: Serv-U FTP Server, G6 FTP Server and WarFTPd Server. Submitting an ‘a:/’ with the GET or RETR command appended with arbitrary data repeatedly, will cause a denial of service, since the CPU usage will go up to 100%.There are no solutions or vendor-supplied patches for this vulnerability. | ||||
Applies to: WarFTPd |
Created: 2001-02-17 |
Updated: 2010-08-21 |
ID: CVE-2001-0305 |
Title: All Servers: Arts Store.cgi |
Type: Web |
Bulletins:
CVE-2001-0305 SFBID2385 |
Severity: Medium |
Description: Remote file retrieving. | ||||
Applies to: |
Created: 2001-02-16 |
Updated: 2010-08-21 |
ID: CVE-2001-0041 |
Title: Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts. |
Type: Hardware |
Bulletins:
CVE-2001-0041 SFBID2072 |
Severity: High |
Description: Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts. | ||||
Applies to: |
Created: 2001-02-16 |
Updated: 2020-08-14 |
ID: CVE-2001-0055 |
Title: CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets. |
Type: Hardware |
Bulletins:
CVE-2001-0055 |
Severity: Medium |
Description: CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets. | ||||
Applies to: Cisco 600 Routers |
Created: 2001-02-16 |
Updated: 2020-08-14 |
ID: CVE-2001-0056 |
Title: The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection. |
Type: Hardware |
Bulletins:
CVE-2001-0056 |
Severity: High |
Description: The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection. | ||||
Applies to: |
Created: 2001-02-16 |
Updated: 2020-08-14 |
ID: CVE-2001-0057 |
Title: Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet. |
Type: Hardware |
Bulletins:
CVE-2001-0057 |
Severity: Medium |
Description: Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet. | ||||
Applies to: Cisco 600 Routers |
Created: 2001-02-16 |
Updated: 2020-08-14 |
ID: CVE-2001-0058 |
Title: The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character. |
Type: Hardware |
Bulletins:
CVE-2001-0058 |
Severity: Medium |
Description: The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character. | ||||
Applies to: Cisco 600 Routers |
Created: 2001-02-16 |
Updated: 2020-08-14 |
ID: CVE-2001-0212 |
Title: All Servers: Auktion.cgi |
Type: Web |
Bulletins:
CVE-2001-0212 SFBID2367 |
Severity: Medium |
Description: Remote command execution. | ||||
Applies to: |
Created: 2001-02-12 |
Updated: 2010-08-21 |
ID: CVE-2001-0210 |
Title: All Servers: Commerce.cgi |
Type: Web |
Bulletins:
CVE-2001-0210 SFBID2361 |
Severity: Medium |
Description: Remote file retrieving. | ||||
Applies to: |
Created: 2001-02-12 |
Updated: 2010-08-21 |
ID: CVE-2001-0212 |
Title: All Servers: HIS Aktion |
Type: Web |
Bulletins:
CVE-2001-0212 SFBID2367 |
Severity: Medium |
Description: Remote file retrieving. | ||||
Applies to: |
Created: 2001-02-12 |
Updated: 2010-08-21 |
ID: CVE-2001-0215 |
Title: All Servers: Roads search system |
Type: Web |
Bulletins:
CVE-2001-0215 SFBID2371 |
Severity: Medium |
Description: Remote file retrieving. | ||||
Applies to: |
Created: 2001-02-12 |
Updated: 2010-08-21 |
ID: CVE-2001-0214 |
Title: All Servers: Way-board |
Type: Web |
Bulletins:
CVE-2001-0214 SFBID2370 |
Severity: Medium |
Description: Remote file retrieving. | ||||
Applies to: Way-board |
Created: 2001-02-12 |
Updated: 2010-08-21 |
ID: CVE-2001-0211 |
Title: All Servers: WebSPIRS |
Type: Web |
Bulletins:
CVE-2001-0211 SFBID2362 |
Severity: Low |
Description: Remote file retrieving. | ||||
Applies to: WebSPIRS |
Created: 2001-02-12 |
Updated: 2010-08-21 |
ID: CVE-2001-0080 |
Title: Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error. |
Type: Hardware |
Bulletins:
CVE-2001-0080 SFBID2117 |
Severity: Medium |
Description: Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error. | ||||
Applies to: Cisco Catalyst 4000 Series Switches Cisco Catalyst 6000 |
Created: 2001-02-12 |
Updated: 2020-08-14 |
ID: CVE-2001-0144 |
Title: SSH1 CRC-32 compensation attack |
Type: Miscellaneous |
Bulletins:
CVE-2001-0144 SFBID2347 |
Severity: High |
Description: Possible remote root. | ||||
Applies to: |
Created: 2001-02-08 |
Updated: 2010-08-21 |
ID: CVE-2001-0015 |
Title: Network Dynamic Data Exchange (DDE) vulnerability |
Type: Registry |
Bulletins:
CVE-2001-0015 MS01-007 |
Severity: Medium |
Description: An malicious user can elevate his privileges. | ||||
Applies to: Windows 2000 |
Created: 2001-02-05 |
Updated: 2010-08-21 |
ID: CVE-2001-0010 |
Title: BIND 8-2-1, 8-2-2 |
Type: DNS |
Bulletins:
CVE-2001-0010 SFBID2302 |
Severity: High |
Description: BIND is a server program which uses the domain name service protocol, and is used by many DNS servers. BIND version 8 contains an overflow, allowing remote attackers to execute code with root privileges. An upgrade to BIND version 9.1.0 or installing vendor-supplied fixes is recommended. These are available at http://www.securityfocus.com/bid/2302/solution. The overflow allows some memory locations to be overwritten by known values when invalid transaction signatures are being handled. When using UDP a stack frame in BIND can be overwritten, while when using TCP the heap can be overwritten. | ||||
Applies to: BIND |
Created: 2001-01-29 |
Updated: 2010-08-21 |
ID: CVE-2002-0400 |
Title: BIND - Prior to Version 9 |
Type: DNS |
Bulletins:
CVE-2002-0400 SFBID4936 |
Severity: Medium |
Description: BIND is a Domain Name Service (DNS) used for converting hostnames into the corresponding IP addresses. Since they are used for Internet purposes, DNSs are a popular target for attackers. A number of servers currently in production are outdated, miss-configured and/or vulnerable, hence making them more prone to attacks such as denial of service, buffer flows etc. Outdated and/or un-patched versions of BIND are most likely vulnerable, thus if one is running a version of BIND, one should ensure that it is the latest version. The current three main version of BIND are 4, 8, and 9. In order to solve such a vulnerability, one should apply all vendor patches or else upgrade to the latest version. | ||||
Applies to: BIND |
Created: 2001-01-29 |
Updated: 2010-08-21 |
ID: CVE-2001-0253 |
Title: All Servers: Hyperseek |
Type: Web |
Bulletins:
CVE-2001-0253 SFBID2314 |
Severity: Medium |
Description: Remote file retrieving. | ||||
Applies to: |
Created: 2001-01-28 |
Updated: 2010-08-21 |
ID: CVE-2001-0113 |
Title: OmniHTTPd v2.07 |
Type: Miscellaneous |
Bulletins:
CVE-2001-0113 CAN-2001-0114 SFBID2211 |
Severity: High |
Description: Insecure cgi scripts. | ||||
Applies to: OmniHTTPd |
Created: 2001-01-15 |
Updated: 2010-08-21 |
ID: CVE-2000-1097 |
Title: The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. |
Type: Hardware |
Bulletins:
CVE-2000-1097 SFBID2013 |
Severity: Medium |
Description: The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. | ||||
Applies to: SonicWall Firewall SoHo |
Created: 2001-01-09 |
Updated: 2020-08-14 |
ID: CVE-2000-1098 |
Title: The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. |
Type: Hardware |
Bulletins:
CVE-2000-1098 |
Severity: Medium |
Description: The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. | ||||
Applies to: SonicWall Firewall SoHo |
Created: 2001-01-09 |
Updated: 2020-08-14 |
ID: CVE-2001-0161 |
Title: Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks. |
Type: Hardware |
Bulletins:
CVE-2001-0161 |
Severity: Medium |
Description: Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks. | ||||
Applies to: Cisco Aironet Ap340 |
Created: 2001-01-01 |
Updated: 2020-08-14 |
ID: CVE-2001-0163 |
Title: Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. |
Type: Hardware |
Bulletins:
CVE-2001-0163 |
Severity: Medium |
Description: Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. | ||||
Applies to: Cisco Aironet Ap340 |
Created: 2001-01-01 |
Updated: 2020-08-14 |