search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2002-09-24 2001-12-29 2002-09-24 VU#711315 Cherokee Web Server does not adequately validate user input thereby allowing remote command execution
2002-09-24 2001-12-29 2002-09-24 VU#464827 Cherokee Web Server does not adequately validate user input thereby allowing directory traversal
2002-09-24 2001-12-25 2002-09-24 VU#282403 AdCycle does not adequately validate user input thereby allowing for SQL injection
2001-12-21 2001-12-20 2002-01-09 VU#700575 Buffer overflows in Microsoft SQL Server 7.0 and SQL Server 2000
2001-12-20 2001-12-20 2001-12-21 VU#411059 Microsoft Windows Universal Plug and Play service (UPNP) fails to limit the data returned in response to a NOTIFY message
2001-12-20 2001-12-20 2001-12-21 VU#951555 Microsoft Windows Universal Plug and Play (UPNP) service vulnerable to buffer overflow via malformed advertisement packets
2001-12-21 2001-12-19 2001-12-21 VU#249491 IBM AIX login fails to adequately authenticate user when configured to use loadable authentication modules
2001-12-21 2001-12-19 2003-05-14 VU#598147 Microsoft Internet Explorer does not properly handle document.open()
2002-09-24 2001-12-19 2002-09-24 VU#283723 Exim does not adequately validate user input thereby allow execution of arbitrary commands
2002-10-01 2001-12-17 2002-10-02 VU#328163 Microsoft Windows XMLHTTP component allows remote access to local data sources
2002-08-05 2001-12-17 2003-04-11 VU#157795 Magic Enterprise contains multiple shell scripts that allow arbitrary file overwriting via symlink redirection of temporary file
2002-09-26 2001-12-15 2002-09-26 VU#672419 Unix Manual PHP-Script does not adequately validate user input thereby allowing arbitrary command execution
2002-09-24 2001-12-13 2002-09-24 VU#413875 EFTP does not adequately validate user input thereby allowing directory traversal
2002-01-09 2001-12-13 2002-03-15 VU#758483 Oracle9i Application Server Apache PL/SQL module does not properly decode URL
2001-12-14 2001-12-13 2002-01-03 VU#457787 Microsoft Internet Explorer download dialog may not display complete filenames

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis