search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2001-10-03 2001-10-02 2004-03-24 VU#595507 Common Desktop Environment (CDE) ToolTalk RPC Server rpc.ttdbserverd contains format string vulnerability
2001-10-12 2001-10-01 2001-10-31 VU#639507 Cisco PIX Firewall Manager stores enable password in plain text
2002-01-31 2001-10-01 2002-01-31 VU#507771 AOL Instant Messenger vulnerable to DoS via crafted packets
2001-10-11 2001-10-01 2003-04-14 VU#782155 OpenView Network Node Manager contains vulnerability allowing for privilege escalation
2001-11-19 2001-10-01 2001-11-19 VU#275979 Compaq web-enabled management software buffer overflow vulnerability
2001-12-07 2001-09-27 2001-12-10 VU#905795 OpenSSH fails to properly apply source IP based access control restrictions
2001-12-27 2001-09-26 2003-04-09 VU#500027 3Com HomeConnect Cable Modem vulnerable to DoS via long string of characters
2002-09-24 2001-09-24 2002-09-24 VU#933955 PHPNuke 'admin.php' script does not adequately authenticate users, thereby allowing malicious user to copy, move, or upload files
2002-06-13 2001-09-20 2002-06-13 VU#133771 Lotus Domino Web Server discloses IP address
2002-09-26 2001-09-20 2002-09-26 VU#794211 Pi-Soft SpoonFTP does not adequately validate user input thereby allowing directory traversal
2002-03-06 2001-09-17 2002-03-06 VU#278971 Oracle 9i Application Server does not adequately handle requests for nonexistent JSP files thereby disclosing web folder path information
2002-04-01 2001-09-17 2002-05-03 VU#657899 Lotus Notes does not adequately secure databases thereby permitting arbitrary user to extract file attachments via NSFDbReadObject function call
2001-09-27 2001-09-14 2001-09-27 VU#914859 Microsoft Windows Index Server discloses sensitive configuration information via crafted request to SQLQHit.asp sample application
2002-09-24 2001-09-13 2002-09-24 VU#711491 Textor Webmasters Ltd listrec.pl does not adequately validate user input thereby allowing arbitrary commands to be executed
2002-02-04 2001-09-12 2002-02-25 VU#774587 Kerberos Telnet protocol does not adequately protect authentication and encryption options

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis