LiveActive security incident?Get immediate response
CVE archive

March 2001

Browse CVE records published in March 2001, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 373 matching CVEs · Page 3 of 8.

Unknown · CVSS Not scored

CVE-2001-1101: The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check f...

The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.

Published Mar 15, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-1056: IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended fir...

IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.

Published Mar 9, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-1016: PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Ser...

PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability."

Published Mar 9, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-0834: htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to...

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

Published Mar 9, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-0877: Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of...

Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.

Published Mar 9, 2002 · Updated Aug 8, 2024