LiveActive security incident?Get immediate response
CVE archive

April 2001

Browse CVE records published in April 2001, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 135 matching CVEs · Page 1 of 3.

Unknown · CVSS Not scored

CVE-2001-1473: The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge...

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.

Published Apr 21, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-1471: prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an...

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.

Published Apr 21, 2005 · Updated Aug 8, 2024