search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2004-04-23 2004-04-21 2004-04-23 VU#574222 BEA WebLogic Server configuration wizard stores administrative credentials in clear text log files
2002-07-26 2002-07-24 2003-02-05 VU#399260 Microsoft SQL Server 2000 contains heap buffer overflow in SQL Server Resolution Service
2007-10-01 2007-09-25 2008-02-12 VU#571584 Google Gmail cross-site request forgery vulnerability
2002-03-15 1999-08-23 2002-05-03 VU#634847 XDMCP leaks sensitive information by default configuration
2002-09-27 2001-10-13 2002-09-27 VU#921547 PostNuke does not adequately validate user input thereby allowing malicious user to bypass user authentication via SQL injection
2006-02-13 2006-02-06 2006-02-14 VU#124460 Microsoft HTML Help Workshop buffer overflow
2004-09-17 2004-09-14 2004-09-17 VU#651928 Mozilla may allow violation of cross-domain scripting policies via dragging
2005-02-10 2005-02-08 2005-02-22 VU#107822 Symantec products vulnerable to buffer overflow via a specially crafted UPX file
2001-12-21 2001-12-19 2003-05-14 VU#598147 Microsoft Internet Explorer does not properly handle document.open()
2004-04-14 2004-04-13 2004-04-14 VU#753212 Microsoft LSA Service contains buffer overflow in DsRolepInitializeLog() function
2005-09-02 2005-08-30 2005-09-02 VU#619812 UMN Gopher vulnerable to buffer overflow via overly long "+VIEWS:"
2005-01-27 2005-01-04 2005-04-28 VU#702777 UW-imapd fails to properly authenticate users when using CRAM-MD5
2004-03-10 2004-02-18 2004-03-25 VU#981222 Linux kernel mremap(2) system call does not properly check return value from do_munmap() function
2004-04-14 2004-04-13 2004-04-14 VU#526084 Microsoft Windows Utility Manager contains vulnerability in the way it launches applications
2001-09-18 2001-03-01 2001-09-18 VU#796584 Microsoft Windows 2000 Internet Information Server (IIS) and Exchange 2000 vulnerable to DoS via malformed URL (MS01-014)

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis