CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-1999-1174 Bypass 2001-12-21 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target disk, and using the known password to access the target disk.
2 CVE-2001-0542 Exec Code Overflow 2001-12-20 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
3 CVE-2001-0663 DoS 2001-12-06 2018-10-12
5.0
None Remote Low Not required None None Partial
Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets.
4 CVE-2001-0671 Overflow +Priv 2001-12-06 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges.
5 CVE-2001-0716 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.
6 CVE-2001-0719 Exec Code Overflow 2001-12-06 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.
7 CVE-2001-0720 Exec Code 2001-12-06 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.
8 CVE-2001-0721 DoS 2001-12-06 2018-10-12
5.0
None Remote Low Not required None None Partial
Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request.
9 CVE-2001-0722 2001-12-06 2021-07-23
6.4
None Remote Low Not required Partial Partial None
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."
10 CVE-2001-0726 2001-12-06 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.
11 CVE-2001-0727 Exec Code 2001-12-14 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."
12 CVE-2001-0796 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay.
13 CVE-2001-0797 Exec Code Overflow 2001-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
14 CVE-2001-0799 Exec Code Overflow 2001-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument.
15 CVE-2001-0800 Exec Code 2001-12-06 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
16 CVE-2001-0801 +Priv 2001-12-06 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library.
17 CVE-2001-0803 119 Exec Code Overflow 2001-12-06 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
18 CVE-2001-0804 Dir. Trav. 2001-12-06 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. (dot dot) attack on the "next" parameter.
19 CVE-2001-0805 Dir. Trav. 2001-12-06 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter.
20 CVE-2001-0806 2001-12-06 2017-10-10
3.6
None Local Low Not required Partial Partial None
Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.
21 CVE-2001-0807 2001-12-06 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.
22 CVE-2001-0808 Exec Code 2001-12-06 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.
23 CVE-2001-0809 2001-12-06 2017-10-11
2.1
None Local Low Not required None Partial None
Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.
24 CVE-2001-0815 Exec Code Overflow 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.
25 CVE-2001-0816 Bypass 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
26 CVE-2001-0817 +Priv 2001-12-06 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.
27 CVE-2001-0818 Exec Code Overflow 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data.
28 CVE-2001-0819 119 Exec Code Overflow 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.
29 CVE-2001-0820 Exec Code Overflow 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c.
30 CVE-2001-0821 2001-12-06 2017-12-19
5.0
None Remote Low Not required Partial None None
The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt.
31 CVE-2001-0822 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets.
32 CVE-2001-0823 +Priv 2001-12-06 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).
33 CVE-2001-0824 XSS 2001-12-06 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.
34 CVE-2001-0825 Exec Code Overflow 2001-12-06 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.
35 CVE-2001-0826 Exec Code Overflow 2001-12-06 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS, (4) PORT, (5) DELE, (6) REST, (7) RMD, or (8) MKD.
36 CVE-2001-0827 DoS 2001-12-06 2008-09-10
5.0
None Remote Low Not required None None Partial
Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.
37 CVE-2001-0828 XSS 2001-12-06 2017-10-10
5.1
None Remote High Not required Partial Partial Partial
A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.
38 CVE-2001-0829 XSS 2001-12-06 2008-09-10
5.1
None Remote High Not required Partial Partial Partial
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
39 CVE-2001-0830 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server.
40 CVE-2001-0831 2001-12-06 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access.
41 CVE-2001-0832 2001-12-06 2016-10-18
2.1
None Local Low Not required None Partial None
Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability."
42 CVE-2001-0833 Exec Code Overflow 2001-12-06 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."
43 CVE-2001-0834 DoS 2001-12-06 2017-10-10
6.4
None Remote Low Not required Partial None Partial
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
44 CVE-2001-0835 XSS 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.
45 CVE-2001-0836 Exec Code Overflow 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
46 CVE-2001-0837 2001-12-06 2017-10-10
2.1
None Local Low Not required Partial None None
DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder.
47 CVE-2001-0838 Exec Code 2001-12-06 2017-07-12
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command.
48 CVE-2001-0839 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing.
49 CVE-2001-0840 Exec Code Overflow 2001-12-06 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.
50 CVE-2001-0841 +Priv Dir. Trav. 2001-12-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
Total number of vulnerabilities : 258   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.