| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2001-0671 |
|
|
Overflow +Priv |
2001-12-06 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges. |
|
2 |
CVE-2001-0797 |
|
|
Exec Code Overflow |
2001-12-12 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. |
|
3 |
CVE-2001-0799 |
|
|
Exec Code Overflow |
2001-12-06 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument. |
|
4 |
CVE-2001-0800 |
|
|
Exec Code |
2001-12-06 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. |
|
5 |
CVE-2001-0803 |
119 |
|
Exec Code Overflow |
2001-12-06 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands. |
|
6 |
CVE-2001-0808 |
|
|
Exec Code |
2001-12-06 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter. |
|
7 |
CVE-2001-0817 |
|
|
+Priv |
2001-12-06 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request. |
|
8 |
CVE-2001-0825 |
|
|
Exec Code Overflow |
2001-12-06 |
2018-05-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. |
|
9 |
CVE-2001-0840 |
|
|
Exec Code Overflow |
2001-12-06 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI. |
|
10 |
CVE-2001-0846 |
|
|
Exec Code |
2001-12-06 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf). |
|
11 |
CVE-2001-0850 |
|
|
Overflow |
2001-12-06 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow. |
|
12 |
CVE-2001-0953 |
|
|
+Priv |
2001-12-08 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root. |
|
13 |
CVE-2001-1196 |
|
|
+Priv Dir. Trav. |
2001-12-17 |
2016-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument. |
|
14 |
CVE-2001-1220 |
|
|
+Priv |
2001-12-21 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. |
|
15 |
CVE-2001-1223 |
|
|
+Priv |
2001-12-26 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server. |
|
16 |
CVE-2001-1440 |
|
|
|
2001-12-21 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system. |
|
17 |
CVE-2001-1481 |
|
|
+Priv |
2001-12-31 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges. |
|
18 |
CVE-2001-1514 |
|
|
|
2001-12-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. |
|
19 |
CVE-2001-1573 |
|
|
Exec Code Overflow |
2001-12-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter. |
|
20 |
CVE-2001-1574 |
|
|
Exec Code Overflow |
2001-12-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code. |
|
21 |
CVE-2001-1583 |
|
|
Exec Code |
2001-12-31 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220. |
|
22 |
CVE-2001-1432 |
22 |
|
Dir. Trav. |
2001-12-29 |
2017-07-11 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
|
23 |
CVE-2001-0542 |
|
|
Exec Code Overflow |
2001-12-20 |
2018-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. |
|
24 |
CVE-2001-0719 |
|
|
Exec Code Overflow |
2001-12-06 |
2018-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. |
|
25 |
CVE-2001-0720 |
|
|
Exec Code |
2001-12-06 |
2018-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled. |
|
26 |
CVE-2001-0726 |
|
|
|
2001-12-06 |
2020-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. |
|
27 |
CVE-2001-0727 |
|
|
Exec Code |
2001-12-14 |
2021-07-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability." |
|
28 |
CVE-2001-0815 |
|
|
Exec Code Overflow |
2001-12-06 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension. |
|
29 |
CVE-2001-0816 |
|
|
Bypass |
2001-12-06 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands. |
|
30 |
CVE-2001-0818 |
|
|
Exec Code Overflow |
2001-12-06 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data. |
|
31 |
CVE-2001-0819 |
119 |
|
Exec Code Overflow |
2001-12-06 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header. |
|
32 |
CVE-2001-0820 |
|
|
Exec Code Overflow |
2001-12-06 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c. |
|
33 |
CVE-2001-0824 |
|
|
XSS |
2001-12-06 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. |
|
34 |
CVE-2001-0826 |
|
|
Exec Code Overflow |
2001-12-06 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS, (4) PORT, (5) DELE, (6) REST, (7) RMD, or (8) MKD. |
|
35 |
CVE-2001-0835 |
|
|
XSS |
2001-12-06 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup. |
|
36 |
CVE-2001-0836 |
|
|
Exec Code Overflow |
2001-12-06 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. |
|
37 |
CVE-2001-0838 |
|
|
Exec Code |
2001-12-06 |
2017-07-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command. |
|
38 |
CVE-2001-0839 |
|
|
|
2001-12-06 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing. |
|
39 |
CVE-2001-0841 |
|
|
+Priv Dir. Trav. |
2001-12-06 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie. |
|
40 |
CVE-2001-0842 |
|
|
+Priv Dir. Trav. |
2001-12-06 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie. |
|
41 |
CVE-2001-0844 |
|
|
Exec Code |
2001-12-06 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter. |
|
42 |
CVE-2001-0847 |
|
|
|
2001-12-06 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID. |
|
43 |
CVE-2001-0849 |
|
|
Exec Code |
2001-12-06 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget. |
|
44 |
CVE-2001-0857 |
|
|
XSS |
2001-12-06 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter. |
|
45 |
CVE-2001-0860 |
|
|
|
2001-12-06 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT). |
|
46 |
CVE-2001-0862 |
|
|
Bypass |
2001-12-06 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL. |
|
47 |
CVE-2001-0864 |
|
|
Bypass |
2001-12-06 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions. |
|
48 |
CVE-2001-0865 |
|
|
|
2001-12-06 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access. |
|
49 |
CVE-2001-0866 |
|
|
Bypass |
2001-12-06 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls. |
|
50 |
CVE-2001-0867 |
|
|
Bypass |
2001-12-06 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls. |
