CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-0671 Overflow +Priv 2001-12-06 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges.
2 CVE-2001-0797 Exec Code Overflow 2001-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
3 CVE-2001-0799 Exec Code Overflow 2001-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument.
4 CVE-2001-0800 Exec Code 2001-12-06 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
5 CVE-2001-0803 119 Exec Code Overflow 2001-12-06 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
6 CVE-2001-0808 Exec Code 2001-12-06 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.
7 CVE-2001-0817 +Priv 2001-12-06 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.
8 CVE-2001-0825 Exec Code Overflow 2001-12-06 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.
9 CVE-2001-0840 Exec Code Overflow 2001-12-06 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.
10 CVE-2001-0846 Exec Code 2001-12-06 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
11 CVE-2001-0850 Overflow 2001-12-06 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow.
12 CVE-2001-0953 +Priv 2001-12-08 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root.
13 CVE-2001-1196 +Priv Dir. Trav. 2001-12-17 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
14 CVE-2001-1220 +Priv 2001-12-21 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.
15 CVE-2001-1223 +Priv 2001-12-26 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.
16 CVE-2001-1440 2001-12-21 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system.
17 CVE-2001-1481 +Priv 2001-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
18 CVE-2001-1514 2001-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.
19 CVE-2001-1573 Exec Code Overflow 2001-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter.
20 CVE-2001-1574 Exec Code Overflow 2001-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code.
21 CVE-2001-1583 Exec Code 2001-12-31 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.
22 CVE-2001-1432 22 Dir. Trav. 2001-12-29 2017-07-11
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
23 CVE-2001-0542 Exec Code Overflow 2001-12-20 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
24 CVE-2001-0719 Exec Code Overflow 2001-12-06 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.
25 CVE-2001-0720 Exec Code 2001-12-06 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.
26 CVE-2001-0726 2001-12-06 2020-04-09
7.5
None Remote Low Not required Partial Partial Partial
Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.
27 CVE-2001-0727 Exec Code 2001-12-14 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."
28 CVE-2001-0815 Exec Code Overflow 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.
29 CVE-2001-0816 Bypass 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
30 CVE-2001-0818 Exec Code Overflow 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data.
31 CVE-2001-0819 119 Exec Code Overflow 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.
32 CVE-2001-0820 Exec Code Overflow 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c.
33 CVE-2001-0824 XSS 2001-12-06 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.
34 CVE-2001-0826 Exec Code Overflow 2001-12-06 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS, (4) PORT, (5) DELE, (6) REST, (7) RMD, or (8) MKD.
35 CVE-2001-0835 XSS 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.
36 CVE-2001-0836 Exec Code Overflow 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
37 CVE-2001-0838 Exec Code 2001-12-06 2017-07-12
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command.
38 CVE-2001-0839 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing.
39 CVE-2001-0841 +Priv Dir. Trav. 2001-12-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
40 CVE-2001-0842 +Priv Dir. Trav. 2001-12-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
41 CVE-2001-0844 Exec Code 2001-12-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter.
42 CVE-2001-0847 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID.
43 CVE-2001-0849 Exec Code 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget.
44 CVE-2001-0857 XSS 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
45 CVE-2001-0860 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
46 CVE-2001-0862 Bypass 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
47 CVE-2001-0864 Bypass 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.
48 CVE-2001-0865 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.
49 CVE-2001-0866 Bypass 2001-12-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.
50 CVE-2001-0867 Bypass 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.
Total number of vulnerabilities : 258   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.