CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-0145 Exec Code Overflow 2001-05-03 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.
2 CVE-2001-0147 Exec Code Overflow 2001-05-03 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.
3 CVE-2001-0152 2001-05-03 2018-10-12
2.1
None Local Low Not required Partial None None
The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.
4 CVE-2001-0153 119 Exec Code Overflow 2001-05-03 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands.
5 CVE-2001-0154 2001-05-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
6 CVE-2001-0165 Overflow +Priv 2001-05-03 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument.
7 CVE-2001-0167 Exec Code Overflow 2001-05-03 2017-12-19
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string.
8 CVE-2001-0168 Exec Code Overflow 2001-05-03 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.
9 CVE-2001-0171 DoS Exec Code Overflow 2001-05-03 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long GET request.
10 CVE-2001-0173 Exec Code Overflow 2001-05-03 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header.
11 CVE-2001-0174 DoS Exec Code Overflow 2001-05-03 2017-10-10
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a large "To" address.
12 CVE-2001-0179 2001-05-03 2017-10-10
5.0
None Remote Low Not required Partial None None
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."
13 CVE-2001-0180 Exec Code 2001-05-03 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter.
14 CVE-2001-0186 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
15 CVE-2001-0191 Exec Code Overflow 2001-05-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.
16 CVE-2001-0192 Exec Code Overflow 2001-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions.
17 CVE-2001-0193 +Priv 2001-05-03 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.
18 CVE-2001-0194 Exec Code Overflow 2001-05-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.
19 CVE-2001-0196 2001-05-03 2017-10-10
5.0
None Remote Low Not required Partial None None
inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group.
20 CVE-2001-0198 1 Exec Code Overflow 2001-05-03 2017-12-19
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
21 CVE-2001-0199 Dir. Trav. 2001-05-03 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request.
22 CVE-2001-0200 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled.
23 CVE-2001-0202 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Picserver web server allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTP GET request.
24 CVE-2001-0205 Dir. Trav. 2001-05-03 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "..." into the requested pathname, a modified .. (dot dot) attack.
25 CVE-2001-0213 Exec Code Overflow 2001-05-03 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in pi program in PlanetIntra 2.5 allows remote attackers to execute arbitrary commands.
26 CVE-2001-0218 Exec Code 2001-05-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands.
27 CVE-2001-0226 Dir. Trav. 2001-05-03 2017-07-12
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in BiblioWeb web server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) or ... attack in an HTTP GET request.
28 CVE-2001-0227 DoS Exec Code Overflow 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.
29 CVE-2001-0228 Dir. Trav. 2001-05-03 2017-12-20
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request.
30 CVE-2001-0229 +Priv 2001-05-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts.
31 CVE-2001-0234 +Priv 2001-05-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter.
32 CVE-2001-0236 Exec Code Overflow 2001-05-03 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.
33 CVE-2001-0266 +Priv 2001-05-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges.
34 CVE-2001-0267 +Priv 2001-05-03 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpoints, which allows local users to gain privileges.
35 CVE-2001-0268 +Priv 2001-05-03 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
36 CVE-2001-0269 Bypass 2001-05-03 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password.
37 CVE-2001-0270 DoS 2001-05-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Marconi ASX-1000 ASX switches allow remote attackers to cause a denial of service in the telnet and web management interfaces via a malformed packet with the SYN-FIN and More Fragments attributes set.
38 CVE-2001-0271 Exec Code 2001-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitrary commands via a user name that contains shell metacharacters.
39 CVE-2001-0272 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter.
40 CVE-2001-0273 2001-05-03 2017-07-11
2.6
None Remote High Not required Partial None None
pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.
41 CVE-2001-0274 Exec Code 2001-05-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
42 CVE-2001-0275 DoS Exec Code 2001-05-03 2008-09-05
2.1
None Local Low Not required None None Partial
Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request.
43 CVE-2001-0276 2001-05-03 2017-10-10
6.4
None Remote Low Not required Partial None Partial
ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path.
44 CVE-2001-0277 DoS Exec Code Overflow 2001-05-03 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.
45 CVE-2001-0278 +Priv 2001-05-03 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local users to gain privileges.
46 CVE-2001-0279 Overflow +Priv 2001-05-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.
47 CVE-2001-0280 Exec Code Overflow 2001-05-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command.
48 CVE-2001-0281 +Priv 2001-05-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges.
49 CVE-2001-0282 DoS Exec Code 2001-05-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
SEDUM 2.1 HTTP server allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
50 CVE-2001-0283 Dir. Trav. 2001-05-03 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT.
Total number of vulnerabilities : 105   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.