CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-0147 Exec Code Overflow 2001-05-03 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.
2 CVE-2001-0168 Exec Code Overflow 2001-05-03 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.
3 CVE-2001-0171 DoS Exec Code Overflow 2001-05-03 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long GET request.
4 CVE-2001-0173 Exec Code Overflow 2001-05-03 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header.
5 CVE-2001-0180 Exec Code 2001-05-03 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter.
6 CVE-2001-0191 Exec Code Overflow 2001-05-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.
7 CVE-2001-0192 Exec Code Overflow 2001-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions.
8 CVE-2001-0194 Exec Code Overflow 2001-05-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.
9 CVE-2001-0213 Exec Code Overflow 2001-05-03 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in pi program in PlanetIntra 2.5 allows remote attackers to execute arbitrary commands.
10 CVE-2001-0218 Exec Code 2001-05-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands.
11 CVE-2001-0236 Exec Code Overflow 2001-05-03 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.
12 CVE-2001-0269 Bypass 2001-05-03 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password.
13 CVE-2001-0271 Exec Code 2001-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitrary commands via a user name that contains shell metacharacters.
14 CVE-2001-0277 DoS Exec Code Overflow 2001-05-03 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.
15 CVE-2001-0280 Exec Code Overflow 2001-05-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command.
16 CVE-2001-0282 DoS Exec Code 2001-05-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
SEDUM 2.1 HTTP server allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
17 CVE-2001-0284 DoS Exec Code Overflow 2001-05-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.
18 CVE-2001-0285 DoS Exec Code Overflow 2001-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in A1 HTTP server 1.0a allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
19 CVE-2001-0291 Exec Code Overflow 2001-05-03 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters.
20 CVE-2001-0296 Exec Code Overflow 2001-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.
21 CVE-2001-0301 Exec Code Overflow 2001-05-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.
22 CVE-2001-0320 +Priv 2001-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.
23 CVE-2001-0167 Exec Code Overflow 2001-05-03 2017-12-19
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string.
24 CVE-2001-0174 DoS Exec Code Overflow 2001-05-03 2017-10-10
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a large "To" address.
25 CVE-2001-0198 1 Exec Code Overflow 2001-05-03 2017-12-19
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
26 CVE-2001-0145 Exec Code Overflow 2001-05-03 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.
27 CVE-2001-0153 119 Exec Code Overflow 2001-05-03 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands.
28 CVE-2001-0154 2001-05-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
29 CVE-2001-0234 +Priv 2001-05-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter.
30 CVE-2001-0274 Exec Code 2001-05-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
31 CVE-2001-0288 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
32 CVE-2001-0292 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.
33 CVE-2001-0307 94 Exec Code 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.
34 CVE-2001-0308 94 Exec Code 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program.
35 CVE-2001-0319 2001-05-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
36 CVE-2001-0325 DoS Exec Code Overflow 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large number of arguments to the stat command.
37 CVE-2001-0326 2001-05-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.
38 CVE-2001-0749 2001-05-24 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root.
39 CVE-2001-0781 284 Exec Code Overflow 2001-05-30 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST.
40 CVE-2001-1323 120 DoS Exec Code Overflow 2001-05-16 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.
41 CVE-2001-1326 Exec Code 2001-05-29 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.
42 CVE-2001-1332 Exec Code Overflow 2001-05-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
43 CVE-2001-1336 +Priv 2001-05-28 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.
44 CVE-2001-1339 2001-05-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks.
45 CVE-2001-1348 Sql 2001-05-28 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.
46 CVE-2001-1428 2001-05-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped with a default password, which allows remote attackers to gain unauthorized access.
47 CVE-2001-0165 Overflow +Priv 2001-05-03 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument.
48 CVE-2001-0193 +Priv 2001-05-03 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.
49 CVE-2001-0229 +Priv 2001-05-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts.
50 CVE-2001-0266 +Priv 2001-05-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges.
Total number of vulnerabilities : 105   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.