CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-1190 2001-08-31 2016-10-18
2.1
None Local Low Not required None Partial None
imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.
2 CVE-2000-1191 209 2001-08-31 2020-12-09
5.0
None Remote Low Not required Partial None None
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
3 CVE-2000-1192 DoS Exec Code Overflow 2001-08-31 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string trap.
4 CVE-2000-1193 DoS 2001-08-31 2017-10-10
5.0
None Remote Low Not required None None Partial
Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port.
5 CVE-2000-1194 DoS Exec Code 2001-08-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands.
6 CVE-2000-1195 Bypass 2001-08-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.
7 CVE-2000-1196 1 2001-08-31 2017-10-10
5.0
None Remote Low Not required Partial None None
PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.
8 CVE-2000-1197 DoS 2001-08-31 2016-10-18
2.1
None Local Low Not required None None Partial
POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
9 CVE-2000-1198 DoS 2001-08-31 2016-10-18
2.1
None Local Low Not required None None Partial
qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.
10 CVE-2000-1199 +Priv 2001-08-31 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
11 CVE-2000-1200 +Info 2001-08-31 2017-10-10
5.0
None Remote Low Not required Partial None None
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
12 CVE-2000-1201 DoS 2001-08-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.
13 CVE-2000-1202 Exec Code 2001-08-31 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class.
14 CVE-2000-1203 DoS 2001-08-20 2017-10-10
5.0
None Remote Low Not required None None Partial
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
15 CVE-2001-0357 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.
16 CVE-2001-0394 DoS 2001-08-22 2017-10-10
5.0
None Remote Low Not required None None Partial
Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.
17 CVE-2001-0504 +Priv 2001-08-14 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying.
18 CVE-2001-0519 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags.
19 CVE-2001-0520 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.
20 CVE-2001-0521 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document.
21 CVE-2001-0522 +Priv 2001-08-14 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
22 CVE-2001-0523 Dir. Trav. Bypass 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.
23 CVE-2001-0524 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.
24 CVE-2001-0525 Overflow +Priv 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain privileges via a long first command line argument.
25 CVE-2001-0526 Overflow +Priv 2001-08-14 2018-05-03
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable.
26 CVE-2001-0527 +Priv 2001-08-14 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
27 CVE-2001-0528 +Priv 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges.
28 CVE-2001-0529 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
29 CVE-2001-0530 Bypass 2001-08-14 2017-10-10
5.0
None Remote Low Not required Partial None None
Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters.
30 CVE-2001-0533 Overflow +Priv 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable.
31 CVE-2001-0538 Exec Code 2001-08-14 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
32 CVE-2001-0548 Overflow +Priv 2001-08-14 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.
33 CVE-2001-0549 2001-08-14 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords.
34 CVE-2001-0553 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.
35 CVE-2001-0554 120 Exec Code Overflow 2001-08-14 2022-01-21
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
36 CVE-2001-0555 2001-08-14 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
37 CVE-2001-0556 2001-08-22 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.
38 CVE-2001-0557 2001-08-14 2017-12-19
5.0
None Remote Low Not required Partial None None
T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e).
39 CVE-2001-0558 DoS 2001-08-14 2017-10-10
5.0
None Remote Low Not required None None Partial
T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).
40 CVE-2001-0559 +Priv 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.
41 CVE-2001-0560 Overflow +Priv 2001-08-22 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
42 CVE-2001-0561 Dir. Trav. 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.
43 CVE-2001-0562 Exec Code 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters.
44 CVE-2001-0563 DoS 2001-08-14 2017-10-10
5.0
None Remote Low Not required None None Partial
ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large (> 160000 character) strings sent to port 23.
45 CVE-2001-0564 DoS 2001-08-22 2017-10-10
5.0
None Remote Low Not required None None Partial
APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card.
46 CVE-2001-0565 Overflow +Priv 2001-08-14 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.
47 CVE-2001-0566 20 DoS 2001-08-14 2017-12-19
5.0
None Remote Low Not required None None Partial
Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.
48 CVE-2001-0567 +Priv 2001-08-14 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
49 CVE-2001-0568 2001-08-22 2008-09-05
2.1
None Local Low Not required None Partial None
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
50 CVE-2001-0569 2001-08-22 2008-09-05
2.1
None Local Low Not required None Partial None
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
Total number of vulnerabilities : 205   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.