CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2001 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-1456 119 Exec Code Overflow 2001-09-04 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message.
2 CVE-2001-1446 2001-09-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.
3 CVE-2001-1407 Bypass 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
4 CVE-2001-1404 +Priv 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.
5 CVE-2001-1403 +Priv 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
6 CVE-2001-1402 Sql XSS 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.
7 CVE-2001-1401 Bypass 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
8 CVE-2001-1383 2001-09-26 2008-09-10
6.2
None Local High Not required Complete Complete Complete
initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.
9 CVE-2001-1369 Exec Code Bypass 2001-09-10 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.
10 CVE-2001-1254 2001-09-27 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.
11 CVE-2001-1252 Bypass 2001-09-28 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
12 CVE-2001-1169 +Priv 2001-09-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo.
13 CVE-2001-1152 Bypass 2001-09-05 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
14 CVE-2001-1138 Exec Code Dir. Trav. 2001-09-07 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter.
15 CVE-2001-1132 2001-09-05 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
16 CVE-2001-1112 Exec Code Overflow 2001-09-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters.
17 CVE-2001-1109 Dir. Trav. 2001-09-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands.
18 CVE-2001-1105 Bypass 2001-09-12 2021-11-08
7.5
None Remote Low Not required Partial Partial Partial
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
19 CVE-2001-1102 2001-09-08 2017-12-19
6.2
None Local High Not required Complete Complete Complete
Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable.
20 CVE-2001-1101 2001-09-08 2017-12-19
6.4
None Remote Low Not required None Partial Partial
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.
21 CVE-2001-1093 Exec Code Overflow 2001-09-10 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument.
22 CVE-2001-1090 Exec Code 2001-09-10 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
23 CVE-2001-1089 Exec Code 2001-09-10 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
24 CVE-2001-1035 Exec Code 2001-09-24 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post.
25 CVE-2001-1034 Exec Code 2001-09-23 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.
26 CVE-2001-1032 2001-09-24 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy.
27 CVE-2001-1020 Exec Code 2001-09-05 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.
28 CVE-2001-1017 +Priv 2001-09-04 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.
29 CVE-2001-1016 2001-09-04 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability."
30 CVE-2001-1014 Exec Code 2001-09-15 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter.
31 CVE-2001-1012 +Priv 2001-09-05 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/.
32 CVE-2001-0999 2001-09-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script.
33 CVE-2001-0997 Exec Code 2001-09-11 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter.
34 CVE-2001-0996 2001-09-02 2017-12-19
6.4
None Remote Low Not required None Partial Partial
POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly.
35 CVE-2001-0992 Exec Code 2001-09-05 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter.
36 CVE-2001-0985 Exec Code 2001-09-08 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.
37 CVE-2001-0979 Overflow +Priv 2001-09-03 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument.
38 CVE-2001-0978 2001-09-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program.
39 CVE-2001-0964 Exec Code Overflow 2001-09-20 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command.
40 CVE-2001-0963 Dir. Trav. 2001-09-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... (modified dot dot) in the CD (CWD) command.
41 CVE-2001-0962 +Priv 2001-09-19 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
42 CVE-2001-0961 Exec Code Overflow 2001-09-18 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most.
43 CVE-2001-0960 +Priv 2001-09-15 2021-04-07
10.0
None Remote Low Not required Complete Complete Complete
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.
44 CVE-2001-0959 +Info 2001-09-15 2021-04-07
6.4
None Remote Low Not required Partial Partial None
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.
45 CVE-2001-0958 Exec Code Overflow 2001-09-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll.
46 CVE-2001-0956 Exec Code 2001-09-11 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters.
47 CVE-2001-0955 DoS Overflow +Priv 2001-09-22 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.
48 CVE-2001-0940 Exec Code Overflow 2001-09-21 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name.
49 CVE-2001-0704 2001-09-20 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist.
50 CVE-2001-0702 DoS Exec Code 2001-09-20 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command.
Total number of vulnerabilities : 66   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.