| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2001-1583 |
|
|
Exec Code |
2001-12-31 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220. |
|
2 |
CVE-2001-1574 |
|
|
Exec Code Overflow |
2001-12-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code. |
|
3 |
CVE-2001-1573 |
|
|
Exec Code Overflow |
2001-12-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter. |
|
4 |
CVE-2001-1514 |
|
|
|
2001-12-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account. |
|
5 |
CVE-2001-1481 |
|
|
+Priv |
2001-12-31 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges. |
|
6 |
CVE-2001-1440 |
|
|
|
2001-12-21 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system. |
|
7 |
CVE-2001-1370 |
|
|
Exec Code |
2001-07-21 |
2016-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib. |
|
8 |
CVE-2001-1367 |
|
|
+Priv |
2001-07-19 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges. |
|
9 |
CVE-2001-1363 |
|
|
+Priv |
2001-07-19 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges. |
|
10 |
CVE-2001-1359 |
|
|
|
2001-06-08 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server. |
|
11 |
CVE-2001-1356 |
|
|
|
2001-08-04 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021. |
|
12 |
CVE-2001-1355 |
|
|
Exec Code Overflow |
2001-07-20 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command. |
|
13 |
CVE-2001-1291 |
|
|
|
2001-07-12 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing. |
|
14 |
CVE-2001-1264 |
|
|
|
2001-07-19 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges. |
|
15 |
CVE-2001-1260 |
|
|
+Priv |
2001-08-07 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot. |
|
16 |
CVE-2001-1252 |
|
|
Bypass |
2001-09-28 |
2008-09-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory. |
|
17 |
CVE-2001-1240 |
|
|
|
2001-07-11 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access. |
|
18 |
CVE-2001-1223 |
|
|
+Priv |
2001-12-26 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server. |
|
19 |
CVE-2001-1220 |
|
|
+Priv |
2001-12-21 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. |
|
20 |
CVE-2001-1196 |
|
|
+Priv Dir. Trav. |
2001-12-17 |
2016-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument. |
|
21 |
CVE-2001-1163 |
|
|
Exec Code Overflow |
2001-06-16 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500. |
|
22 |
CVE-2001-1162 |
|
|
Dir. Trav. |
2001-06-23 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file. |
|
23 |
CVE-2001-1113 |
|
|
Exec Code Overflow |
2001-08-13 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command. |
|
24 |
CVE-2001-1080 |
|
|
+Priv |
2001-06-19 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program. |
|
25 |
CVE-2001-1078 |
|
|
Exec Code +Priv |
2001-06-21 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication. |
|
26 |
CVE-2001-1067 |
|
|
DoS Exec Code Overflow |
2001-08-31 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header. |
|
27 |
CVE-2001-1061 |
|
|
|
2001-08-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error. |
|
28 |
CVE-2001-1053 |
|
|
+Priv Bypass |
2001-07-13 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument. |
|
29 |
CVE-2001-1046 |
|
|
Overflow +Priv |
2001-06-02 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username. |
|
30 |
CVE-2001-1027 |
|
|
Exec Code Overflow |
2001-08-31 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title. |
|
31 |
CVE-2001-1025 |
|
|
|
2001-08-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php. |
|
32 |
CVE-2001-1011 |
|
|
+Priv |
2001-07-25 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters. |
|
33 |
CVE-2001-1009 |
264 |
|
+Priv |
2001-08-31 |
2011-02-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request. |
|
34 |
CVE-2001-0981 |
|
|
|
2001-08-31 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user. |
|
35 |
CVE-2001-0972 |
|
|
+Priv |
2001-08-31 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888." |
|
36 |
CVE-2001-0969 |
|
|
|
2001-08-31 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts. |
|
37 |
CVE-2001-0968 |
|
|
+Priv |
2001-08-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges. |
|
38 |
CVE-2001-0966 |
|
|
Dir. Trav. |
2001-08-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command. |
|
39 |
CVE-2001-0961 |
|
|
Exec Code Overflow |
2001-09-18 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most. |
|
40 |
CVE-2001-0960 |
|
|
+Priv |
2001-09-15 |
2021-04-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges. |
|
41 |
CVE-2001-0953 |
|
|
+Priv |
2001-12-08 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root. |
|
42 |
CVE-2001-0850 |
|
|
Overflow |
2001-12-06 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow. |
|
43 |
CVE-2001-0846 |
|
|
Exec Code |
2001-12-06 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf). |
|
44 |
CVE-2001-0840 |
|
|
Exec Code Overflow |
2001-12-06 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI. |
|
45 |
CVE-2001-0825 |
|
|
Exec Code Overflow |
2001-12-06 |
2018-05-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check. |
|
46 |
CVE-2001-0817 |
|
|
+Priv |
2001-12-06 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request. |
|
47 |
CVE-2001-0808 |
|
|
Exec Code |
2001-12-06 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter. |
|
48 |
CVE-2001-0803 |
119 |
|
Exec Code Overflow |
2001-12-06 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands. |
|
49 |
CVE-2001-0800 |
|
|
Exec Code |
2001-12-06 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. |
|
50 |
CVE-2001-0799 |
|
|
Exec Code Overflow |
2001-12-06 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument. |
