| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
451 |
CVE-2001-0285 |
|
|
DoS Exec Code Overflow |
2001-05-03 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in A1 HTTP server 1.0a allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request. |
|
452 |
CVE-2001-0286 |
|
|
Dir. Trav. |
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in A1 HTTP server 1.0a allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. |
|
453 |
CVE-2001-0287 |
|
|
DoS |
2001-05-03 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command. |
|
454 |
CVE-2001-0288 |
|
|
|
2001-05-03 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. |
|
455 |
CVE-2001-0289 |
|
|
+Priv |
2001-05-03 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory. |
|
456 |
CVE-2001-0290 |
|
|
|
2001-05-03 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords. |
|
457 |
CVE-2001-0291 |
|
|
Exec Code Overflow |
2001-05-03 |
2005-10-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters. |
|
458 |
CVE-2001-0292 |
|
|
|
2001-05-03 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator. |
|
459 |
CVE-2001-0293 |
|
|
Dir. Trav. |
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows remote attackers to read arbitrary files via a .. (dot dot) in the GET command. |
|
460 |
CVE-2001-0294 |
|
|
Dir. Trav. |
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in a GET command, or (2) a ... in a CWD command. |
|
461 |
CVE-2001-0295 |
|
|
Dir. Trav. |
2001-05-03 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command. |
|
462 |
CVE-2001-0296 |
|
|
Exec Code Overflow |
2001-05-03 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command. |
|
463 |
CVE-2001-0297 |
|
|
Dir. Trav. |
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Simple Server HTTPd 1.0 (originally Free Java Server) allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
|
464 |
CVE-2001-0298 |
|
|
DoS Exec Code Overflow |
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request. |
|
465 |
CVE-2001-0299 |
|
|
DoS Exec Code Overflow |
2001-06-02 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL. |
|
466 |
CVE-2001-0300 |
|
|
|
2001-06-02 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack. |
|
467 |
CVE-2001-0301 |
|
|
Exec Code Overflow |
2001-05-03 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings. |
|
468 |
CVE-2001-0302 |
|
|
DoS Exec Code Overflow |
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL. |
|
469 |
CVE-2001-0303 |
|
|
|
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file. |
|
470 |
CVE-2001-0304 |
|
|
Dir. Trav. |
2001-05-03 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a "\.." (dot dot) in a URL request. |
|
471 |
CVE-2001-0305 |
|
|
Dir. Trav. |
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter. |
|
472 |
CVE-2001-0306 |
|
|
Dir. Trav. |
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in ITAfrica WEBactive HTTP Server 1.00 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. |
|
473 |
CVE-2001-0307 |
94 |
|
Exec Code |
2001-05-03 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist. |
|
474 |
CVE-2001-0308 |
94 |
|
Exec Code |
2001-05-03 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program. |
|
475 |
CVE-2001-0309 |
|
|
DoS |
2001-06-02 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services. |
|
476 |
CVE-2001-0310 |
|
|
|
2001-06-02 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts. |
|
477 |
CVE-2001-0311 |
|
|
|
2001-06-02 |
2017-10-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client. |
|
478 |
CVE-2001-0312 |
|
|
Bypass |
2001-06-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing. |
|
479 |
CVE-2001-0313 |
|
|
DoS |
2001-06-02 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network. |
|
480 |
CVE-2001-0314 |
|
|
DoS Exec Code Overflow |
2001-06-02 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in www.tol module in America Online (AOL) 5.0 may allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL in a link. |
|
481 |
CVE-2001-0315 |
|
|
Bypass |
2001-06-02 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key. |
|
482 |
CVE-2001-0316 |
|
|
+Priv |
2001-05-03 |
2017-10-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call. |
|
483 |
CVE-2001-0317 |
|
|
+Priv |
2001-05-03 |
2017-10-10 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process. |
|
484 |
CVE-2001-0318 |
|
|
Exec Code |
2001-06-02 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd). |
|
485 |
CVE-2001-0319 |
|
|
|
2001-05-03 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. |
|
486 |
CVE-2001-0320 |
|
|
+Priv |
2001-05-03 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument. |
|
487 |
CVE-2001-0321 |
|
|
|
2001-05-03 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter. |
|
488 |
CVE-2001-0322 |
|
|
DoS |
2001-06-02 |
2021-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object. |
|
489 |
CVE-2001-0323 |
|
|
DoS |
2001-06-02 |
2017-12-19 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set" packets between two target hosts, which could cause one host to lower its MTU when transmitting to the other host. |
|
490 |
CVE-2001-0324 |
|
|
DoS |
2001-05-03 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash. |
|
491 |
CVE-2001-0325 |
|
|
DoS Exec Code Overflow |
2001-05-03 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large number of arguments to the stat command. |
|
492 |
CVE-2001-0326 |
|
|
|
2001-05-03 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission. |
|
493 |
CVE-2001-0327 |
|
|
DoS |
2001-07-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server. |
|
494 |
CVE-2001-0328 |
|
|
|
2001-06-27 |
2017-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN. |
|
495 |
CVE-2001-0329 |
|
|
Exec Code |
2001-06-27 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi. |
|
496 |
CVE-2001-0330 |
|
|
|
2001-06-27 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed. |
|
497 |
CVE-2001-0331 |
|
|
Exec Code Overflow |
2001-06-27 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands. |
|
498 |
CVE-2001-0332 |
|
|
|
2001-06-27 |
2021-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability. |
|
499 |
CVE-2001-0333 |
|
|
Exec Code Dir. Trav. |
2001-06-27 |
2018-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. |
|
500 |
CVE-2001-0334 |
|
|
DoS |
2001-06-27 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. |
