CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2001-1241 Exec Code 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
502 CVE-2001-1242 Exec Code Dir. Trav. 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
503 CVE-2001-1246 Exec Code 2001-06-30 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
504 CVE-2001-1254 2001-09-27 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.
505 CVE-2001-1257 XSS 2001-07-21 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
506 CVE-2001-1262 Bypass 2001-08-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.
507 CVE-2001-1265 Dir. Trav. 2001-07-20 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack.
508 CVE-2001-1274 DoS Overflow +Priv 2001-01-23 2019-10-07
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
509 CVE-2001-1278 Bypass 2001-10-10 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
510 CVE-2001-1279 DoS Exec Code Overflow 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.
511 CVE-2001-1283 DoS Exec Code Overflow 2001-10-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.
512 CVE-2001-1284 2001-10-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
513 CVE-2001-1286 2001-10-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
514 CVE-2001-1287 Exec Code Overflow 2001-10-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
515 CVE-2001-1292 DoS Exec Code 2001-08-13 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.
516 CVE-2001-1297 Exec Code File Inclusion 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.
517 CVE-2001-1306 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite.
518 CVE-2001-1307 DoS Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
519 CVE-2001-1308 DoS Exec Code 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
520 CVE-2001-1309 DoS Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
521 CVE-2001-1310 DoS Exec Code 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite.
522 CVE-2001-1311 DoS Exec Code Overflow 2001-07-16 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
523 CVE-2001-1312 DoS Exec Code 2001-07-16 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
524 CVE-2001-1313 DoS Exec Code 2001-07-16 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
525 CVE-2001-1314 DoS Exec Code Overflow 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
526 CVE-2001-1315 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
527 CVE-2001-1316 DoS Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
528 CVE-2001-1317 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstrated by the PROTOS LDAPv3 test suite.
529 CVE-2001-1318 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
530 CVE-2001-1320 DoS Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.
531 CVE-2001-1321 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.
532 CVE-2001-1323 120 DoS Exec Code Overflow 2001-05-16 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.
533 CVE-2001-1325 2001-04-20 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
534 CVE-2001-1326 Exec Code 2001-05-29 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.
535 CVE-2001-1328 Exec Code Overflow 2001-06-22 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.
536 CVE-2001-1332 Exec Code Overflow 2001-05-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
537 CVE-2001-1336 +Priv 2001-05-28 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.
538 CVE-2001-1339 2001-05-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks.
539 CVE-2001-1343 Exec Code 2001-06-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.
540 CVE-2001-1344 Bypass 2001-06-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot).
541 CVE-2001-1348 Sql 2001-05-28 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.
542 CVE-2001-1350 XSS 2001-11-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter.
543 CVE-2001-1351 XSS 2001-12-25 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers.
544 CVE-2001-1352 XSS 2001-12-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter.
545 CVE-2001-1357 2001-02-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables.
546 CVE-2001-1361 2001-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.
547 CVE-2001-1362 2001-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in the server for nPULSE before 0.53p4.
548 CVE-2001-1364 2001-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified.
549 CVE-2001-1365 2001-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in IntraGnat before 1.4.
550 CVE-2001-1369 Exec Code Bypass 2001-09-10 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.