CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2001-0955 DoS Overflow +Priv 2001-09-22 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.
602 CVE-2001-0954 DoS 2001-12-07 2017-10-10
5.0
None Remote Low Not required None None Partial
Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory.
603 CVE-2001-0953 +Priv 2001-12-08 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root.
604 CVE-2001-0952 DoS 2001-12-07 2017-12-19
5.0
None Remote Low Not required None None Partial
THQ Volition Red Faction Game allows remote attackers to cause a denial of service (hang) of a client or server via packets to UDP port 7755.
605 CVE-2001-0951 DoS 2001-12-07 2017-10-10
5.0
None Remote Low Not required None None Partial
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
606 CVE-2001-0950 2001-12-04 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.
607 CVE-2001-0949 Exec Code Overflow 2001-12-04 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.
608 CVE-2001-0948 Exec Code XSS 2001-12-04 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.
609 CVE-2001-0947 2001-12-04 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.
610 CVE-2001-0946 DoS 2001-12-04 2017-10-10
3.6
None Local Low Not required None Partial Partial
apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins.
611 CVE-2001-0945 DoS Overflow 2001-12-03 2016-10-18
5.0
None Remote Low Not required None None Partial
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.
612 CVE-2001-0944 Exec Code 2001-12-02 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
DDE in mIRC allows local users to launch applications under another user's account via a DDE message that executes a command, which may be executed by the other user's process.
613 CVE-2001-0943 Exec Code 2001-08-31 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.
614 CVE-2001-0942 2001-11-29 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp.
615 CVE-2001-0941 Exec Code Overflow 2001-11-30 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable.
616 CVE-2001-0940 Exec Code Overflow 2001-09-21 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name.
617 CVE-2001-0939 DoS 2001-11-30 2017-10-10
5.0
None Remote Low Not required None None Partial
Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443.
618 CVE-2001-0938 Dir. Trav. 2001-11-30 2016-10-18
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp.
619 CVE-2001-0937 Exec Code 2001-11-30 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters.
620 CVE-2001-0936 Overflow 2001-11-30 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with the local caching method selected, allows remote FTP servers to run arbitrary code via a long response to an MDTM request.
621 CVE-2001-0935 2001-11-28 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.
622 CVE-2001-0934 2001-11-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname.
623 CVE-2001-0933 2001-11-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an argument, e.g. "ls C:".
624 CVE-2001-0932 DoS Exec Code Overflow 2001-11-28 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command.
625 CVE-2001-0931 Dir. Trav. 2001-11-28 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET.
626 CVE-2001-0930 Exec Code 2001-11-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Sendpage.pl allows remote attackers to execute arbitrary commands via a message containing shell metacharacters.
627 CVE-2001-0929 Bypass 2001-11-28 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists.
628 CVE-2001-0928 Exec Code Overflow 2001-11-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.
629 CVE-2001-0927 Exec Code 2001-11-27 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions.
630 CVE-2001-0926 2001-11-28 2017-12-19
5.0
None Remote Low Not required Partial None None
SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement.
631 CVE-2001-0925 22 Dir. Trav. 2001-03-12 2021-07-06
5.0
None Remote Low Not required Partial None None
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
632 CVE-2001-0924 Dir. Trav. 2001-11-22 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter.
633 CVE-2001-0923 Exec Code 2001-10-25 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried.
634 CVE-2001-0922 2001-11-26 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.
635 CVE-2001-0921 2001-11-21 2017-10-10
2.1
None Local Low Not required Partial None None
Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext.
636 CVE-2001-0920 Exec Code 2001-11-26 2017-10-10
6.2
None Local High Not required Complete Complete Complete
Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string.
637 CVE-2001-0919 2001-11-26 2021-07-23
5.1
None Remote High Not required Partial Partial Partial
Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript.
638 CVE-2001-0918 Exec Code 2001-11-22 2017-10-10
5.1
None Remote High Not required Partial Partial Partial
Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely.
639 CVE-2001-0917 2001-11-22 2019-03-25
5.0
None Remote Low Not required Partial None None
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.
640 CVE-2001-0916 Overflow +Priv 2001-11-21 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via a long check argument of a shell definition.
641 CVE-2001-0915 +Priv 2001-11-21 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition.
642 CVE-2001-0914 DoS 2001-11-21 2017-10-10
2.1
None Local Low Not required None None Partial
Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading.
643 CVE-2001-0913 Exec Code 2001-11-22 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and earlier, when using syslog, allows remote attackers to corrupt memory and possibly execute arbitrary code via a rwhois request that contains format specifiers.
644 CVE-2001-0912 +Priv 2001-11-30 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.
645 CVE-2001-0911 +Priv 2001-11-21 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.
646 CVE-2001-0910 +Priv Bypass 2001-11-21 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup.
647 CVE-2001-0909 Exec Code Overflow 2001-11-21 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL.
648 CVE-2001-0908 2001-11-21 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).
649 CVE-2001-0907 DoS 2001-10-18 2018-09-20
2.1
None Local Low Not required None None Partial
Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link.
650 CVE-2001-0906 +Priv 2001-06-22 2017-10-10
6.2
None Local High Not required Complete Complete Complete
teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.