CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2001-0440 DoS Exec Code Overflow 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
602 CVE-2001-0441 Exec Code Overflow 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
603 CVE-2001-0442 DoS Exec Code Overflow 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command.
604 CVE-2001-0443 DoS Exec Code Overflow 2001-07-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via (1) a long username, or (2) a long password.
605 CVE-2001-0444 +Info 2001-07-02 2017-10-10
2.1
None Local Low Not required Partial None None
Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
606 CVE-2001-0446 2001-06-18 2016-10-18
5.0
None Remote Low Not required Partial None None
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
607 CVE-2001-0447 DoS Exec Code 2001-06-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters.
608 CVE-2001-0448 DoS 2001-06-18 2008-09-05
5.0
None Remote Low Not required None None Partial
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories with legacy DOS device names.
609 CVE-2001-0449 Exec Code Overflow 2001-06-27 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option.
610 CVE-2001-0450 Dir. Trav. 2001-06-27 2017-12-19
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Transsoft FTP Broker before 5.5 allows attackers to (1) delete arbitrary files via DELETE, or (2) list arbitrary directories via LIST, via a .. (dot dot) in the file name.
611 CVE-2001-0451 +Priv Bypass 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1.
612 CVE-2001-0452 2001-06-27 2008-09-05
5.0
None Remote Low Not required Partial None None
BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.
613 CVE-2001-0453 Dir. Trav. 2001-06-27 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories.
614 CVE-2001-0454 Dir. Trav. 2001-06-27 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in SlimServe HTTPd 1.1a allows remote attackers to read arbitrary files via a ... (modified dot dot) in the HTTP request.
615 CVE-2001-0455 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.
616 CVE-2001-0456 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
617 CVE-2001-0457 DoS 2001-06-27 2017-10-10
5.0
None Remote Low Not required None None Partial
man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).
618 CVE-2001-0458 Exec Code Overflow 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
619 CVE-2001-0459 Overflow +Priv 2001-06-27 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option.
620 CVE-2001-0460 DoS 2001-06-27 2017-12-19
5.0
None Remote Low Not required None None Partial
Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header.
621 CVE-2001-0461 Exec Code 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi.
622 CVE-2001-0462 Dir. Trav. 2001-06-27 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
623 CVE-2001-0463 Dir. Trav. 2001-06-27 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter.
624 CVE-2001-0464 Exec Code Overflow 2001-07-02 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.
625 CVE-2001-0465 +Info 2001-06-18 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information.
626 CVE-2001-0466 Dir. Trav. 2001-06-18 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ustorekeeper 1.61 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
627 CVE-2001-0467 Dir. Trav. 2001-06-27 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request.
628 CVE-2001-0468 Overflow +Priv 2001-06-27 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in FTPFS allows local users to gain root privileges via a long user name.
629 CVE-2001-0469 DoS 2001-06-27 2017-10-10
5.0
None Remote Low Not required None None Partial
rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.
630 CVE-2001-0470 Overflow +Priv 2001-06-27 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name.
631 CVE-2001-0471 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack.
632 CVE-2001-0472 DoS 2001-06-27 2017-12-19
5.0
None Remote Low Not required None None Partial
Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request.
633 CVE-2001-0473 Exec Code 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
634 CVE-2001-0474 2001-06-27 2017-10-10
2.1
None Local Low Not required None Partial None
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.
635 CVE-2001-0475 Exec Code 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.
636 CVE-2001-0476 Exec Code Overflow 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl parameter.
637 CVE-2001-0477 Exec Code 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in WebCalendar 0.9.26 allows remote command execution.
638 CVE-2001-0478 Exec Code Dir. Trav. 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
639 CVE-2001-0479 Exec Code Dir. Trav. 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
640 CVE-2001-0480 Dir. Trav. 2001-06-27 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Alex's FTP Server 0.7 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the (1) GET or (2) CD commands.
641 CVE-2001-0481 2001-06-27 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.
642 CVE-2001-0482 DoS Exec Code Bypass 2001-06-18 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl.
643 CVE-2001-0483 2001-06-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set.
644 CVE-2001-0484 DoS 2001-06-27 2017-12-19
6.4
None Remote Low Not required None Partial Partial
Tektronix PhaserLink 850 does not require authentication for access to configuration pages such as _ncl_subjects.shtml and _ncl_items.shtml, which allows remote attackers to modify configuration information and cause a denial of service by accessing the pages.
645 CVE-2001-0485 Exec Code 2001-06-27 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option.
646 CVE-2001-0486 DoS 2001-07-02 2017-10-10
5.0
None Remote Low Not required None None Partial
Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353.
647 CVE-2001-0487 DoS 2001-06-27 2008-09-10
5.0
None Remote Low Not required None None Partial
AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection.
648 CVE-2001-0488 DoS 2001-06-27 2017-10-10
2.1
None Local Low Not required None None Partial
pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.
649 CVE-2001-0489 Exec Code 2001-06-27 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands.
650 CVE-2001-0490 Exec Code Overflow 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.