CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001 (CVSS score >= 3)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2001-0884 XSS +Info 2001-12-21 2017-10-10
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
602 CVE-2001-0879 DoS 2001-12-20 2019-04-30
5.0
None Remote Low Not required None None Partial
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
603 CVE-2001-0877 DoS 2001-12-20 2018-10-12
5.0
None Remote Low Not required None None Partial
Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.
604 CVE-2001-0876 Exec Code Overflow 2001-12-20 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.
605 CVE-2001-0875 2001-11-26 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
606 CVE-2001-0874 2001-12-13 2021-07-23
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability.
607 CVE-2001-0873 +Priv 2001-12-21 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.
608 CVE-2001-0872 +Priv 2001-12-21 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
609 CVE-2001-0871 Exec Code Dir. Trav. 2001-12-21 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.
610 CVE-2001-0870 +Info 2001-12-21 2017-12-19
5.0
None Remote Low Not required Partial None None
HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file.
611 CVE-2001-0869 Exec Code 2001-12-21 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.
612 CVE-2001-0868 2001-11-28 2017-12-19
5.0
None Remote Low Not required Partial None None
Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status.
613 CVE-2001-0867 Bypass 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.
614 CVE-2001-0866 Bypass 2001-12-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.
615 CVE-2001-0865 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.
616 CVE-2001-0864 Bypass 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.
617 CVE-2001-0863 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.
618 CVE-2001-0862 Bypass 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
619 CVE-2001-0861 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.
620 CVE-2001-0860 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
621 CVE-2001-0859 2001-12-06 2017-10-10
5.0
None Remote Low Not required None Partial None
2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions.
622 CVE-2001-0858 Overflow +Priv 2001-12-06 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges.
623 CVE-2001-0857 XSS 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
624 CVE-2001-0856 2001-12-06 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key.
625 CVE-2001-0855 Overflow +Priv 2001-12-06 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable.
626 CVE-2001-0854 2001-12-06 2016-10-18
5.0
None Remote Low Not required None Partial None
PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.
627 CVE-2001-0853 Dir. Trav. 2001-12-06 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat.
628 CVE-2001-0852 DoS 2001-12-06 2018-05-03
5.0
None Remote Low Not required None None Partial
TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header.
629 CVE-2001-0851 Bypass 2001-12-06 2017-10-10
5.0
None Remote Low Not required Partial None None
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
630 CVE-2001-0850 Overflow 2001-12-06 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow.
631 CVE-2001-0849 Exec Code 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget.
632 CVE-2001-0848 Exec Code 2001-12-06 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable.
633 CVE-2001-0847 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID.
634 CVE-2001-0846 Exec Code 2001-12-06 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
635 CVE-2001-0845 2001-12-06 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources.
636 CVE-2001-0844 Exec Code 2001-12-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter.
637 CVE-2001-0843 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.
638 CVE-2001-0842 +Priv Dir. Trav. 2001-12-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
639 CVE-2001-0841 +Priv Dir. Trav. 2001-12-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
640 CVE-2001-0840 Exec Code Overflow 2001-12-06 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.
641 CVE-2001-0839 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing.
642 CVE-2001-0838 Exec Code 2001-12-06 2017-07-12
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command.
643 CVE-2001-0836 Exec Code Overflow 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
644 CVE-2001-0835 XSS 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.
645 CVE-2001-0834 DoS 2001-12-06 2017-10-10
6.4
None Remote Low Not required Partial None Partial
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
646 CVE-2001-0833 Exec Code Overflow 2001-12-06 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."
647 CVE-2001-0831 2001-12-06 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access.
648 CVE-2001-0830 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server.
649 CVE-2001-0829 XSS 2001-12-06 2008-09-10
5.1
None Remote High Not required Partial Partial Partial
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
650 CVE-2001-0828 XSS 2001-12-06 2017-10-10
5.1
None Remote High Not required Partial Partial Partial
A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.
Total number of vulnerabilities : 1506   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.