CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2001-0905 DoS +Priv 2001-10-18 2017-10-10
6.2
None Local High Not required Complete Complete Complete
Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running.
652 CVE-2001-0904 2001-11-20 2021-07-23
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients.
653 CVE-2001-0903 2001-11-20 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Linear key exchange process in High-bandwidth Digital Content Protection (HDCP) System allows remote attackers to access data as plaintext, avoid device blacklists, clone devices, and create new device keyvectors by computing and using alternate key combinations for authentication.
654 CVE-2001-0902 2001-11-20 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.
655 CVE-2001-0901 Exec Code 2001-11-19 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment.
656 CVE-2001-0900 Dir. Trav. 2001-11-18 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter.
657 CVE-2001-0899 Exec Code 2001-11-16 2019-07-01
7.5
None Remote Low Not required Partial Partial Partial
Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.
658 CVE-2001-0898 2001-11-15 2016-10-18
5.0
None Remote Low Not required Partial None None
Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.
659 CVE-2001-0897 XSS 2001-11-15 2016-10-18
5.0
None Remote Low Not required Partial None None
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.
660 CVE-2001-0896 DoS 2001-11-30 2017-10-10
5.0
None Remote Low Not required None None Partial
Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of service (crash) via a port scan, e.g. with nmap -PO.
661 CVE-2001-0895 DoS 2001-11-15 2017-10-10
5.0
None Remote Low Not required None None Partial
Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table.
662 CVE-2001-0894 DoS 2001-11-11 2017-10-10
5.0
None Remote Low Not required None None Partial
Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.
663 CVE-2001-0893 668 2001-11-13 2021-09-13
5.0
None Remote Low Not required Partial None None
Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.
664 CVE-2001-0892 668 2001-11-13 2021-09-13
5.0
None Remote Low Not required Partial None None
Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.
665 CVE-2001-0890 2001-12-11 2008-09-10
2.1
None Local Low Not required None Partial None
Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.
666 CVE-2001-0889 Exec Code 2001-12-19 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
667 CVE-2001-0888 DoS 2001-12-21 2017-10-10
5.0
None Remote Low Not required None None Partial
Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests.
668 CVE-2001-0886 DoS Exec Code Overflow 2001-12-21 2018-05-03
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.
669 CVE-2001-0884 XSS +Info 2001-12-21 2017-10-10
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
670 CVE-2001-0879 DoS 2001-12-20 2019-04-30
5.0
None Remote Low Not required None None Partial
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
671 CVE-2001-0877 DoS 2001-12-20 2018-10-12
5.0
None Remote Low Not required None None Partial
Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.
672 CVE-2001-0876 Exec Code Overflow 2001-12-20 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.
673 CVE-2001-0875 2001-11-26 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
674 CVE-2001-0874 2001-12-13 2021-07-23
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability.
675 CVE-2001-0873 +Priv 2001-12-21 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.
676 CVE-2001-0872 +Priv 2001-12-21 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
677 CVE-2001-0871 Exec Code Dir. Trav. 2001-12-21 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.
678 CVE-2001-0870 +Info 2001-12-21 2017-12-19
5.0
None Remote Low Not required Partial None None
HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file.
679 CVE-2001-0869 Exec Code 2001-12-21 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.
680 CVE-2001-0868 2001-11-28 2017-12-19
5.0
None Remote Low Not required Partial None None
Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status.
681 CVE-2001-0867 Bypass 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.
682 CVE-2001-0866 Bypass 2001-12-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.
683 CVE-2001-0865 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.
684 CVE-2001-0864 Bypass 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.
685 CVE-2001-0863 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.
686 CVE-2001-0862 Bypass 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
687 CVE-2001-0861 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.
688 CVE-2001-0860 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
689 CVE-2001-0859 2001-12-06 2017-10-10
5.0
None Remote Low Not required None Partial None
2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions.
690 CVE-2001-0858 Overflow +Priv 2001-12-06 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges.
691 CVE-2001-0857 XSS 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
692 CVE-2001-0856 2001-12-06 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key.
693 CVE-2001-0855 Overflow +Priv 2001-12-06 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable.
694 CVE-2001-0854 2001-12-06 2016-10-18
5.0
None Remote Low Not required None Partial None
PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.
695 CVE-2001-0853 Dir. Trav. 2001-12-06 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat.
696 CVE-2001-0852 DoS 2001-12-06 2018-05-03
5.0
None Remote Low Not required None None Partial
TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header.
697 CVE-2001-0851 Bypass 2001-12-06 2017-10-10
5.0
None Remote Low Not required Partial None None
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
698 CVE-2001-0850 Overflow 2001-12-06 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow.
699 CVE-2001-0849 Exec Code 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget.
700 CVE-2001-0848 Exec Code 2001-12-06 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.