CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
701 CVE-2001-0847 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID.
702 CVE-2001-0846 Exec Code 2001-12-06 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
703 CVE-2001-0845 2001-12-06 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources.
704 CVE-2001-0844 Exec Code 2001-12-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter.
705 CVE-2001-0843 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.
706 CVE-2001-0842 +Priv Dir. Trav. 2001-12-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
707 CVE-2001-0841 +Priv Dir. Trav. 2001-12-06 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
708 CVE-2001-0840 Exec Code Overflow 2001-12-06 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.
709 CVE-2001-0839 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing.
710 CVE-2001-0838 Exec Code 2001-12-06 2017-07-12
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command.
711 CVE-2001-0837 2001-12-06 2017-10-10
2.1
None Local Low Not required Partial None None
DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder.
712 CVE-2001-0836 Exec Code Overflow 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
713 CVE-2001-0835 XSS 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.
714 CVE-2001-0834 DoS 2001-12-06 2017-10-10
6.4
None Remote Low Not required Partial None Partial
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
715 CVE-2001-0833 Exec Code Overflow 2001-12-06 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."
716 CVE-2001-0832 2001-12-06 2016-10-18
2.1
None Local Low Not required None Partial None
Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability."
717 CVE-2001-0831 2001-12-06 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access.
718 CVE-2001-0830 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server.
719 CVE-2001-0829 XSS 2001-12-06 2008-09-10
5.1
None Remote High Not required Partial Partial Partial
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
720 CVE-2001-0828 XSS 2001-12-06 2017-10-10
5.1
None Remote High Not required Partial Partial Partial
A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.
721 CVE-2001-0827 DoS 2001-12-06 2008-09-10
5.0
None Remote Low Not required None None Partial
Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.
722 CVE-2001-0826 Exec Code Overflow 2001-12-06 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS, (4) PORT, (5) DELE, (6) REST, (7) RMD, or (8) MKD.
723 CVE-2001-0825 Exec Code Overflow 2001-12-06 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.
724 CVE-2001-0824 XSS 2001-12-06 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.
725 CVE-2001-0823 +Priv 2001-12-06 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).
726 CVE-2001-0822 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets.
727 CVE-2001-0821 2001-12-06 2017-12-19
5.0
None Remote Low Not required Partial None None
The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt.
728 CVE-2001-0820 Exec Code Overflow 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c.
729 CVE-2001-0819 119 Exec Code Overflow 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.
730 CVE-2001-0818 Exec Code Overflow 2001-12-06 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data.
731 CVE-2001-0817 +Priv 2001-12-06 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.
732 CVE-2001-0816 Bypass 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
733 CVE-2001-0815 Exec Code Overflow 2001-12-06 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.
734 CVE-2001-0809 2001-12-06 2017-10-11
2.1
None Local Low Not required None Partial None
Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.
735 CVE-2001-0808 Exec Code 2001-12-06 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.
736 CVE-2001-0807 2001-12-06 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.
737 CVE-2001-0806 2001-12-06 2017-10-10
3.6
None Local Low Not required Partial Partial None
Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.
738 CVE-2001-0805 Dir. Trav. 2001-12-06 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter.
739 CVE-2001-0804 Dir. Trav. 2001-12-06 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. (dot dot) attack on the "next" parameter.
740 CVE-2001-0803 119 Exec Code Overflow 2001-12-06 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
741 CVE-2001-0801 +Priv 2001-12-06 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library.
742 CVE-2001-0800 Exec Code 2001-12-06 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
743 CVE-2001-0799 Exec Code Overflow 2001-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument.
744 CVE-2001-0797 Exec Code Overflow 2001-12-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
745 CVE-2001-0796 DoS 2001-12-06 2017-10-10
5.0
None Remote Low Not required None None Partial
SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay.
746 CVE-2001-0795 2001-10-18 2008-09-05
5.0
None Remote Low Not required Partial None None
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names.
747 CVE-2001-0794 DoS Overflow 2001-10-18 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers to cause a denial of service via a long USER command.
748 CVE-2001-0792 Exec Code 2001-10-18 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname.
749 CVE-2001-0791 2001-10-18 2008-09-05
5.0
None Remote Low Not required None Partial None
Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access.
750 CVE-2001-0790 DoS 2001-10-18 2008-09-05
5.0
None Remote Low Not required None None Partial
Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a denial of service (CPU exhaustion) via a port scan, which causes the server to consume CPU while preparing alerts.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 (This Page)16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.