CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2001-0598 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled.
752 CVE-2001-0599 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier as included with Symantec Ghost 6.5 allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to port 2638.
753 CVE-2001-0600 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type.
754 CVE-2001-0601 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters.
755 CVE-2001-0602 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices.
756 CVE-2001-0603 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148.
757 CVE-2001-0604 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters.
758 CVE-2001-0605 2001-08-22 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data.
759 CVE-2001-0606 DoS 2001-08-22 2017-12-19
5.0
None Remote Low Not required None None Partial
Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service.
760 CVE-2001-0607 DoS +Priv 2001-08-22 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.
761 CVE-2001-0608 +Priv 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program.
762 CVE-2001-0609 +Priv 2001-08-02 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
763 CVE-2001-0610 +Priv 2001-08-02 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.
764 CVE-2001-0611 Overflow +Priv 2001-08-14 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Becky! 2.00.05 and earlier can allow a remote attacker to gain additional privileges via a buffer overflow attack on long messages without newline characters.
765 CVE-2001-0612 DoS 2001-08-22 2017-10-10
5.0
None Remote Low Not required None None Partial
McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045.
766 CVE-2001-0613 DoS 2001-08-22 2017-10-10
5.0
None Remote Low Not required None None Partial
Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request.
767 CVE-2001-0614 Exec Code +Priv 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL.
768 CVE-2001-0615 Dir. Trav. 2001-08-14 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'.
769 CVE-2001-0616 DoS 2001-08-14 2017-10-10
5.0
None Remote Low Not required None None Partial
Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0).
770 CVE-2001-0617 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled.
771 CVE-2001-0618 2001-08-02 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the 'Network Name' or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic.
772 CVE-2001-0619 2001-08-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
The Lucent Closed Network protocol can allow remote attackers to join Closed Network networks which they do not have access to. The 'Network Name' or SSID, which is used as a shared secret to join the network, is transmitted in the clear.
773 CVE-2001-0620 2001-08-02 2017-12-19
2.1
None Local Low Not required Partial None None
iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions.
774 CVE-2001-0621 2001-08-14 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.
775 CVE-2001-0622 +Priv 2001-08-14 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface.
776 CVE-2001-0623 +Priv 2001-08-02 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
sendfiled, as included with Simple Asynchronous File Transfer (SAFT), on various Linux systems does not properly drop privileges when sending notification emails, which allows local attackers to gain privileges.
777 CVE-2001-0624 2001-08-02 2017-12-19
2.1
None Local Low Not required Partial None None
QNX 2.4 allows a local user to read arbitrary files by directly accessing the mount point for the FAT disk partition, e.g. /fs-dos.
778 CVE-2001-0625 2001-08-22 2021-04-09
7.2
None Local Low Not required Complete Complete Complete
ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log .
779 CVE-2001-0626 2001-08-22 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.
780 CVE-2001-0627 2001-08-22 2017-10-10
3.7
None Local High Not required Partial Partial Partial
vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.
781 CVE-2001-0628 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
782 CVE-2001-0629 119 Overflow +Priv 2001-08-14 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.
783 CVE-2001-0630 Dir. Trav. 2001-08-22 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the 'loc' variable.
784 CVE-2001-0631 2001-08-22 2017-10-10
5.0
None Remote Low Not required None Partial None
Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users.
785 CVE-2001-0632 +Priv 2001-08-22 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges.
786 CVE-2001-0633 Dir. Trav. 2001-08-22 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'.
787 CVE-2001-0634 DoS +Priv 2001-08-22 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service.
788 CVE-2001-0635 +Priv 2001-08-14 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Red Hat Linux 7.1 sets insecure permissions on swap files created during installation, which can allow a local attacker to gain additional privileges by reading sensitive information from the swap file, such as passwords.
789 CVE-2001-0636 DoS Exec Code Overflow 2001-09-20 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. NOTE: It is highly likely that this candidate will be split into multiple candidates.
790 CVE-2001-0641 Exec Code Overflow 2001-09-20 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.
791 CVE-2001-0642 Dir. Trav. 2001-09-20 2017-12-19
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in the content.ini file.
792 CVE-2001-0643 2001-09-20 2021-07-23
5.0
None Remote Low Not required None Partial None
Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.
793 CVE-2001-0644 +Priv 2001-09-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server.
794 CVE-2001-0645 2001-09-20 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password.
795 CVE-2001-0646 DoS 2001-09-20 2017-10-10
5.0
None Remote Low Not required None None Partial
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific length.
796 CVE-2001-0647 DoS 2001-08-06 2008-09-05
5.0
None Remote Low Not required None None Partial
Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version.
797 CVE-2001-0648 Dir. Trav. 2001-09-20 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module.
798 CVE-2001-0649 DoS 2001-09-20 2017-12-19
5.0
None Remote Low Not required None None Partial
Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial of service via a long HTTP request.
799 CVE-2001-0650 2001-09-20 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.
800 CVE-2001-0652 Overflow +Priv 2001-10-30 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.