| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
801 |
CVE-2001-0647 |
|
|
DoS |
2001-08-06 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version. |
|
802 |
CVE-2001-0646 |
|
|
DoS |
2001-09-20 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific length. |
|
803 |
CVE-2001-0645 |
|
|
|
2001-09-20 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password. |
|
804 |
CVE-2001-0644 |
|
|
+Priv |
2001-09-20 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server. |
|
805 |
CVE-2001-0643 |
|
|
|
2001-09-20 |
2021-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type. |
|
806 |
CVE-2001-0641 |
|
|
Exec Code Overflow |
2001-09-20 |
2017-10-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option. |
|
807 |
CVE-2001-0636 |
|
|
DoS Exec Code Overflow |
2001-09-20 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. NOTE: It is highly likely that this candidate will be split into multiple candidates. |
|
808 |
CVE-2001-0635 |
|
|
+Priv |
2001-08-14 |
2017-10-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Red Hat Linux 7.1 sets insecure permissions on swap files created during installation, which can allow a local attacker to gain additional privileges by reading sensitive information from the swap file, such as passwords. |
|
809 |
CVE-2001-0634 |
|
|
DoS +Priv |
2001-08-22 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service. |
|
810 |
CVE-2001-0633 |
|
|
Dir. Trav. |
2001-08-22 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'. |
|
811 |
CVE-2001-0632 |
|
|
+Priv |
2001-08-22 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges. |
|
812 |
CVE-2001-0631 |
|
|
|
2001-08-22 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users. |
|
813 |
CVE-2001-0630 |
|
|
Dir. Trav. |
2001-08-22 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the 'loc' variable. |
|
814 |
CVE-2001-0629 |
119 |
|
Overflow +Priv |
2001-08-14 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter. |
|
815 |
CVE-2001-0628 |
|
|
|
2001-08-14 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user. |
|
816 |
CVE-2001-0627 |
|
|
|
2001-08-22 |
2017-10-10 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack. |
|
817 |
CVE-2001-0626 |
|
|
|
2001-08-22 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character. |
|
818 |
CVE-2001-0625 |
|
|
|
2001-08-22 |
2021-04-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log . |
|
819 |
CVE-2001-0623 |
|
|
+Priv |
2001-08-02 |
2017-12-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
sendfiled, as included with Simple Asynchronous File Transfer (SAFT), on various Linux systems does not properly drop privileges when sending notification emails, which allows local attackers to gain privileges. |
|
820 |
CVE-2001-0622 |
|
|
+Priv |
2001-08-14 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. |
|
821 |
CVE-2001-0621 |
|
|
|
2001-08-14 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. |
|
822 |
CVE-2001-0619 |
|
|
|
2001-08-02 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Lucent Closed Network protocol can allow remote attackers to join Closed Network networks which they do not have access to. The 'Network Name' or SSID, which is used as a shared secret to join the network, is transmitted in the clear. |
|
823 |
CVE-2001-0618 |
|
|
|
2001-08-02 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the 'Network Name' or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic. |
|
824 |
CVE-2001-0617 |
|
|
|
2001-08-22 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled. |
|
825 |
CVE-2001-0616 |
|
|
DoS |
2001-08-14 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0). |
|
826 |
CVE-2001-0615 |
|
|
Dir. Trav. |
2001-08-14 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'. |
|
827 |
CVE-2001-0614 |
|
|
Exec Code +Priv |
2001-08-22 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL. |
|
828 |
CVE-2001-0613 |
|
|
DoS |
2001-08-22 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request. |
|
829 |
CVE-2001-0612 |
|
|
DoS |
2001-08-22 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045. |
|
830 |
CVE-2001-0611 |
|
|
Overflow +Priv |
2001-08-14 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Becky! 2.00.05 and earlier can allow a remote attacker to gain additional privileges via a buffer overflow attack on long messages without newline characters. |
|
831 |
CVE-2001-0610 |
|
|
+Priv |
2001-08-02 |
2017-12-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp. |
|
832 |
CVE-2001-0609 |
|
|
+Priv |
2001-08-02 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. |
|
833 |
CVE-2001-0608 |
|
|
+Priv |
2001-08-22 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program. |
|
834 |
CVE-2001-0607 |
|
|
DoS +Priv |
2001-08-22 |
2017-10-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083. |
|
835 |
CVE-2001-0606 |
|
|
DoS |
2001-08-22 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service. |
|
836 |
CVE-2001-0605 |
|
|
|
2001-08-22 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data. |
|
837 |
CVE-2001-0604 |
|
|
DoS |
2001-08-02 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters. |
|
838 |
CVE-2001-0603 |
|
|
DoS |
2001-08-02 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148. |
|
839 |
CVE-2001-0602 |
|
|
DoS |
2001-08-02 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices. |
|
840 |
CVE-2001-0601 |
|
|
DoS |
2001-08-02 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters. |
|
841 |
CVE-2001-0600 |
|
|
DoS |
2001-08-02 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type. |
|
842 |
CVE-2001-0599 |
|
|
DoS |
2001-08-02 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier as included with Symantec Ghost 6.5 allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to port 2638. |
|
843 |
CVE-2001-0598 |
|
|
DoS |
2001-08-02 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled. |
|
844 |
CVE-2001-0597 |
|
|
|
2001-08-02 |
2017-12-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'. |
|
845 |
CVE-2001-0596 |
|
|
|
2001-08-02 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript. |
|
846 |
CVE-2001-0595 |
|
|
Exec Code Overflow |
2001-08-02 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program. |
|
847 |
CVE-2001-0594 |
|
|
Overflow +Priv |
2001-08-02 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument. |
|
848 |
CVE-2001-0593 |
|
|
|
2001-08-22 |
2018-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter. |
|
849 |
CVE-2001-0592 |
|
|
DoS |
2001-08-02 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Watchguard Firebox II prior to 4.6 allows a remote attacker to create a denial of service in the kernel via a large stream (>10,000) of malformed ICMP or TCP packets. |
|
850 |
CVE-2001-0591 |
|
|
Dir. Trav. |
2001-08-22 |
2018-05-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. |
