CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-2000-1097 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.
852 CVE-2000-1098 DoS 2001-01-09 2008-09-05
5.0
None Remote Low Not required None None Partial
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request.
853 CVE-2000-1101 Dir. Trav. 2001-01-09 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.
854 CVE-2000-1102 DoS 2001-01-09 2008-09-05
5.0
None Remote Low Not required None None Partial
PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to cause a denial of service (server crash) via "mode +owgscfxeb" and "oper" commands.
855 CVE-2000-1107 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash.
856 CVE-2000-1110 2001-01-09 2008-09-05
5.0
None Remote Low Not required Partial None None
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.
857 CVE-2000-1111 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.
858 CVE-2000-1114 2001-01-09 2008-09-05
5.0
None Remote Low Not required Partial None None
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".
859 CVE-2000-1117 2001-01-09 2008-09-10
5.0
None Remote Low Not required Partial None None
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
860 CVE-2000-1129 DoS 2001-01-09 2008-09-05
5.0
None Remote Low Not required None None Partial
McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field.
861 CVE-2000-1133 Bypass 2001-01-09 2016-10-18
5.0
None Remote Low Not required Partial None None
Authentix Authentix100 allows remote attackers to bypass authentication by inserting a . (dot) into the URL for a protected directory.
862 CVE-2000-1150 DoS 2001-01-09 2008-09-10
5.0
None Remote Low Not required None None Partial
Felix IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
863 CVE-2000-1151 DoS 2001-01-09 2008-09-10
5.0
None Remote Low Not required None None Partial
Baxter IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
864 CVE-2000-1152 DoS 2001-01-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
865 CVE-2000-1153 DoS 2001-01-09 2008-09-10
5.0
None Remote Low Not required None None Partial
PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
866 CVE-2000-1154 DoS 2001-01-09 2008-09-10
5.0
None Remote Low Not required None None Partial
RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request.
867 CVE-2000-1155 DoS 2001-01-09 2008-09-10
5.0
None Remote Low Not required None None Partial
RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request.
868 CVE-2000-1160 DoS 2001-01-09 2008-09-05
5.0
None Remote Low Not required None None Partial
NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large number of login requests.
869 CVE-2000-1165 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier.
870 CVE-2000-1171 Dir. Trav. 2001-01-09 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter.
871 CVE-2000-1173 +Info 2001-01-09 2008-09-05
5.0
None Remote Low Not required Partial None None
Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information.
872 CVE-2000-1177 2001-01-09 2008-09-05
5.0
None Remote Low Not required Partial None None
bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother (BB) before 1.5d3 allows remote attackers to determine the existence of files and user ID's by specifying the target file in the HISTFILE parameter.
873 CVE-2000-1179 2001-01-09 2017-10-10
5.0
None Remote Low Not required Partial None None
Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
874 CVE-2000-1181 +Info 2001-01-09 2017-10-10
5.0
None Remote Low Not required Partial None None
Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.
875 CVE-2000-1182 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling.
876 CVE-2000-1184 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file.
877 CVE-2000-1185 DoS 2001-01-09 2008-09-05
5.0
None Remote Low Not required None None Partial
The telnet proxy in RideWay PN proxy server allows remote attackers to cause a denial of service via a flood of connections that contain malformed requests.
878 CVE-2000-1188 Dir. Trav. 2001-01-09 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Quikstore shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "page" parameter.
879 CVE-2000-1191 209 2001-08-31 2020-12-09
5.0
None Remote Low Not required Partial None None
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
880 CVE-2000-1193 DoS 2001-08-31 2017-10-10
5.0
None Remote Low Not required None None Partial
Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port.
881 CVE-2000-1196 1 2001-08-31 2017-10-10
5.0
None Remote Low Not required Partial None None
PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.
882 CVE-2000-1200 +Info 2001-08-31 2017-10-10
5.0
None Remote Low Not required Partial None None
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
883 CVE-2000-1201 DoS 2001-08-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.
884 CVE-2000-1203 DoS 2001-08-20 2017-10-10
5.0
None Remote Low Not required None None Partial
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
885 CVE-2000-1215 +Info 2001-09-19 2017-07-11
5.0
None Remote Low Not required Partial None None
The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information.
886 CVE-2001-0003 2001-02-12 2018-10-12
5.0
None Remote Low Not required Partial None None
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
887 CVE-2001-0004 2001-02-12 2018-10-30
5.0
None Remote Low Not required Partial None None
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
888 CVE-2001-0007 DoS Overflow 2001-02-12 2017-10-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface.
889 CVE-2001-0009 Dir. Trav. 2001-02-12 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
890 CVE-2001-0012 2001-02-12 2008-09-10
5.0
None Remote Low Not required Partial None None
BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
891 CVE-2001-0014 DoS 2001-02-12 2019-04-30
5.0
None Remote Low Not required None None Partial
Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability.
892 CVE-2001-0017 DoS 2001-03-12 2018-10-12
5.0
None Remote Low Not required None None Partial
Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability.
893 CVE-2001-0018 DoS 2001-07-21 2019-04-30
5.0
None Remote Low Not required None None Partial
Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests.
894 CVE-2001-0026 DoS 2001-02-12 2017-10-10
5.0
None Remote Low Not required None None Partial
rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.
895 CVE-2001-0031 2001-02-16 2017-12-19
5.0
None Remote Low Not required Partial None None
BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist.
896 CVE-2001-0037 Dir. Trav. 2001-02-16 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers.
897 CVE-2001-0038 2001-02-16 2017-12-19
5.0
None Remote Low Not required Partial None None
Offline Explorer 1.4 before Service Release 2 allows remote attackers to read arbitrary files by specifying the drive letter (e.g. C:) in the requested URL.
898 CVE-2001-0039 DoS 2001-02-16 2017-10-10
5.0
None Remote Low Not required None None Partial
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.
899 CVE-2001-0042 2001-02-16 2017-10-10
5.0
None Remote Low Not required Partial None None
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
900 CVE-2001-0049 DoS 2001-02-16 2017-12-19
5.0
None Remote Low Not required None None Partial
WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to cause a denial of service via a large number of GET requests.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 (This Page)19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.