CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001 (CVSS score >= 3)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-2001-0590 2001-08-02 2017-10-10
5.0
None Remote Low Not required Partial None None
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
852 CVE-2001-0588 Overflow +Priv 2001-08-22 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
853 CVE-2001-0587 Overflow +Priv 2001-08-22 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
854 CVE-2001-0586 2001-08-22 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords.
855 CVE-2001-0585 DoS 2001-08-22 2017-10-10
5.0
None Remote Low Not required None None Partial
Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000.
856 CVE-2001-0583 DoS 2001-08-22 2017-12-19
5.0
None Remote Low Not required None None Partial
Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001.
857 CVE-2001-0582 2001-08-22 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR.
858 CVE-2001-0581 DoS 2001-08-22 2017-12-19
5.0
None Remote Low Not required None None Partial
Spytech Spynet Chat Server 6.5 allows a remote attacker to create a denial of service (crash) via a large number of connections to port 6387.
859 CVE-2001-0580 DoS 2001-08-22 2008-09-10
5.0
None Remote Low Not required None None Partial
Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection.
860 CVE-2001-0579 Overflow +Priv 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command.
861 CVE-2001-0578 Overflow +Priv 2001-08-22 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command.
862 CVE-2001-0577 Overflow +Priv 2001-08-22 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument.
863 CVE-2001-0576 119 Overflow +Priv 2001-08-22 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter.
864 CVE-2001-0575 Overflow +Priv 2001-08-22 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut.
865 CVE-2001-0574 Dir. Trav. 2001-08-14 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows a remote attacker to download arbitrary files via a '..' (dot dot) in the URL.
866 CVE-2001-0573 +Priv 2001-08-02 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory.
867 CVE-2001-0572 +Info 2001-08-22 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
868 CVE-2001-0571 Dir. Trav. 2001-08-22 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL.
869 CVE-2001-0570 +Priv 2001-08-14 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks.
870 CVE-2001-0567 +Priv 2001-08-14 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
871 CVE-2001-0566 20 DoS 2001-08-14 2017-12-19
5.0
None Remote Low Not required None None Partial
Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.
872 CVE-2001-0565 Overflow +Priv 2001-08-14 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.
873 CVE-2001-0564 DoS 2001-08-22 2017-10-10
5.0
None Remote Low Not required None None Partial
APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card.
874 CVE-2001-0563 DoS 2001-08-14 2017-10-10
5.0
None Remote Low Not required None None Partial
ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large (> 160000 character) strings sent to port 23.
875 CVE-2001-0562 Exec Code 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters.
876 CVE-2001-0561 Dir. Trav. 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.
877 CVE-2001-0560 Overflow +Priv 2001-08-22 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
878 CVE-2001-0559 +Priv 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.
879 CVE-2001-0558 DoS 2001-08-14 2017-10-10
5.0
None Remote Low Not required None None Partial
T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).
880 CVE-2001-0557 2001-08-14 2017-12-19
5.0
None Remote Low Not required Partial None None
T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e).
881 CVE-2001-0556 2001-08-22 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.
882 CVE-2001-0555 2001-08-14 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
883 CVE-2001-0554 120 Exec Code Overflow 2001-08-14 2022-01-21
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
884 CVE-2001-0553 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.
885 CVE-2001-0552 Exec Code 2001-09-20 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message.
886 CVE-2001-0551 Exec Code Overflow 2001-05-22 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window.
887 CVE-2001-0550 Exec Code 2001-11-30 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
888 CVE-2001-0549 2001-08-14 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords.
889 CVE-2001-0548 Overflow +Priv 2001-08-14 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.
890 CVE-2001-0546 DoS 2001-09-20 2018-10-12
5.0
None Remote Low Not required None None Partial
Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
891 CVE-2001-0545 DoS 2001-10-30 2018-10-12
5.0
None Remote Low Not required None None Partial
IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length.
892 CVE-2001-0543 401 DoS 2001-09-20 2020-04-02
5.0
None Remote Low Not required None None Partial
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.
893 CVE-2001-0542 Exec Code Overflow 2001-12-20 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
894 CVE-2001-0541 Exec Code Overflow 2001-09-20 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file.
895 CVE-2001-0540 DoS 2001-10-30 2018-10-12
5.0
None Remote Low Not required None None Partial
Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389.
896 CVE-2001-0538 Exec Code 2001-08-14 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
897 CVE-2001-0537 287 Exec Code Bypass 2001-07-21 2017-10-10
9.3
None Remote Medium Not required Complete Complete Complete
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
898 CVE-2001-0535 2001-10-30 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.
899 CVE-2001-0534 DoS Exec Code Overflow 2001-07-21 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands.
900 CVE-2001-0533 Overflow +Priv 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable.
Total number of vulnerabilities : 1506   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 (This Page)19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.