CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2001-1014 Exec Code 2001-09-15 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter.
52 CVE-2001-1013 2001-09-12 2017-12-19
5.0
None Remote Low Not required Partial None None
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
53 CVE-2001-1012 +Priv 2001-09-05 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/.
54 CVE-2001-1000 2001-09-07 2017-12-19
2.1
None Local Low Not required Partial None None
rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file.
55 CVE-2001-0999 2001-09-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script.
56 CVE-2001-0998 DoS 2001-09-24 2017-10-10
5.0
None Remote Low Not required None None Partial
IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd.
57 CVE-2001-0997 Exec Code 2001-09-11 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter.
58 CVE-2001-0996 2001-09-02 2017-12-19
6.4
None Remote Low Not required None Partial Partial
POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly.
59 CVE-2001-0994 DoS 2001-09-04 2017-12-19
5.0
None Remote Low Not required None None Partial
Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents others from logging into the device.
60 CVE-2001-0992 Exec Code 2001-09-05 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter.
61 CVE-2001-0990 +Info 2001-09-04 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
62 CVE-2001-0986 +Info 2001-09-14 2017-12-19
5.0
None Remote Low Not required Partial None None
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
63 CVE-2001-0985 Exec Code 2001-09-08 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.
64 CVE-2001-0984 2001-09-13 2017-12-20
4.6
None Local Low Not required Partial Partial Partial
Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize and prompt on restore" options enabled, which could allow an attacker with access to the memory (e.g. an administrator) to read the passwords.
65 CVE-2001-0979 Overflow +Priv 2001-09-03 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument.
66 CVE-2001-0978 2001-09-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program.
67 CVE-2001-0964 Exec Code Overflow 2001-09-20 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command.
68 CVE-2001-0963 Dir. Trav. 2001-09-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... (modified dot dot) in the CD (CWD) command.
69 CVE-2001-0962 +Priv 2001-09-19 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
70 CVE-2001-0961 Exec Code Overflow 2001-09-18 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most.
71 CVE-2001-0960 +Priv 2001-09-15 2021-04-07
10.0
None Remote Low Not required Complete Complete Complete
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.
72 CVE-2001-0959 +Info 2001-09-15 2021-04-07
6.4
None Remote Low Not required Partial Partial None
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.
73 CVE-2001-0958 Exec Code Overflow 2001-09-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll.
74 CVE-2001-0956 Exec Code 2001-09-11 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters.
75 CVE-2001-0955 DoS Overflow +Priv 2001-09-22 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.
76 CVE-2001-0940 Exec Code Overflow 2001-09-21 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name.
77 CVE-2001-0710 DoS 2001-09-20 2017-10-10
5.0
None Remote Low Not required None None Partial
NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool.
78 CVE-2001-0709 2001-09-20 2017-12-19
5.0
None Remote Low Not required Partial None None
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
79 CVE-2001-0708 DoS 2001-09-20 2017-12-19
5.0
None Remote Low Not required None None Partial
Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a denial of service (crash) via a long string.
80 CVE-2001-0707 DoS 2001-09-20 2017-12-19
5.0
None Remote Low Not required None None Partial
Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a denial of service (crash) via a long string to port 514.
81 CVE-2001-0706 DoS 2001-09-20 2017-10-10
2.1
None Local Low Not required None None Partial
Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders.
82 CVE-2001-0705 Dir. Trav. 2001-09-20 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in the template argument.
83 CVE-2001-0704 2001-09-20 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist.
84 CVE-2001-0703 DoS 2001-09-20 2017-12-19
5.0
None Remote Low Not required None None Partial
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter.
85 CVE-2001-0702 DoS Exec Code 2001-09-20 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command.
86 CVE-2001-0701 Overflow +Priv 2001-09-20 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument.
87 CVE-2001-0700 Exec Code Overflow 2001-09-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header.
88 CVE-2001-0699 Exec Code Overflow 2001-09-20 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument.
89 CVE-2001-0698 Dir. Trav. 2001-09-20 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command.
90 CVE-2001-0697 DoS 2001-09-20 2017-10-10
5.0
None Remote Low Not required None None Partial
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
91 CVE-2001-0696 DoS 2001-09-20 2017-10-10
5.0
None Remote Low Not required None None Partial
NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.
92 CVE-2001-0695 DoS 2001-09-20 2017-12-19
5.0
None Remote Low Not required None None Partial
WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by making repeated requests to cd to the floppy drive (A:\).
93 CVE-2001-0694 Dir. Trav. 2001-09-20 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command.
94 CVE-2001-0693 2001-09-20 2017-12-19
5.0
None Remote Low Not required Partial None None
WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20).
95 CVE-2001-0692 Bypass 2001-09-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a remote attacker to bypass firewall filtering via a base64 MIME encoded email attachment whose boundary name ends in two dashes.
96 CVE-2001-0691 Exec Code Overflow 2001-09-20 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
97 CVE-2001-0690 Exec Code 2001-09-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
98 CVE-2001-0689 2001-09-20 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in TrendMicro Virus Control System 1.8 allows a remote attacker to view configuration files and change the configuration via a certain CGI program.
99 CVE-2001-0688 DoS 2001-09-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial of service by repeatedly issuing an invalid CD or CWD ("CD . .") command.
100 CVE-2001-0687 2001-09-20 2017-12-19
5.0
None Remote Low Not required Partial None None
Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename).
Total number of vulnerabilities : 135   Page : 1 2 (This Page)3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.