CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001 (CVSS score >= 3)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1001 CVE-2001-0422 Exec Code Overflow 2001-07-02 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
1002 CVE-2001-0421 2001-07-02 2018-10-30
6.4
None Remote Low Not required Partial None Partial
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.
1003 CVE-2001-0420 Dir. Trav. 2001-06-18 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter.
1004 CVE-2001-0419 Exec Code Overflow 2001-07-02 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.
1005 CVE-2001-0418 2001-07-02 2008-09-05
5.0
None Remote Low Not required Partial None None
content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter.
1006 CVE-2001-0415 2001-06-27 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts.
1007 CVE-2001-0414 DoS Exec Code Overflow 2001-06-18 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
1008 CVE-2001-0413 DoS 2001-06-18 2017-10-10
5.0
None Remote Low Not required None None Partial
BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang.
1009 CVE-2001-0412 +Priv 2001-06-18 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
1010 CVE-2001-0411 DoS 2001-06-18 2016-10-18
5.0
None Remote Low Not required None None Partial
Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet.
1011 CVE-2001-0410 DoS Exec Code Overflow 2001-06-18 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long "From" header.
1012 CVE-2001-0408 Exec Code 2001-06-18 2017-10-10
5.1
None Remote High Not required Partial Partial Partial
vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.
1013 CVE-2001-0407 +Priv Dir. Trav. 2001-06-27 2019-10-07
4.6
None Local Low Not required Partial Partial Partial
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
1014 CVE-2001-0405 Bypass 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.
1015 CVE-2001-0404 Dir. Trav. 2001-06-18 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory.
1016 CVE-2001-0403 2001-06-18 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
/opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI.
1017 CVE-2001-0402 Bypass 2001-06-18 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.
1018 CVE-2001-0401 Exec Code Overflow 2001-06-18 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
1019 CVE-2001-0400 Exec Code 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address.
1020 CVE-2001-0399 2001-06-18 2016-10-18
5.0
None Remote Low Not required Partial None None
Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request.
1021 CVE-2001-0398 Exec Code Bypass 2001-06-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon.
1022 CVE-2001-0397 DoS Exec Code Overflow 2001-06-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long SMTP HELO command.
1023 CVE-2001-0396 +Info 2001-07-02 2008-09-05
5.0
None Remote Low Not required Partial None None
The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users.
1024 CVE-2001-0395 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.
1025 CVE-2001-0394 DoS 2001-08-22 2017-10-10
5.0
None Remote Low Not required None None Partial
Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.
1026 CVE-2001-0393 DoS 2001-06-18 2016-10-18
5.0
None Remote Low Not required None None Partial
Navision Financials Server 2.0 allows remote attackers to cause a denial of service via a series of connections to the server without providing a username/password combination, which consumes the license limits.
1027 CVE-2001-0392 DoS 2001-06-18 2016-10-18
5.0
None Remote Low Not required None None Partial
Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash.
1028 CVE-2001-0391 2001-07-02 2008-09-10
5.0
None Remote Low Not required None None Partial
Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.
1029 CVE-2001-0390 DoS 2001-07-02 2008-09-05
5.0
None Remote Low Not required None None Partial
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters.
1030 CVE-2001-0389 2001-07-02 2008-09-05
5.0
None Remote Low Not required Partial None None
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.
1031 CVE-2001-0388 DoS 2001-06-27 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
1032 CVE-2001-0387 +Priv 2001-07-02 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.
1033 CVE-2001-0386 DoS 2001-07-02 2017-10-10
5.0
None Remote Low Not required None None Partial
AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.
1034 CVE-2001-0385 DoS 2001-07-02 2017-12-20
5.0
None Remote Low Not required None None Partial
GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.
1035 CVE-2001-0383 2001-06-18 2017-10-10
5.0
None Remote Low Not required None Partial None
banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.
1036 CVE-2001-0382 +Priv 2001-06-18 2021-04-07
7.5
None Remote Low Not required Partial Partial Partial
Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application.
1037 CVE-2001-0381 2001-06-27 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key.
1038 CVE-2001-0380 2001-06-18 2017-10-19
6.4
None Remote Low Not required Partial Partial None
Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'.
1039 CVE-2001-0379 2001-06-18 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.
1040 CVE-2001-0377 DoS 2001-06-18 2017-10-10
5.0
None Remote Low Not required None None Partial
Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string.
1041 CVE-2001-0376 2001-06-18 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used.
1042 CVE-2001-0375 DoS 2001-06-18 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests.
1043 CVE-2001-0374 Bypass 2001-06-18 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
The HTTP server in Compaq web-enabled management software for (1) Foundation Agents, (2) Survey, (3) Power Manager, (4) Availability Agents, (5) Intelligent Cluster Administrator, and (6) Insight Manager can be used as a generic proxy server, which allows remote attackers to bypass access restrictions via the management port, 2301.
1044 CVE-2001-0372 2001-06-18 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores (1) barry, (2) basic, or (3) construct.
1045 CVE-2001-0371 2001-06-18 2017-10-10
6.2
None Local High Not required Complete Complete Complete
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.
1046 CVE-2001-0370 2001-06-27 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
fcheck prior to 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters.
1047 CVE-2001-0369 Overflow 2001-06-27 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a local attacker to obtain root access via a long command line argument (non-existent printer name).
1048 CVE-2001-0368 Dir. Trav. 2001-06-27 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in BearShare 2.2.2 and earlier allows a remote attacker to read certain files via a URL containing a series of . characters, a variation of the .. (dot dot) attack.
1049 CVE-2001-0367 DoS 2001-06-27 2016-10-18
5.0
None Remote Low Not required None None Partial
Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters.
1050 CVE-2001-0366 2001-06-27 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program.
Total number of vulnerabilities : 1506   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 (This Page)22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.