CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2001-0467 Dir. Trav. 2001-06-27 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request.
1052 CVE-2001-0466 Dir. Trav. 2001-06-18 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ustorekeeper 1.61 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
1053 CVE-2001-0465 +Info 2001-06-18 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information.
1054 CVE-2001-0464 Exec Code Overflow 2001-07-02 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.
1055 CVE-2001-0463 Dir. Trav. 2001-06-27 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter.
1056 CVE-2001-0462 Dir. Trav. 2001-06-27 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
1057 CVE-2001-0461 Exec Code 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi.
1058 CVE-2001-0460 DoS 2001-06-27 2017-12-19
5.0
None Remote Low Not required None None Partial
Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header.
1059 CVE-2001-0459 Overflow +Priv 2001-06-27 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option.
1060 CVE-2001-0458 Exec Code Overflow 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
1061 CVE-2001-0457 DoS 2001-06-27 2017-10-10
5.0
None Remote Low Not required None None Partial
man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).
1062 CVE-2001-0456 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
1063 CVE-2001-0455 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.
1064 CVE-2001-0454 Dir. Trav. 2001-06-27 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in SlimServe HTTPd 1.1a allows remote attackers to read arbitrary files via a ... (modified dot dot) in the HTTP request.
1065 CVE-2001-0453 Dir. Trav. 2001-06-27 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories.
1066 CVE-2001-0452 2001-06-27 2008-09-05
5.0
None Remote Low Not required Partial None None
BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.
1067 CVE-2001-0451 +Priv Bypass 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1.
1068 CVE-2001-0450 Dir. Trav. 2001-06-27 2017-12-19
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Transsoft FTP Broker before 5.5 allows attackers to (1) delete arbitrary files via DELETE, or (2) list arbitrary directories via LIST, via a .. (dot dot) in the file name.
1069 CVE-2001-0449 Exec Code Overflow 2001-06-27 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option.
1070 CVE-2001-0448 DoS 2001-06-18 2008-09-05
5.0
None Remote Low Not required None None Partial
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories with legacy DOS device names.
1071 CVE-2001-0447 DoS Exec Code 2001-06-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters.
1072 CVE-2001-0446 2001-06-18 2016-10-18
5.0
None Remote Low Not required Partial None None
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
1073 CVE-2001-0444 +Info 2001-07-02 2017-10-10
2.1
None Local Low Not required Partial None None
Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
1074 CVE-2001-0443 DoS Exec Code Overflow 2001-07-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via (1) a long username, or (2) a long password.
1075 CVE-2001-0442 DoS Exec Code Overflow 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command.
1076 CVE-2001-0441 Exec Code Overflow 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
1077 CVE-2001-0440 DoS Exec Code Overflow 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
1078 CVE-2001-0439 Exec Code 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
1079 CVE-2001-0438 2001-07-02 2008-09-05
2.1
None Local Low Not required None Partial None
Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu.
1080 CVE-2001-0437 2001-07-02 2017-12-19
5.0
None Remote Low Not required None Partial None
upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.
1081 CVE-2001-0436 Exec Code 2001-07-02 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.
1082 CVE-2001-0435 2001-07-02 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate.
1083 CVE-2001-0434 DoS 2001-07-02 2017-10-10
6.4
None Remote Low Not required None Partial Partial
The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service.
1084 CVE-2001-0433 DoS Exec Code Overflow 2001-06-18 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header.
1085 CVE-2001-0432 Exec Code Overflow 2001-07-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands.
1086 CVE-2001-0431 2001-07-02 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in iPlanet Web Server Enterprise Edition 4.x.
1087 CVE-2001-0430 2001-07-02 2017-10-10
3.6
None Local Low Not required Partial Partial None
Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.
1088 CVE-2001-0429 DoS 2001-07-02 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.
1089 CVE-2001-0428 DoS 2001-07-02 2018-10-30
5.0
None Remote Low Not required None None Partial
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option.
1090 CVE-2001-0427 20 DoS 2001-06-18 2017-10-10
7.1
None Remote Medium Not required None None Complete
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.
1091 CVE-2001-0426 Overflow +Priv 2001-07-02 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable.
1092 CVE-2001-0425 +Priv 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information.
1093 CVE-2001-0424 Exec Code 2001-07-02 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.
1094 CVE-2001-0423 Exec Code Overflow 2001-07-02 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093.
1095 CVE-2001-0422 Exec Code Overflow 2001-07-02 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
1096 CVE-2001-0421 2001-07-02 2018-10-30
6.4
None Remote Low Not required Partial None Partial
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.
1097 CVE-2001-0420 Dir. Trav. 2001-06-18 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter.
1098 CVE-2001-0419 Exec Code Overflow 2001-07-02 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.
1099 CVE-2001-0418 2001-07-02 2008-09-05
5.0
None Remote Low Not required Partial None None
content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter.
1100 CVE-2001-0417 2001-06-27 2020-01-21
2.1
None Local Low Not required None Partial None
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.