CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2001-0416 2001-06-27 2017-10-10
2.1
None Local Low Not required Partial None None
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
1102 CVE-2001-0415 2001-06-27 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts.
1103 CVE-2001-0414 DoS Exec Code Overflow 2001-06-18 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
1104 CVE-2001-0413 DoS 2001-06-18 2017-10-10
5.0
None Remote Low Not required None None Partial
BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang.
1105 CVE-2001-0412 +Priv 2001-06-18 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
1106 CVE-2001-0411 DoS 2001-06-18 2016-10-18
5.0
None Remote Low Not required None None Partial
Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet.
1107 CVE-2001-0410 DoS Exec Code Overflow 2001-06-18 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long "From" header.
1108 CVE-2001-0409 2001-06-18 2017-10-10
2.1
None Local Low Not required None Partial None
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
1109 CVE-2001-0408 Exec Code 2001-06-18 2017-10-10
5.1
None Remote High Not required Partial Partial Partial
vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.
1110 CVE-2001-0407 +Priv Dir. Trav. 2001-06-27 2019-10-07
4.6
None Local Low Not required Partial Partial Partial
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
1111 CVE-2001-0406 2001-07-02 2008-09-05
2.1
None Local Low Not required None Partial None
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
1112 CVE-2001-0405 Bypass 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.
1113 CVE-2001-0404 Dir. Trav. 2001-06-18 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory.
1114 CVE-2001-0403 2001-06-18 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
/opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI.
1115 CVE-2001-0402 Bypass 2001-06-18 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.
1116 CVE-2001-0401 Exec Code Overflow 2001-06-18 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
1117 CVE-2001-0400 Exec Code 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address.
1118 CVE-2001-0399 2001-06-18 2016-10-18
5.0
None Remote Low Not required Partial None None
Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request.
1119 CVE-2001-0398 Exec Code Bypass 2001-06-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon.
1120 CVE-2001-0397 DoS Exec Code Overflow 2001-06-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long SMTP HELO command.
1121 CVE-2001-0396 +Info 2001-07-02 2008-09-05
5.0
None Remote Low Not required Partial None None
The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users.
1122 CVE-2001-0395 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.
1123 CVE-2001-0394 DoS 2001-08-22 2017-10-10
5.0
None Remote Low Not required None None Partial
Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.
1124 CVE-2001-0393 DoS 2001-06-18 2016-10-18
5.0
None Remote Low Not required None None Partial
Navision Financials Server 2.0 allows remote attackers to cause a denial of service via a series of connections to the server without providing a username/password combination, which consumes the license limits.
1125 CVE-2001-0392 DoS 2001-06-18 2016-10-18
5.0
None Remote Low Not required None None Partial
Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash.
1126 CVE-2001-0391 2001-07-02 2008-09-10
5.0
None Remote Low Not required None None Partial
Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.
1127 CVE-2001-0390 DoS 2001-07-02 2008-09-05
5.0
None Remote Low Not required None None Partial
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters.
1128 CVE-2001-0389 2001-07-02 2008-09-05
5.0
None Remote Low Not required Partial None None
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.
1129 CVE-2001-0388 DoS 2001-06-27 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
1130 CVE-2001-0387 +Priv 2001-07-02 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.
1131 CVE-2001-0386 DoS 2001-07-02 2017-10-10
5.0
None Remote Low Not required None None Partial
AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.
1132 CVE-2001-0385 DoS 2001-07-02 2017-12-20
5.0
None Remote Low Not required None None Partial
GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.
1133 CVE-2001-0384 2001-07-02 2008-09-05
2.1
None Local Low Not required None Partial None
ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file.
1134 CVE-2001-0383 2001-06-18 2017-10-10
5.0
None Remote Low Not required None Partial None
banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.
1135 CVE-2001-0382 +Priv 2001-06-18 2021-04-07
7.5
None Remote Low Not required Partial Partial Partial
Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application.
1136 CVE-2001-0381 2001-06-27 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key.
1137 CVE-2001-0380 2001-06-18 2017-10-19
6.4
None Remote Low Not required Partial Partial None
Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'.
1138 CVE-2001-0379 2001-06-18 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.
1139 CVE-2001-0378 2001-06-27 2017-10-10
2.1
None Local Low Not required Partial None None
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
1140 CVE-2001-0377 DoS 2001-06-18 2017-10-10
5.0
None Remote Low Not required None None Partial
Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string.
1141 CVE-2001-0376 2001-06-18 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used.
1142 CVE-2001-0375 DoS 2001-06-18 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests.
1143 CVE-2001-0374 Bypass 2001-06-18 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
The HTTP server in Compaq web-enabled management software for (1) Foundation Agents, (2) Survey, (3) Power Manager, (4) Availability Agents, (5) Intelligent Cluster Administrator, and (6) Insight Manager can be used as a generic proxy server, which allows remote attackers to bypass access restrictions via the management port, 2301.
1144 CVE-2001-0373 2001-06-18 2017-10-10
2.1
None Local Low Not required Partial None None
The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.
1145 CVE-2001-0372 2001-06-18 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores (1) barry, (2) basic, or (3) construct.
1146 CVE-2001-0371 2001-06-18 2017-10-10
6.2
None Local High Not required Complete Complete Complete
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.
1147 CVE-2001-0370 2001-06-27 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
fcheck prior to 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters.
1148 CVE-2001-0369 Overflow 2001-06-27 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a local attacker to obtain root access via a long command line argument (non-existent printer name).
1149 CVE-2001-0368 Dir. Trav. 2001-06-27 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in BearShare 2.2.2 and earlier allows a remote attacker to read certain files via a URL containing a series of . characters, a variation of the .. (dot dot) attack.
1150 CVE-2001-0367 DoS 2001-06-27 2016-10-18
5.0
None Remote Low Not required None None Partial
Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 (This Page)24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.