| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1151 |
CVE-2001-1031 |
|
|
Dir. Trav. |
2001-09-27 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Meteor FTP 1.0 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the ls/LIST command, or (2) a ... in the cd/CWD command. |
|
1152 |
CVE-2001-1032 |
|
|
|
2001-09-24 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. |
|
1153 |
CVE-2001-1033 |
|
|
DoS |
2001-09-25 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state. |
|
1154 |
CVE-2001-1034 |
|
|
Exec Code |
2001-09-23 |
2017-12-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter. |
|
1155 |
CVE-2001-1035 |
|
|
Exec Code |
2001-09-24 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post. |
|
1156 |
CVE-2001-1036 |
|
|
+Priv |
2001-08-31 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory. |
|
1157 |
CVE-2001-1037 |
|
|
Exec Code |
2001-01-08 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. |
|
1158 |
CVE-2001-1038 |
|
|
DoS |
2001-07-11 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. |
|
1159 |
CVE-2001-1039 |
|
|
|
2001-08-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to the printer. |
|
1160 |
CVE-2001-1040 |
|
|
|
2001-08-31 |
2008-09-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password. |
|
1161 |
CVE-2001-1041 |
|
|
|
2001-08-31 |
2016-10-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable. |
|
1162 |
CVE-2001-1042 |
|
|
|
2001-07-02 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. |
|
1163 |
CVE-2001-1043 |
|
|
|
2001-07-01 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. |
|
1164 |
CVE-2001-1044 |
|
|
+Info |
2001-01-11 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file. |
|
1165 |
CVE-2001-1045 |
|
|
Dir. Trav. |
2001-07-06 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter. |
|
1166 |
CVE-2001-1046 |
|
|
Overflow +Priv |
2001-06-02 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username. |
|
1167 |
CVE-2001-1047 |
|
|
DoS |
2001-06-02 |
2017-12-19 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork. |
|
1168 |
CVE-2001-1048 |
|
|
|
2001-10-02 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
|
1169 |
CVE-2001-1049 |
|
|
|
2001-10-02 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
|
1170 |
CVE-2001-1050 |
|
|
|
2001-10-02 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
|
1171 |
CVE-2001-1051 |
|
|
|
2001-10-02 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
|
1172 |
CVE-2001-1052 |
|
|
|
2001-10-02 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
|
1173 |
CVE-2001-1053 |
|
|
+Priv Bypass |
2001-07-13 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument. |
|
1174 |
CVE-2001-1054 |
|
|
|
2001-10-02 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
|
1175 |
CVE-2001-1055 |
|
|
DoS |
2001-07-30 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke. |
|
1176 |
CVE-2001-1056 |
|
|
Bypass |
2001-07-30 |
2018-09-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request. |
|
1177 |
CVE-2001-1057 |
|
|
DoS |
2001-07-30 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests. |
|
1178 |
CVE-2001-1059 |
|
|
|
2001-07-30 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information. |
|
1179 |
CVE-2001-1060 |
|
|
Exec Code |
2001-07-31 |
2009-04-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. |
|
1180 |
CVE-2001-1061 |
|
|
|
2001-08-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error. |
|
1181 |
CVE-2001-1062 |
|
|
Exec Code Overflow |
2001-08-31 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code. |
|
1182 |
CVE-2001-1063 |
|
|
Overflow +Priv |
2001-08-31 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument. |
|
1183 |
CVE-2001-1064 |
|
|
DoS |
2001-08-31 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets. |
|
1184 |
CVE-2001-1065 |
|
|
|
2001-08-31 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. |
|
1185 |
CVE-2001-1066 |
|
|
|
2001-08-31 |
2018-05-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack. |
|
1186 |
CVE-2001-1067 |
|
|
DoS Exec Code Overflow |
2001-08-31 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header. |
|
1187 |
CVE-2001-1068 |
|
|
|
2001-08-31 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system. |
|
1188 |
CVE-2001-1069 |
|
|
|
2001-08-31 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior. |
|
1189 |
CVE-2001-1070 |
|
|
DoS |
2001-08-31 |
2017-12-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters. |
|
1190 |
CVE-2001-1071 |
|
|
DoS |
2001-10-09 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements. |
|
1191 |
CVE-2001-1072 |
|
|
Bypass |
2001-08-31 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail. |
|
1192 |
CVE-2001-1073 |
|
|
+Info |
2001-08-31 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR. |
|
1193 |
CVE-2001-1074 |
|
|
+Priv |
2001-05-28 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. |
|
1194 |
CVE-2001-1075 |
|
|
Bypass |
2001-07-04 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file. |
|
1195 |
CVE-2001-1076 |
|
|
Exec Code Overflow |
2001-07-05 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable. |
|
1196 |
CVE-2001-1077 |
|
|
Overflow +Priv |
2001-06-15 |
2017-12-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument. |
|
1197 |
CVE-2001-1078 |
|
|
Exec Code +Priv |
2001-06-21 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication. |
|
1198 |
CVE-2001-1080 |
|
|
+Priv |
2001-06-19 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program. |
|
1199 |
CVE-2001-1081 |
|
|
DoS Exec Code |
2001-07-06 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages. |
|
1200 |
CVE-2001-1082 |
|
|
Dir. Trav. |
2001-07-13 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a .. (dot dot) attack. |
