CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1201 CVE-2001-0311 2001-06-02 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
1202 CVE-2001-0310 2001-06-02 2017-10-10
2.1
None Local Low Not required None None Partial
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.
1203 CVE-2001-0309 DoS 2001-06-02 2017-10-10
5.0
None Remote Low Not required None None Partial
inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services.
1204 CVE-2001-0308 94 Exec Code 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program.
1205 CVE-2001-0307 94 Exec Code 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.
1206 CVE-2001-0306 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ITAfrica WEBactive HTTP Server 1.00 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
1207 CVE-2001-0305 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter.
1208 CVE-2001-0304 Dir. Trav. 2001-05-03 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a "\.." (dot dot) in a URL request.
1209 CVE-2001-0303 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file.
1210 CVE-2001-0302 DoS Exec Code Overflow 2001-05-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
1211 CVE-2001-0301 Exec Code Overflow 2001-05-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.
1212 CVE-2001-0300 2001-06-02 2017-07-11
2.1
None Local Low Not required None Partial None
oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.
1213 CVE-2001-0299 DoS Exec Code Overflow 2001-06-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
1214 CVE-2001-0298 DoS Exec Code Overflow 2001-05-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request.
1215 CVE-2001-0297 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Simple Server HTTPd 1.0 (originally Free Java Server) allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
1216 CVE-2001-0296 Exec Code Overflow 2001-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.
1217 CVE-2001-0295 Dir. Trav. 2001-05-03 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command.
1218 CVE-2001-0294 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in a GET command, or (2) a ... in a CWD command.
1219 CVE-2001-0293 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows remote attackers to read arbitrary files via a .. (dot dot) in the GET command.
1220 CVE-2001-0292 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.
1221 CVE-2001-0291 Exec Code Overflow 2001-05-03 2005-10-20
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters.
1222 CVE-2001-0290 2001-05-03 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
1223 CVE-2001-0289 +Priv 2001-05-03 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.
1224 CVE-2001-0288 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
1225 CVE-2001-0287 DoS 2001-05-03 2008-09-05
2.1
None Local Low Not required None None Partial
VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command.
1226 CVE-2001-0286 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in A1 HTTP server 1.0a allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
1227 CVE-2001-0285 DoS Exec Code Overflow 2001-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in A1 HTTP server 1.0a allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
1228 CVE-2001-0284 DoS Exec Code Overflow 2001-05-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.
1229 CVE-2001-0283 Dir. Trav. 2001-05-03 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT.
1230 CVE-2001-0282 DoS Exec Code 2001-05-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
SEDUM 2.1 HTTP server allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
1231 CVE-2001-0281 +Priv 2001-05-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges.
1232 CVE-2001-0280 Exec Code Overflow 2001-05-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command.
1233 CVE-2001-0279 Overflow +Priv 2001-05-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.
1234 CVE-2001-0278 +Priv 2001-05-03 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local users to gain privileges.
1235 CVE-2001-0277 DoS Exec Code Overflow 2001-05-03 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.
1236 CVE-2001-0276 2001-05-03 2017-10-10
6.4
None Remote Low Not required Partial None Partial
ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path.
1237 CVE-2001-0275 DoS Exec Code 2001-05-03 2008-09-05
2.1
None Local Low Not required None None Partial
Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request.
1238 CVE-2001-0274 Exec Code 2001-05-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
1239 CVE-2001-0273 2001-05-03 2017-07-11
2.6
None Remote High Not required Partial None None
pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.
1240 CVE-2001-0272 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter.
1241 CVE-2001-0271 Exec Code 2001-05-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitrary commands via a user name that contains shell metacharacters.
1242 CVE-2001-0270 DoS 2001-05-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Marconi ASX-1000 ASX switches allow remote attackers to cause a denial of service in the telnet and web management interfaces via a malformed packet with the SYN-FIN and More Fragments attributes set.
1243 CVE-2001-0269 Bypass 2001-05-03 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password.
1244 CVE-2001-0268 +Priv 2001-05-03 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
1245 CVE-2001-0267 +Priv 2001-05-03 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpoints, which allows local users to gain privileges.
1246 CVE-2001-0266 +Priv 2001-05-03 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges.
1247 CVE-2001-0265 2001-06-18 2017-10-10
2.1
None Local Low Not required None Partial None
ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file.
1248 CVE-2001-0264 +Info 2001-06-18 2008-09-05
5.0
None Remote Low Not required Partial None None
Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.
1249 CVE-2001-0263 2001-06-18 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled.
1250 CVE-2001-0262 Exec Code Overflow 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 (This Page)26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.