CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1201 CVE-2001-1083 DoS 2001-06-26 2017-10-10
5.0
None Remote Low Not required None None Partial
Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).
1202 CVE-2001-1084 XSS 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.
1203 CVE-2001-1085 2001-07-05 2017-10-10
3.7
None Local High Not required Partial Partial Partial
Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
1204 CVE-2001-1086 2001-07-04 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
1205 CVE-2001-1087 2001-07-05 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device.
1206 CVE-2001-1088 2001-06-05 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
1207 CVE-2001-1089 Exec Code 2001-09-10 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
1208 CVE-2001-1090 Exec Code 2001-09-10 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
1209 CVE-2001-1091 +Priv 2001-08-23 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.
1210 CVE-2001-1092 2001-09-10 2017-12-19
2.1
None Local Low Not required Partial None None
msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file.
1211 CVE-2001-1093 Exec Code Overflow 2001-09-10 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument.
1212 CVE-2001-1094 Bypass 2001-09-11 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version.
1213 CVE-2001-1095 Exec Code Overflow 2001-10-09 2016-09-17
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter.
1214 CVE-2001-1096 Exec Code Overflow 2001-10-09 2013-07-25
4.6
None Local Low Not required Partial Partial Partial
Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code.
1215 CVE-2001-1097 DoS 2001-07-24 2017-12-19
5.0
None Remote Low Not required None None Partial
Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.
1216 CVE-2001-1098 2001-10-10 2017-10-10
2.1
None Local Low Not required Partial None None
Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file.
1217 CVE-2001-1099 434 2001-09-07 2020-04-02
5.0
None Remote Low Not required Partial None None
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
1218 CVE-2001-1100 Exec Code 2001-10-07 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.
1219 CVE-2001-1101 2001-09-08 2017-12-19
6.4
None Remote Low Not required None Partial Partial
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.
1220 CVE-2001-1102 2001-09-08 2017-12-19
6.2
None Local High Not required Complete Complete Complete
Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable.
1221 CVE-2001-1103 Exec Code 2001-03-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands.
1222 CVE-2001-1104 2001-07-25 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
1223 CVE-2001-1105 Bypass 2001-09-12 2021-11-08
7.5
None Remote Low Not required Partial Partial Partial
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
1224 CVE-2001-1106 2001-07-25 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.
1225 CVE-2001-1107 +Priv 2001-07-26 2017-12-19
5.0
None Remote Low Not required Partial None None
SnapStream PVS 1.2a stores its passwords in plaintext in the file SSD.ini, which could allow a remote attacker to gain privileges on the server.
1226 CVE-2001-1108 Dir. Trav. 2001-07-26 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. (dot dot) attack in the requested URL.
1227 CVE-2001-1109 Dir. Trav. 2001-09-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands.
1228 CVE-2001-1110 +Info 2001-09-12 2008-09-05
5.0
None Remote Low Not required Partial None None
EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.
1229 CVE-2001-1111 2001-09-12 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file.
1230 CVE-2001-1112 Exec Code Overflow 2001-09-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters.
1231 CVE-2001-1113 Exec Code Overflow 2001-08-13 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command.
1232 CVE-2001-1114 Exec Code 2001-08-13 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter.
1233 CVE-2001-1115 2001-08-13 2017-12-19
5.0
None Remote Low Not required Partial None None
generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter.
1234 CVE-2001-1116 Bypass 2001-08-02 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display.
1235 CVE-2001-1117 2001-08-10 2017-10-10
5.0
None Remote Low Not required Partial None None
LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.
1236 CVE-2001-1118 Exec Code 2001-08-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.
1237 CVE-2001-1119 2001-08-03 2017-10-10
6.2
None Local High Not required Complete Complete Complete
cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack.
1238 CVE-2001-1120 2001-07-11 2017-12-19
6.4
None Remote Low Not required Partial Partial None
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
1239 CVE-2001-1121 2001-07-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-2001-1084.
1240 CVE-2001-1122 DoS 2001-08-03 2017-12-19
2.1
None Local Low Not required None None Partial
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
1241 CVE-2001-1123 Exec Code Overflow 2001-10-01 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID.
1242 CVE-2001-1124 DoS Overflow 2001-10-01 2017-12-19
5.0
None Remote Low Not required None None Partial
rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow.
1243 CVE-2001-1125 Exec Code 2001-10-05 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
1244 CVE-2001-1126 DoS 2001-10-05 2017-12-19
5.0
None Remote Low Not required None None Partial
Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site.
1245 CVE-2001-1127 Exec Code Overflow 2001-10-05 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
1246 CVE-2001-1128 Exec Code Overflow 2001-10-08 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.
1247 CVE-2001-1129 Exec Code 2001-11-02 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.
1248 CVE-2001-1130 Exec Code 2001-08-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.
1249 CVE-2001-1131 Dir. Trav. 2001-08-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command.
1250 CVE-2001-1132 2001-09-05 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 (This Page)26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.