CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1201 CVE-2001-1019 Dir. Trav. 2001-09-08 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter.
1202 CVE-2001-1023 2001-09-21 2017-12-19
5.0
None Remote Low Not required Partial None None
Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header.
1203 CVE-2001-1031 Dir. Trav. 2001-09-27 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Meteor FTP 1.0 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the ls/LIST command, or (2) a ... in the cd/CWD command.
1204 CVE-2001-1033 DoS 2001-09-25 2017-12-19
5.0
None Remote Low Not required None None Partial
Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state.
1205 CVE-2001-1038 DoS 2001-07-11 2018-10-30
5.0
None Remote Low Not required None None Partial
Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023.
1206 CVE-2001-1042 2001-07-02 2017-12-19
5.0
None Remote Low Not required Partial None None
Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
1207 CVE-2001-1043 2001-07-01 2017-10-10
5.0
None Remote Low Not required Partial None None
ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
1208 CVE-2001-1045 Dir. Trav. 2001-07-06 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.
1209 CVE-2001-1055 DoS 2001-07-30 2017-10-10
5.0
None Remote Low Not required None None Partial
The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.
1210 CVE-2001-1057 DoS 2001-07-30 2017-12-19
5.0
None Remote Low Not required None None Partial
The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests.
1211 CVE-2001-1064 DoS 2001-08-31 2017-12-19
5.0
None Remote Low Not required None None Partial
Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets.
1212 CVE-2001-1065 2001-08-31 2017-12-19
5.0
None Remote Low Not required None None Partial
Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.
1213 CVE-2001-1068 2001-08-31 2017-12-19
5.0
None Remote Low Not required Partial None None
qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system.
1214 CVE-2001-1071 DoS 2001-10-09 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements.
1215 CVE-2001-1072 Bypass 2001-08-31 2017-10-10
5.0
None Remote Low Not required None None Partial
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
1216 CVE-2001-1073 +Info 2001-08-31 2017-12-19
5.0
None Remote Low Not required Partial None None
Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR.
1217 CVE-2001-1075 Bypass 2001-07-04 2017-10-10
5.0
None Remote Low Not required None Partial None
poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.
1218 CVE-2001-1082 Dir. Trav. 2001-07-13 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a .. (dot dot) attack.
1219 CVE-2001-1083 DoS 2001-06-26 2017-10-10
5.0
None Remote Low Not required None None Partial
Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).
1220 CVE-2001-1097 DoS 2001-07-24 2017-12-19
5.0
None Remote Low Not required None None Partial
Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.
1221 CVE-2001-1099 434 2001-09-07 2020-04-02
5.0
None Remote Low Not required Partial None None
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
1222 CVE-2001-1107 +Priv 2001-07-26 2017-12-19
5.0
None Remote Low Not required Partial None None
SnapStream PVS 1.2a stores its passwords in plaintext in the file SSD.ini, which could allow a remote attacker to gain privileges on the server.
1223 CVE-2001-1110 +Info 2001-09-12 2008-09-05
5.0
None Remote Low Not required Partial None None
EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.
1224 CVE-2001-1115 2001-08-13 2017-12-19
5.0
None Remote Low Not required Partial None None
generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter.
1225 CVE-2001-1117 2001-08-10 2017-10-10
5.0
None Remote Low Not required Partial None None
LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.
1226 CVE-2001-1124 DoS Overflow 2001-10-01 2017-12-19
5.0
None Remote Low Not required None None Partial
rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow.
1227 CVE-2001-1126 DoS 2001-10-05 2017-12-19
5.0
None Remote Low Not required None None Partial
Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site.
1228 CVE-2001-1131 Dir. Trav. 2001-08-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command.
1229 CVE-2001-1134 DoS 2001-08-09 2008-09-10
5.0
None Remote Low Not required None None Partial
Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm.
1230 CVE-2001-1137 DoS 2001-09-06 2017-12-19
5.0
None Remote Low Not required None None Partial
D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments.
1231 CVE-2001-1139 Dir. Trav. 2001-08-22 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request.
1232 CVE-2001-1140 2001-08-22 2017-12-19
5.0
None Remote Low Not required Partial None None
BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request.
1233 CVE-2001-1141 2001-07-10 2017-10-10
5.0
None Remote Low Not required Partial None None
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
1234 CVE-2001-1142 +Priv 2001-07-12 2008-09-05
5.0
None Remote Low Not required Partial None None
ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.
1235 CVE-2001-1143 DoS 2001-07-11 2008-09-05
5.0
None Remote Low Not required None None Partial
IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.
1236 CVE-2001-1144 Dir. Trav. 2001-07-11 2013-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.
1237 CVE-2001-1149 DoS 2001-08-21 2008-09-05
5.0
None Remote Low Not required None None Partial
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.
1238 CVE-2001-1150 2001-08-22 2008-09-05
5.0
None Remote Low Not required Partial None None
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
1239 CVE-2001-1151 2001-10-15 2017-12-19
5.0
None Remote Low Not required Partial None None
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.
1240 CVE-2001-1154 DoS 2001-08-30 2017-12-19
5.0
None Remote Low Not required None None Partial
Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.
1241 CVE-2001-1156 DoS 2001-10-08 2008-09-05
5.0
None Remote Low Not required None None Partial
TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.
1242 CVE-2001-1166 2001-08-21 2008-09-05
5.0
None Remote Low Not required Partial None None
linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.
1243 CVE-2001-1168 Dir. Trav. 2001-08-29 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter.
1244 CVE-2001-1170 2001-09-29 2017-12-19
5.0
None Remote Low Not required Partial None None
AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers.
1245 CVE-2001-1183 DoS 2001-07-12 2017-10-10
5.0
None Remote Low Not required None None Partial
PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.
1246 CVE-2001-1184 DoS 2001-12-08 2008-09-05
5.0
None Remote Low Not required None None Partial
wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number, which causes a connection attempt to that port and all ports below 1024, and (2) in 2.21.00, a port number of 1024.
1247 CVE-2001-1186 DoS 2001-12-11 2018-10-30
5.0
None Remote Low Not required None None Partial
Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.
1248 CVE-2001-1191 DoS 2001-12-11 2008-09-05
5.0
None Remote Low Not required None None Partial
WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e.
1249 CVE-2001-1193 Dir. Trav. 2001-12-13 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command.
1250 CVE-2001-1194 DoS 2001-12-14 2017-07-11
5.0
None Remote Low Not required None None Partial
Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 (This Page)26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.