| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1201 |
CVE-2001-0198 |
|
1
|
Exec Code Overflow |
2001-05-03 |
2017-12-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag. |
|
1202 |
CVE-2001-0197 |
|
|
Exec Code |
2001-03-26 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands. |
|
1203 |
CVE-2001-0196 |
|
|
|
2001-05-03 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group. |
|
1204 |
CVE-2001-0194 |
|
|
Exec Code Overflow |
2001-05-03 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line. |
|
1205 |
CVE-2001-0193 |
|
|
+Priv |
2001-05-03 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter. |
|
1206 |
CVE-2001-0192 |
|
|
Exec Code Overflow |
2001-05-03 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions. |
|
1207 |
CVE-2001-0191 |
|
|
Exec Code Overflow |
2001-05-03 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length. |
|
1208 |
CVE-2001-0190 |
|
|
Overflow +Priv |
2001-03-26 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0). |
|
1209 |
CVE-2001-0189 |
|
|
Dir. Trav. |
2001-03-26 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request. |
|
1210 |
CVE-2001-0188 |
|
|
DoS |
2001-03-26 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to cause a denial of service via a flood of connections to the server, which causes it to crash. |
|
1211 |
CVE-2001-0187 |
|
|
Exec Code |
2001-03-26 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment. |
|
1212 |
CVE-2001-0186 |
|
|
Dir. Trav. |
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
|
1213 |
CVE-2001-0185 |
|
|
DoS |
2001-03-26 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash. |
|
1214 |
CVE-2001-0183 |
|
|
Bypass |
2001-03-26 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection. |
|
1215 |
CVE-2001-0182 |
|
|
DoS |
2001-03-26 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources. |
|
1216 |
CVE-2001-0181 |
|
|
Exec Code |
2001-03-26 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands. |
|
1217 |
CVE-2001-0180 |
|
|
Exec Code |
2001-05-03 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter. |
|
1218 |
CVE-2001-0179 |
|
|
|
2001-05-03 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." |
|
1219 |
CVE-2001-0177 |
|
|
DoS |
2001-03-26 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a denial of service via a buddy relationship between the IRC server and a server clone. |
|
1220 |
CVE-2001-0176 |
|
|
Exec Code +Priv |
2001-03-26 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges. |
|
1221 |
CVE-2001-0175 |
|
|
DoS |
2001-03-26 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs. |
|
1222 |
CVE-2001-0174 |
|
|
DoS Exec Code Overflow |
2001-05-03 |
2017-10-10 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a large "To" address. |
|
1223 |
CVE-2001-0173 |
|
|
Exec Code Overflow |
2001-05-03 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header. |
|
1224 |
CVE-2001-0172 |
|
|
DoS Exec Code Overflow |
2001-03-26 |
2017-12-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to cause a denial of service and possibly execute arbitrary commands by via a long directory name. |
|
1225 |
CVE-2001-0171 |
|
|
DoS Exec Code Overflow |
2001-05-03 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long GET request. |
|
1226 |
CVE-2001-0168 |
|
|
Exec Code Overflow |
2001-05-03 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0. |
|
1227 |
CVE-2001-0167 |
|
|
Exec Code Overflow |
2001-05-03 |
2017-12-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string. |
|
1228 |
CVE-2001-0166 |
|
|
DoS |
2001-03-26 |
2017-10-10 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file. |
|
1229 |
CVE-2001-0165 |
|
|
Overflow +Priv |
2001-05-03 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument. |
|
1230 |
CVE-2001-0164 |
|
|
DoS Exec Code Overflow |
2001-06-02 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field. |
|
1231 |
CVE-2001-0163 |
|
|
|
2001-01-01 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. |
|
1232 |
CVE-2001-0162 |
|
|
|
2001-01-01 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. |
|
1233 |
CVE-2001-0161 |
|
|
|
2001-01-01 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks. |
|
1234 |
CVE-2001-0160 |
|
|
|
2001-01-01 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector (IV) values for the Wireless Encryption Protocol (WEP) which allows remote attackers to quickly compile information that will let them decrypt messages. |
|
1235 |
CVE-2001-0157 |
|
|
Bypass |
2001-06-02 |
2017-10-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled. |
|
1236 |
CVE-2001-0155 |
|
|
Exec Code |
2001-06-02 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers. |
|
1237 |
CVE-2001-0154 |
|
|
|
2001-05-03 |
2021-07-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly. |
|
1238 |
CVE-2001-0153 |
119 |
|
Exec Code Overflow |
2001-05-03 |
2018-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands. |
|
1239 |
CVE-2001-0151 |
|
|
DoS |
2001-06-02 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. |
|
1240 |
CVE-2001-0150 |
|
|
Exec Code |
2001-06-02 |
2021-07-23 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts. |
|
1241 |
CVE-2001-0149 |
|
|
|
2001-06-02 |
2021-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. |
|
1242 |
CVE-2001-0148 |
|
|
Exec Code |
2001-06-02 |
2018-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. |
|
1243 |
CVE-2001-0147 |
|
|
Exec Code Overflow |
2001-05-03 |
2019-04-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. |
|
1244 |
CVE-2001-0146 |
|
|
DoS |
2001-06-02 |
2020-04-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. |
|
1245 |
CVE-2001-0145 |
|
|
Exec Code Overflow |
2001-05-03 |
2018-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field. |
|
1246 |
CVE-2001-0144 |
|
|
Exec Code Overflow |
2001-03-12 |
2018-05-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow. |
|
1247 |
CVE-2001-0137 |
|
|
Exec Code |
2001-03-12 |
2018-10-12 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability. |
|
1248 |
CVE-2001-0136 |
399 |
|
DoS |
2001-03-12 |
2018-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed. |
|
1249 |
CVE-2001-0134 |
|
|
Exec Code Overflow |
2001-03-12 |
2016-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name. |
|
1250 |
CVE-2001-0133 |
|
|
|
2001-03-12 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords. |
