CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2001-1188 2001-12-11 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields.
1302 CVE-2001-1189 2001-12-13 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.
1303 CVE-2001-1190 2001-12-12 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.
1304 CVE-2001-1191 DoS 2001-12-11 2008-09-05
5.0
None Remote Low Not required None None Partial
WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e.
1305 CVE-2001-1192 Exec Code 2001-12-13 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client.
1306 CVE-2001-1193 Dir. Trav. 2001-12-13 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command.
1307 CVE-2001-1194 DoS 2001-12-14 2017-07-11
5.0
None Remote Low Not required None None Partial
Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly.
1308 CVE-2001-1195 +Priv 2001-12-15 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.
1309 CVE-2001-1196 +Priv Dir. Trav. 2001-12-17 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
1310 CVE-2001-1197 2001-12-14 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file.
1311 CVE-2001-1198 +Priv 2001-12-15 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.
1312 CVE-2001-1199 XSS 2001-12-17 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
1313 CVE-2001-1200 Bypass 2001-12-17 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys.
1314 CVE-2001-1201 Exec Code Overflow 2001-12-17 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file.
1315 CVE-2001-1202 Exec Code XSS 2001-12-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.
1316 CVE-2001-1203 +Priv 2001-12-27 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges.
1317 CVE-2001-1204 Dir. Trav. 2001-12-28 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
1318 CVE-2001-1205 22 Dir. Trav. 2001-12-30 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable.
1319 CVE-2001-1206 Exec Code 2001-12-30 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $error_log variable.
1320 CVE-2001-1207 Exec Code Overflow 2001-12-30 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA.
1321 CVE-2001-1208 Exec Code 2001-12-31 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in DayDream BBS allows remote attackers to execute arbitrary code via format string specifiers in a file containing a ~#RA control code.
1322 CVE-2001-1209 Dir. Trav. 2001-12-31 2009-04-30
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
1323 CVE-2001-1210 2001-12-30 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings.
1324 CVE-2001-1211 2001-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.
1325 CVE-2001-1212 XSS 2001-12-18 2008-09-10
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.
1326 CVE-2001-1213 2001-12-18 2008-09-10
6.4
None Remote Low Not required Partial Partial None
The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder.
1327 CVE-2001-1214 Exec Code 2001-12-15 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters.
1328 CVE-2001-1215 Exec Code 2001-12-20 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.
1329 CVE-2001-1216 Exec Code Overflow 2001-12-21 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
1330 CVE-2001-1217 Dir. Trav. 2001-12-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
1331 CVE-2001-1218 DoS 2001-12-20 2008-09-10
2.1
None Local Low Not required None None Partial
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
1332 CVE-2001-1219 DoS 2001-12-20 2021-07-23
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
1333 CVE-2001-1220 +Priv 2001-12-21 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.
1334 CVE-2001-1221 2001-12-21 2008-09-05
5.0
None Remote Low Not required Partial None None
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.
1335 CVE-2001-1223 +Priv 2001-12-26 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.
1336 CVE-2001-1224 Exec Code Sql 2001-12-23 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack.
1337 CVE-2001-1225 DoS 2001-12-26 2008-09-05
2.1
None Local Low Not required None None Partial
Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.
1338 CVE-2001-1226 2001-12-25 2008-09-05
5.0
None Remote Low Not required None Partial None
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.
1339 CVE-2001-1227 Bypass 2001-10-10 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
1340 CVE-2001-1228 Exec Code Overflow 2001-11-18 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
1341 CVE-2001-1229 DoS Exec Code Overflow 2001-03-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
1342 CVE-2001-1230 DoS Exec Code Overflow 2001-03-13 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
1343 CVE-2001-1231 2001-08-14 2017-10-10
5.0
None Remote Low Not required Partial None None
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
1344 CVE-2001-1232 2001-08-14 2017-12-19
5.0
None Remote Low Not required Partial None None
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
1345 CVE-2001-1233 2001-08-14 2018-10-30
5.0
None Remote Low Not required Partial None None
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
1346 CVE-2001-1234 Exec Code 2001-10-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
1347 CVE-2001-1235 Exec Code 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
1348 CVE-2001-1236 Exec Code 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
1349 CVE-2001-1237 Exec Code 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.
1350 CVE-2001-1238 2001-07-16 2019-04-30
4.6
None Local Low Not required Partial Partial Partial
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 (This Page)28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.