CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2001-1388 770 2001-11-05 2021-02-02
5.0
None Remote Low Not required None None Partial
iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator.
1302 CVE-2001-1408 Dir. Trav. 2001-07-05 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.
1303 CVE-2001-1417 DoS 2001-10-06 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data.
1304 CVE-2001-1418 DoS 2001-10-06 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file.
1305 CVE-2001-1419 DoS 2001-10-02 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
1306 CVE-2001-1421 DoS 2001-10-06 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag.
1307 CVE-2001-1431 2001-10-08 2017-07-11
5.0
None Remote Low Not required Partial None None
Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.
1308 CVE-2001-1434 2001-02-28 2017-07-11
5.0
None Remote Low Not required Partial None None
Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.
1309 CVE-2001-1435 DoS 2001-02-23 2017-07-11
5.0
None Remote Low Not required None None Partial
inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of service (network connection loss) by causing one of the services handled by inetd to core dump during startup, which causes inetd to stop accepting connections to all of its services.
1310 CVE-2001-1438 DoS 2001-10-22 2017-07-11
5.0
None Remote Low Not required None None Partial
Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image.
1311 CVE-2001-1443 2001-08-27 2017-07-11
5.0
None Remote Low Not required Partial None None
KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.
1312 CVE-2001-1452 2001-08-31 2019-04-30
5.0
None Remote Low Not required None Partial None
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
1313 CVE-2001-1458 Dir. Trav. 2001-10-15 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.
1314 CVE-2001-1469 2001-01-18 2017-07-11
5.0
None Remote Low Not required None Partial None
The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check (CRC) with the CRC of a mask consisting of all the bits of the original message that were modified.
1315 CVE-2001-1470 2001-01-18 2017-07-11
5.0
None Remote Low Not required None Partial None
The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message.
1316 CVE-2001-1474 2001-01-18 2017-07-11
5.0
None Remote Low Not required None Partial None
SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache.
1317 CVE-2001-1483 2001-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.
1318 CVE-2001-1488 2001-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet. NOTE: a followup post suggests that this is not an issue in the daemon.
1319 CVE-2001-1489 DoS 2001-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
1320 CVE-2001-1490 DoS 2001-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
1321 CVE-2001-1491 DoS 2001-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
1322 CVE-2001-1499 2001-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks.
1323 CVE-2001-1501 DoS 2001-12-31 2008-09-10
5.0
None Remote Low Not required None None Partial
The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.
1324 CVE-2001-1505 2001-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets.
1325 CVE-2001-1510 2001-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
1326 CVE-2001-1511 2001-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570".
1327 CVE-2001-1515 2001-12-31 2019-04-30
5.0
None Remote Low Not required Partial None None
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
1328 CVE-2001-1525 Dir. Trav. 2001-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter.
1329 CVE-2001-1528 2001-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.
1330 CVE-2001-1532 2001-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
WebX stores authentication information in the HTTP_REFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions.
1331 CVE-2001-1533 DoS 2001-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
1332 CVE-2001-1536 XSS +Info 2001-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.
1333 CVE-2001-1537 +Priv +Info 2001-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
1334 CVE-2001-1539 119 DoS Overflow 2001-12-31 2021-07-23
5.0
None Remote Low Not required None None Partial
Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the vendor could not reproduce the problem.
1335 CVE-2001-1540 DoS 2001-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a denial of service via fragmented IP packets that split the TCP header.
1336 CVE-2001-1544 Dir. Trav. 2001-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
1337 CVE-2001-1545 2001-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
1338 CVE-2001-1552 DoS 2001-12-31 2008-09-10
5.0
None Remote Low Not required None None Partial
ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.
1339 CVE-2001-1554 DoS 2001-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets.
1340 CVE-2001-1556 532 2001-12-31 2020-10-14
5.0
None Remote Low Not required None Partial None
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
1341 CVE-2001-1558 DoS 2001-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 allows attackers to cause a denial of service (crash).
1342 CVE-2001-1567 Bypass 2001-12-31 2016-10-18
5.0
None Remote Low Not required Partial None None
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.
1343 CVE-2001-1571 2001-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.
1344 CVE-2001-1575 DoS Overflow 2001-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow.
1345 CVE-2001-1579 DoS 2001-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service.
1346 CVE-2001-1580 Dir. Trav. 2001-12-31 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string.
1347 CVE-1999-1174 Bypass 2001-12-21 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
ZIP drive for Iomega ZIP-100 disks allows attackers with physical access to the drive to bypass password protection by inserting a known disk with a known password, waiting for the ZIP drive to power down, manually replacing the known disk with the target disk, and using the known password to access the target disk.
1348 CVE-2000-0313 2001-03-12 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.
1349 CVE-2000-0351 2001-03-12 2011-03-08
4.6
None Local Low Not required Partial Partial Partial
Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages.
1350 CVE-2000-1081 DoS Exec Code 2001-01-09 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 (This Page)28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.