CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1351 CVE-2001-0161 2001-01-01 2008-09-05
5.0
None Remote Low Not required Partial None None
Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks.
1352 CVE-2001-0160 2001-01-01 2008-09-05
5.0
None Remote Low Not required Partial None None
Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector (IV) values for the Wireless Encryption Protocol (WEP) which allows remote attackers to quickly compile information that will let them decrypt messages.
1353 CVE-2001-0157 Bypass 2001-06-02 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled.
1354 CVE-2001-0156 2001-06-02 2017-10-10
2.1
None Local Low Not required None Partial None
VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems.
1355 CVE-2001-0155 Exec Code 2001-06-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers.
1356 CVE-2001-0154 2001-05-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
1357 CVE-2001-0153 119 Exec Code Overflow 2001-05-03 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands.
1358 CVE-2001-0152 2001-05-03 2018-10-12
2.1
None Local Low Not required Partial None None
The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.
1359 CVE-2001-0151 DoS 2001-06-02 2018-10-30
5.0
None Remote Low Not required None None Partial
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.
1360 CVE-2001-0150 Exec Code 2001-06-02 2021-07-23
5.1
None Remote High Not required Partial Partial Partial
Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.
1361 CVE-2001-0149 2001-06-02 2021-07-23
5.0
None Remote Low Not required Partial None None
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.
1362 CVE-2001-0148 Exec Code 2001-06-02 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.
1363 CVE-2001-0147 Exec Code Overflow 2001-05-03 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.
1364 CVE-2001-0146 DoS 2001-06-02 2020-04-02
5.0
None Remote Low Not required None None Partial
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
1365 CVE-2001-0145 Exec Code Overflow 2001-05-03 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.
1366 CVE-2001-0144 Exec Code Overflow 2001-03-12 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
1367 CVE-2001-0143 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
1368 CVE-2001-0142 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
1369 CVE-2001-0141 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
1370 CVE-2001-0140 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
1371 CVE-2001-0139 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
1372 CVE-2001-0138 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
1373 CVE-2001-0137 Exec Code 2001-03-12 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.
1374 CVE-2001-0136 399 DoS 2001-03-12 2018-02-07
5.0
None Remote Low Not required None None Partial
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
1375 CVE-2001-0135 2001-03-12 2016-10-18
2.1
None Local Low Not required None Partial None
The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs.
1376 CVE-2001-0134 Exec Code Overflow 2001-03-12 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.
1377 CVE-2001-0133 2001-03-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.
1378 CVE-2001-0132 2001-03-12 2008-09-05
1.2
None Local High Not required None Partial None
Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack.
1379 CVE-2001-0131 59 2001-03-12 2020-10-09
3.3
None Local Medium Not required None Partial Partial
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
1380 CVE-2001-0130 DoS Exec Code Overflow 2001-03-12 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier.
1381 CVE-2001-0129 DoS Exec Code Overflow 2001-03-12 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request.
1382 CVE-2001-0128 +Priv Bypass 2001-03-12 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
1383 CVE-2001-0127 DoS Exec Code Overflow 2001-03-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag.
1384 CVE-2001-0126 Exec Code 2001-03-12 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.
1385 CVE-2001-0125 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.
1386 CVE-2001-0124 Overflow +Priv 2001-03-12 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument.
1387 CVE-2001-0123 Dir. Trav. 2001-03-12 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter.
1388 CVE-2001-0122 DoS 2001-03-13 2017-10-10
5.0
None Remote Low Not required None None Partial
Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error.
1389 CVE-2001-0121 DoS 2001-03-12 2017-10-10
5.0
None Remote Low Not required None None Partial
ImageCast Control Center 4.1.0 allows remote attackers to cause a denial of service (resource exhaustion or system crash) via a long string to port 12002.
1390 CVE-2001-0120 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.
1391 CVE-2001-0119 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.
1392 CVE-2001-0118 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.
1393 CVE-2001-0117 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.
1394 CVE-2001-0116 2001-03-12 2017-10-10
1.2
None Local High Not required None Partial None
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.
1395 CVE-2001-0115 Exec Code Overflow 2001-03-12 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.
1396 CVE-2001-0114 2001-03-12 2008-09-05
5.0
None Remote Low Not required None Partial None
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter.
1397 CVE-2001-0113 Exec Code 2001-03-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script.
1398 CVE-2001-0112 Exec Code Overflow 2001-03-12 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands.
1399 CVE-2001-0111 Exec Code 2001-03-12 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument.
1400 CVE-2001-0110 Overflow +Priv 2001-03-12 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 (This Page)29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.