CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1351 CVE-2001-1239 DoS 2001-06-29 2008-09-10
5.0
None Remote Low Not required None None Partial
PowerNet IX allows remote attackers to cause a denial of service via a port scan.
1352 CVE-2001-1240 2001-07-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
1353 CVE-2001-1241 Exec Code 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
1354 CVE-2001-1242 Exec Code Dir. Trav. 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
1355 CVE-2001-1243 DoS 2001-07-04 2018-10-30
5.0
None Remote Low Not required None None Partial
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
1356 CVE-2001-1244 DoS 2001-07-07 2018-10-30
5.0
None Remote Low Not required None None Partial
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
1357 CVE-2001-1245 DoS 2001-07-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
1358 CVE-2001-1246 Exec Code 2001-06-30 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
1359 CVE-2001-1247 264 2001-12-06 2012-06-25
6.4
None Remote Low Not required Partial Partial None
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
1360 CVE-2001-1248 2001-06-29 2008-09-10
5.0
None Remote Low Not required Partial None None
vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).
1361 CVE-2001-1249 DoS 2001-06-29 2008-09-10
5.0
None Remote Low Not required None None Partial
vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.
1362 CVE-2001-1250 DoS Overflow 2001-06-29 2008-09-10
5.0
None Remote Low Not required None None Partial
vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow.
1363 CVE-2001-1251 DoS 2001-06-29 2008-09-10
5.0
None Remote Low Not required None None Partial
SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests.
1364 CVE-2001-1252 Bypass 2001-09-28 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
1365 CVE-2001-1253 2001-09-27 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users.
1366 CVE-2001-1254 2001-09-27 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.
1367 CVE-2001-1255 2001-10-02 2019-10-07
4.6
None Local Low Not required Partial Partial Partial
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
1368 CVE-2001-1256 2001-06-11 2017-12-19
1.2
None Local High Not required None Partial None
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
1369 CVE-2001-1257 XSS 2001-07-21 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
1370 CVE-2001-1258 2001-07-21 2011-03-08
3.6
None Local Low Not required Partial Partial None
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
1371 CVE-2001-1259 DoS 2001-08-07 2008-09-05
5.0
None Remote Low Not required None None Partial
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.
1372 CVE-2001-1260 +Priv 2001-08-07 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
1373 CVE-2001-1261 2001-08-07 2008-09-05
5.0
None Remote Low Not required None Partial None
Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.
1374 CVE-2001-1262 Bypass 2001-08-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.
1375 CVE-2001-1263 DoS Overflow 2001-06-06 2017-12-19
5.0
None Remote Low Not required None None Partial
telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers to cause a denial of service (crash) via a large number of characters to port 23, possibly due to a buffer overflow.
1376 CVE-2001-1264 2001-07-19 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
1377 CVE-2001-1265 Dir. Trav. 2001-07-20 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack.
1378 CVE-2001-1266 Dir. Trav. 2001-07-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'.
1379 CVE-2001-1267 Dir. Trav. 2001-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
1380 CVE-2001-1268 Dir. Trav. 2001-07-12 2010-05-25
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
1381 CVE-2001-1269 2001-07-12 2010-05-25
2.1
None Local Low Not required None Partial None
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
1382 CVE-2001-1270 Dir. Trav. 2001-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files.
1383 CVE-2001-1271 Dir. Trav. 2001-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.
1384 CVE-2001-1272 Exec Code 2001-12-06 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.
1385 CVE-2001-1273 DoS 2001-02-12 2008-09-05
2.1
None Local Low Not required None None Partial
The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).
1386 CVE-2001-1274 DoS Overflow +Priv 2001-01-23 2019-10-07
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
1387 CVE-2001-1275 +Priv 2001-01-19 2019-10-07
7.2
None Local Low Not required Complete Complete Complete
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
1388 CVE-2001-1276 2001-06-21 2016-10-18
1.2
None Local High Not required None Partial None
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.
1389 CVE-2001-1277 2001-06-11 2016-10-18
2.1
None Local Low Not required None Partial None
makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.
1390 CVE-2001-1278 Bypass 2001-10-10 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
1391 CVE-2001-1279 DoS Exec Code Overflow 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.
1392 CVE-2001-1280 2001-10-12 2008-09-10
5.0
None Remote Low Not required Partial None None
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.
1393 CVE-2001-1281 2001-10-12 2008-09-10
5.0
None Remote Low Not required None Partial None
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.
1394 CVE-2001-1282 +Info 2001-10-12 2008-09-10
5.0
None Remote Low Not required Partial None None
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
1395 CVE-2001-1283 DoS Exec Code Overflow 2001-10-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.
1396 CVE-2001-1284 2001-10-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
1397 CVE-2001-1285 Dir. Trav. 2001-10-12 2008-09-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
1398 CVE-2001-1286 2001-10-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
1399 CVE-2001-1287 Exec Code Overflow 2001-10-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
1400 CVE-2001-1288 DoS 2001-07-27 2019-04-30
2.1
None Local Low Not required None None Partial
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 (This Page)29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.