CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2001-1482 Sql 2001-12-31 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.
102 CVE-2001-1481 +Priv 2001-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
103 CVE-2001-1480 2001-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.
104 CVE-2001-1479 2001-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT.
105 CVE-2001-1478 Exec Code Overflow 2001-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0.0 allows local users to execute arbitrary code.
106 CVE-2001-1477 2001-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.
107 CVE-2001-1476 2001-01-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not.
108 CVE-2001-1475 2001-01-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated.
109 CVE-2001-1474 2001-01-18 2017-07-11
5.0
None Remote Low Not required None Partial None
SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache.
110 CVE-2001-1473 310 2001-01-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
111 CVE-2001-1472 Exec Code Sql 2001-08-03 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
112 CVE-2001-1471 Exec Code 2001-07-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
113 CVE-2001-1470 2001-01-18 2017-07-11
5.0
None Remote Low Not required None Partial None
The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message.
114 CVE-2001-1469 2001-01-18 2017-07-11
5.0
None Remote Low Not required None Partial None
The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check (CRC) with the CRC of a mask consisting of all the bits of the original message that were modified.
115 CVE-2001-1468 Exec Code File Inclusion 2001-02-07 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code.
116 CVE-2001-1467 2001-04-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.
117 CVE-2001-1466 Exec Code Overflow 2001-12-30 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
118 CVE-2001-1464 2001-01-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.
119 CVE-2001-1463 310 2001-11-19 2020-07-28
7.5
None Remote Low Not required Partial Partial Partial
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
120 CVE-2001-1462 +Info 2001-10-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information.
121 CVE-2001-1461 Dir. Trav. 2001-10-22 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences.
122 CVE-2001-1460 Sql Bypass 2001-10-13 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.
123 CVE-2001-1459 Exec Code Bypass 2001-06-19 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
124 CVE-2001-1458 Dir. Trav. 2001-10-15 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.
125 CVE-2001-1456 119 Exec Code Overflow 2001-09-04 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message.
126 CVE-2001-1455 Bypass 2001-08-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
127 CVE-2001-1454 Exec Code Overflow 2001-02-09 2019-10-07
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.
128 CVE-2001-1453 Exec Code Overflow 2001-02-09 2019-10-07
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.
129 CVE-2001-1452 2001-08-31 2019-04-30
5.0
None Remote Low Not required None Partial None
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
130 CVE-2001-1450 DoS 2001-05-11 2021-07-23
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".
131 CVE-2001-1449 2001-11-28 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
132 CVE-2001-1448 Exec Code 2001-12-17 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts.
133 CVE-2001-1447 +Priv 2001-10-17 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.
134 CVE-2001-1446 2001-09-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.
135 CVE-2001-1445 Bypass 2001-03-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in "RCPT TO" commands.
136 CVE-2001-1444 2001-08-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.
137 CVE-2001-1443 2001-08-27 2017-07-11
5.0
None Remote Low Not required Partial None None
KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.
138 CVE-2001-1442 Overflow +Priv 2001-04-21 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
139 CVE-2001-1441 XSS 2001-07-02 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.
140 CVE-2001-1440 2001-12-21 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system.
141 CVE-2001-1439 DoS Overflow 2001-02-16 2017-07-11
2.1
None Local Low Not required None None Partial
Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit.
142 CVE-2001-1438 DoS 2001-10-22 2017-07-11
5.0
None Remote Low Not required None None Partial
Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image.
143 CVE-2001-1437 2001-12-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out.
144 CVE-2001-1436 2001-01-18 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device password.
145 CVE-2001-1435 DoS 2001-02-23 2017-07-11
5.0
None Remote Low Not required None None Partial
inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of service (network connection loss) by causing one of the services handled by inetd to core dump during startup, which causes inetd to stop accepting connections to all of its services.
146 CVE-2001-1434 2001-02-28 2017-07-11
5.0
None Remote Low Not required Partial None None
Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.
147 CVE-2001-1433 +Priv 2001-12-29 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.
148 CVE-2001-1432 22 Dir. Trav. 2001-12-29 2017-07-11
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
149 CVE-2001-1431 2001-10-08 2017-07-11
5.0
None Remote Low Not required Partial None None
Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.
150 CVE-2001-1430 2001-06-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access.
Total number of vulnerabilities : 1677   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.