CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001 (CVSS score >= 3)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2001-1461 Dir. Trav. 2001-10-22 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences.
102 CVE-2001-1460 Sql Bypass 2001-10-13 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.
103 CVE-2001-1459 Exec Code Bypass 2001-06-19 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
104 CVE-2001-1458 Dir. Trav. 2001-10-15 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.
105 CVE-2001-1456 119 Exec Code Overflow 2001-09-04 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message.
106 CVE-2001-1455 Bypass 2001-08-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
107 CVE-2001-1454 Exec Code Overflow 2001-02-09 2019-10-07
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.
108 CVE-2001-1453 Exec Code Overflow 2001-02-09 2019-10-07
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.
109 CVE-2001-1452 2001-08-31 2019-04-30
5.0
None Remote Low Not required None Partial None
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
110 CVE-2001-1449 2001-11-28 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
111 CVE-2001-1448 Exec Code 2001-12-17 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts.
112 CVE-2001-1447 +Priv 2001-10-17 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.
113 CVE-2001-1446 2001-09-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.
114 CVE-2001-1445 Bypass 2001-03-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in "RCPT TO" commands.
115 CVE-2001-1444 2001-08-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.
116 CVE-2001-1443 2001-08-27 2017-07-11
5.0
None Remote Low Not required Partial None None
KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.
117 CVE-2001-1442 Overflow +Priv 2001-04-21 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
118 CVE-2001-1441 XSS 2001-07-02 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.
119 CVE-2001-1440 2001-12-21 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system.
120 CVE-2001-1438 DoS 2001-10-22 2017-07-11
5.0
None Remote Low Not required None None Partial
Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image.
121 CVE-2001-1437 2001-12-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out.
122 CVE-2001-1436 2001-01-18 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device password.
123 CVE-2001-1435 DoS 2001-02-23 2017-07-11
5.0
None Remote Low Not required None None Partial
inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of service (network connection loss) by causing one of the services handled by inetd to core dump during startup, which causes inetd to stop accepting connections to all of its services.
124 CVE-2001-1434 2001-02-28 2017-07-11
5.0
None Remote Low Not required Partial None None
Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.
125 CVE-2001-1433 +Priv 2001-12-29 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.
126 CVE-2001-1432 22 Dir. Trav. 2001-12-29 2017-07-11
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
127 CVE-2001-1431 2001-10-08 2017-07-11
5.0
None Remote Low Not required Partial None None
Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.
128 CVE-2001-1430 2001-06-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access.
129 CVE-2001-1429 DoS Exec Code Overflow 2001-11-12 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file.
130 CVE-2001-1428 2001-05-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped with a default password, which allows remote attackers to gain unauthorized access.
131 CVE-2001-1427 2001-07-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.
132 CVE-2001-1426 2001-04-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations.
133 CVE-2001-1425 +Priv 2001-04-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login.
134 CVE-2001-1424 2001-04-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.
135 CVE-2001-1423 +Priv 2001-10-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter.
136 CVE-2001-1422 Bypass 2001-01-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
137 CVE-2001-1421 DoS 2001-10-06 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag.
138 CVE-2001-1419 DoS 2001-10-02 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
139 CVE-2001-1418 DoS 2001-10-06 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file.
140 CVE-2001-1417 DoS 2001-10-06 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data.
141 CVE-2001-1416 XSS 2001-01-18 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags.
142 CVE-2001-1415 2001-11-13 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.
143 CVE-2001-1414 2001-10-09 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.
144 CVE-2001-1408 Dir. Trav. 2001-07-05 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.
145 CVE-2001-1407 Bypass 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
146 CVE-2001-1404 +Priv 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.
147 CVE-2001-1403 +Priv 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
148 CVE-2001-1402 Sql XSS 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.
149 CVE-2001-1401 Bypass 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
150 CVE-2001-1398 2001-04-17 2016-12-08
7.5
None Remote Low Not required Partial Partial Partial
Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.
Total number of vulnerabilities : 1506   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.