| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1451 |
CVE-2001-1342 |
|
|
DoS |
2001-05-12 |
2021-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer. |
|
1452 |
CVE-2001-1343 |
|
|
Exec Code |
2001-06-12 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter. |
|
1453 |
CVE-2001-1344 |
|
|
Bypass |
2001-06-12 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot). |
|
1454 |
CVE-2001-1345 |
|
|
+Priv |
2001-06-05 |
2017-10-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a Trojan horse program. |
|
1455 |
CVE-2001-1346 |
|
|
|
2001-05-18 |
2021-04-07 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp. |
|
1456 |
CVE-2001-1347 |
|
|
DoS +Priv |
2001-05-24 |
2019-04-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes. |
|
1457 |
CVE-2001-1348 |
|
|
Sql |
2001-05-28 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter. |
|
1458 |
CVE-2001-1349 |
|
|
DoS +Priv |
2001-05-28 |
2008-09-05 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers. |
|
1459 |
CVE-2001-1350 |
|
|
XSS |
2001-11-25 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter. |
|
1460 |
CVE-2001-1351 |
|
|
XSS |
2001-12-25 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers. |
|
1461 |
CVE-2001-1352 |
|
|
XSS |
2001-12-27 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter. |
|
1462 |
CVE-2001-1353 |
|
|
|
2001-09-18 |
2016-10-18 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled. |
|
1463 |
CVE-2001-1354 |
|
|
|
2001-07-20 |
2017-12-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password. |
|
1464 |
CVE-2001-1355 |
|
|
Exec Code Overflow |
2001-07-20 |
2017-12-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command. |
|
1465 |
CVE-2001-1356 |
|
|
|
2001-08-04 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021. |
|
1466 |
CVE-2001-1357 |
|
|
|
2001-02-07 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables. |
|
1467 |
CVE-2001-1358 |
|
|
+Priv |
2001-02-07 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter. |
|
1468 |
CVE-2001-1359 |
|
|
|
2001-06-08 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server. |
|
1469 |
CVE-2001-1360 |
|
|
|
2001-07-19 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned. |
|
1470 |
CVE-2001-1361 |
|
|
|
2001-07-19 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links. |
|
1471 |
CVE-2001-1362 |
|
|
|
2001-07-19 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in the server for nPULSE before 0.53p4. |
|
1472 |
CVE-2001-1363 |
|
|
+Priv |
2001-07-19 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges. |
|
1473 |
CVE-2001-1364 |
|
|
|
2001-07-19 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified. |
|
1474 |
CVE-2001-1365 |
|
|
|
2001-07-19 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in IntraGnat before 1.4. |
|
1475 |
CVE-2001-1366 |
|
|
+Info |
2001-07-19 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
netscript before 1.6.3 parses dynamic variables, which could allow remote attackers to alter program behavior or obtain sensitive information. |
|
1476 |
CVE-2001-1367 |
|
|
+Priv |
2001-07-19 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges. |
|
1477 |
CVE-2001-1368 |
|
|
|
2001-06-11 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Vulnerability in iPlanet Web Server 4 included in Virtualvault Operating System (VVOS) 4.0 running HP-UX 11.04 could allow attackers to corrupt data. |
|
1478 |
CVE-2001-1369 |
|
|
Exec Code Bypass |
2001-09-10 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields. |
|
1479 |
CVE-2001-1370 |
|
|
Exec Code |
2001-07-21 |
2016-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib. |
|
1480 |
CVE-2001-1373 |
|
|
|
2001-07-18 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments. |
|
1481 |
CVE-2001-1374 |
|
|
+Priv |
2001-07-19 |
2017-10-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. |
|
1482 |
CVE-2001-1375 |
|
|
Exec Code |
2001-07-19 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory. |
|
1483 |
CVE-2001-1378 |
59 |
|
|
2001-09-06 |
2011-02-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files. |
|
1484 |
CVE-2001-1379 |
|
|
Sql Bypass |
2001-08-29 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name. |
|
1485 |
CVE-2001-1380 |
|
|
|
2001-10-18 |
2018-05-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses. |
|
1486 |
CVE-2001-1382 |
|
|
|
2001-09-27 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used. |
|
1487 |
CVE-2001-1383 |
|
|
|
2001-09-26 |
2008-09-10 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files. |
|
1488 |
CVE-2001-1384 |
|
|
+Priv |
2001-10-18 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp. |
|
1489 |
CVE-2001-1385 |
|
|
|
2001-01-12 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. |
|
1490 |
CVE-2001-1386 |
|
|
Bypass |
2001-07-01 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension. |
|
1491 |
CVE-2001-1387 |
200 |
|
+Info |
2001-11-05 |
2021-02-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak. |
|
1492 |
CVE-2001-1388 |
770 |
|
|
2001-11-05 |
2021-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator. |
|
1493 |
CVE-2001-1389 |
|
|
DoS Exec Code Overflow |
2001-08-29 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination. |
|
1494 |
CVE-2001-1390 |
|
|
|
2001-04-17 |
2016-12-08 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages. |
|
1495 |
CVE-2001-1391 |
|
|
|
2001-04-17 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory. |
|
1496 |
CVE-2001-1392 |
|
|
|
2001-04-17 |
2016-12-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers. |
|
1497 |
CVE-2001-1393 |
|
|
DoS |
2001-04-17 |
2016-12-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang). |
|
1498 |
CVE-2001-1394 |
|
|
DoS |
2001-04-17 |
2016-12-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service. |
|
1499 |
CVE-2001-1395 |
|
|
|
2001-04-17 |
2016-12-08 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact. |
|
1500 |
CVE-2001-1396 |
|
|
|
2001-04-17 |
2016-12-08 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact. |
