CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2001-0009 Dir. Trav. 2001-02-12 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
1502 CVE-2001-0008 2001-02-12 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.
1503 CVE-2001-0007 DoS Overflow 2001-02-12 2017-10-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface.
1504 CVE-2001-0006 DoS 2001-02-12 2018-10-12
2.1
None Local Low Not required None None Partial
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
1505 CVE-2001-0005 Exec Code Overflow 2001-02-12 2018-10-12
6.2
None Local High Not required Complete Complete Complete
Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
1506 CVE-2001-0004 2001-02-12 2018-10-30
5.0
None Remote Low Not required Partial None None
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
1507 CVE-2001-0003 2001-02-12 2018-10-12
5.0
None Remote Low Not required Partial None None
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
1508 CVE-2001-0002 2001-07-21 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
1509 CVE-2001-0001 Bypass 2001-06-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie.
1510 CVE-2000-1215 +Info 2001-09-19 2017-07-11
5.0
None Remote Low Not required Partial None None
The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information.
1511 CVE-2000-1203 DoS 2001-08-20 2017-10-10
5.0
None Remote Low Not required None None Partial
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
1512 CVE-2000-1202 Exec Code 2001-08-31 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class.
1513 CVE-2000-1201 DoS 2001-08-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.
1514 CVE-2000-1200 +Info 2001-08-31 2017-10-10
5.0
None Remote Low Not required Partial None None
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
1515 CVE-2000-1199 +Priv 2001-08-31 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
1516 CVE-2000-1198 DoS 2001-08-31 2016-10-18
2.1
None Local Low Not required None None Partial
qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.
1517 CVE-2000-1197 DoS 2001-08-31 2016-10-18
2.1
None Local Low Not required None None Partial
POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
1518 CVE-2000-1196 1 2001-08-31 2017-10-10
5.0
None Remote Low Not required Partial None None
PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.
1519 CVE-2000-1195 Bypass 2001-08-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.
1520 CVE-2000-1194 DoS Exec Code 2001-08-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands.
1521 CVE-2000-1193 DoS 2001-08-31 2017-10-10
5.0
None Remote Low Not required None None Partial
Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port.
1522 CVE-2000-1192 DoS Exec Code Overflow 2001-08-31 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string trap.
1523 CVE-2000-1191 209 2001-08-31 2020-12-09
5.0
None Remote Low Not required Partial None None
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
1524 CVE-2000-1190 2001-08-31 2016-10-18
2.1
None Local Low Not required None Partial None
imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.
1525 CVE-2000-1189 Overflow +Priv 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.
1526 CVE-2000-1188 Dir. Trav. 2001-01-09 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Quikstore shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "page" parameter.
1527 CVE-2000-1187 Exec Code Overflow 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
1528 CVE-2000-1186 Exec Code Overflow 2001-01-09 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header.
1529 CVE-2000-1185 DoS 2001-01-09 2008-09-05
5.0
None Remote Low Not required None None Partial
The telnet proxy in RideWay PN proxy server allows remote attackers to cause a denial of service via a flood of connections that contain malformed requests.
1530 CVE-2000-1184 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file.
1531 CVE-2000-1183 Exec Code Overflow 2001-01-09 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request.
1532 CVE-2000-1182 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling.
1533 CVE-2000-1181 +Info 2001-01-09 2017-10-10
5.0
None Remote Low Not required Partial None None
Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.
1534 CVE-2000-1180 Overflow +Priv 2001-01-09 2018-05-03
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument.
1535 CVE-2000-1179 2001-01-09 2017-10-10
5.0
None Remote Low Not required Partial None None
Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
1536 CVE-2000-1178 2001-01-09 2018-05-03
2.1
None Local Low Not required None Partial None
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
1537 CVE-2000-1177 2001-01-09 2008-09-05
5.0
None Remote Low Not required Partial None None
bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother (BB) before 1.5d3 allows remote attackers to determine the existence of files and user ID's by specifying the target file in the HISTFILE parameter.
1538 CVE-2000-1176 Dir. Trav. 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catsearch" form field.
1539 CVE-2000-1175 Exec Code Overflow 2001-01-09 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument.
1540 CVE-2000-1174 Exec Code Overflow 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.
1541 CVE-2000-1173 +Info 2001-01-09 2008-09-05
5.0
None Remote Low Not required Partial None None
Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information.
1542 CVE-2000-1172 DoS Exec Code Overflow 2001-01-09 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to conduct a denial of service and possibly execute arbitrary commands via a long HTML tag.
1543 CVE-2000-1171 Dir. Trav. 2001-01-09 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter.
1544 CVE-2000-1170 Exec Code Overflow 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request.
1545 CVE-2000-1169 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
1546 CVE-2000-1168 DoS Exec Code 2001-01-09 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
1547 CVE-2000-1167 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.
1548 CVE-2000-1166 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.
1549 CVE-2000-1165 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier.
1550 CVE-2000-1164 2001-01-09 2017-10-10
9.0
None Remote Low ??? Complete Complete Complete
WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (This Page)32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.