CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1501 CVE-2001-1397 2001-04-17 2016-12-08
2.1
None Local Low Not required None Partial None
The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.
1502 CVE-2001-1398 2001-04-17 2016-12-08
7.5
None Remote Low Not required Partial Partial Partial
Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.
1503 CVE-2001-1399 2001-04-17 2016-12-08
2.1
None Local Low Not required None Partial None
Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."
1504 CVE-2001-1400 DoS 2001-04-17 2016-12-08
2.1
None Local Low Not required None None Partial
Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).
1505 CVE-2001-1401 Bypass 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
1506 CVE-2001-1402 Sql XSS 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.
1507 CVE-2001-1403 +Priv 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
1508 CVE-2001-1404 +Priv 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.
1509 CVE-2001-1405 DoS 2001-09-10 2016-10-18
2.1
None Local Low Not required None None Partial
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
1510 CVE-2001-1406 2001-09-10 2016-10-18
2.1
None Local Low Not required Partial None None
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
1511 CVE-2001-1407 Bypass 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
1512 CVE-2001-1408 Dir. Trav. 2001-07-05 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.
1513 CVE-2001-1414 2001-10-09 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.
1514 CVE-2001-1415 2001-11-13 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.
1515 CVE-2001-1416 XSS 2001-01-18 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags.
1516 CVE-2001-1417 DoS 2001-10-06 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data.
1517 CVE-2001-1418 DoS 2001-10-06 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file.
1518 CVE-2001-1419 DoS 2001-10-02 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
1519 CVE-2001-1421 DoS 2001-10-06 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag.
1520 CVE-2001-1422 Bypass 2001-01-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
1521 CVE-2001-1423 +Priv 2001-10-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter.
1522 CVE-2001-1424 2001-04-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.
1523 CVE-2001-1425 +Priv 2001-04-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login.
1524 CVE-2001-1426 2001-04-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations.
1525 CVE-2001-1427 2001-07-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.
1526 CVE-2001-1428 2001-05-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped with a default password, which allows remote attackers to gain unauthorized access.
1527 CVE-2001-1429 DoS Exec Code Overflow 2001-11-12 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file.
1528 CVE-2001-1430 2001-06-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access.
1529 CVE-2001-1431 2001-10-08 2017-07-11
5.0
None Remote Low Not required Partial None None
Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.
1530 CVE-2001-1432 22 Dir. Trav. 2001-12-29 2017-07-11
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
1531 CVE-2001-1433 +Priv 2001-12-29 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.
1532 CVE-2001-1434 2001-02-28 2017-07-11
5.0
None Remote Low Not required Partial None None
Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.
1533 CVE-2001-1435 DoS 2001-02-23 2017-07-11
5.0
None Remote Low Not required None None Partial
inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of service (network connection loss) by causing one of the services handled by inetd to core dump during startup, which causes inetd to stop accepting connections to all of its services.
1534 CVE-2001-1436 2001-01-18 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device password.
1535 CVE-2001-1437 2001-12-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out.
1536 CVE-2001-1438 DoS 2001-10-22 2017-07-11
5.0
None Remote Low Not required None None Partial
Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image.
1537 CVE-2001-1439 DoS Overflow 2001-02-16 2017-07-11
2.1
None Local Low Not required None None Partial
Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit.
1538 CVE-2001-1440 2001-12-21 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system.
1539 CVE-2001-1441 XSS 2001-07-02 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.
1540 CVE-2001-1442 Overflow +Priv 2001-04-21 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
1541 CVE-2001-1443 2001-08-27 2017-07-11
5.0
None Remote Low Not required Partial None None
KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.
1542 CVE-2001-1444 2001-08-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.
1543 CVE-2001-1445 Bypass 2001-03-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in "RCPT TO" commands.
1544 CVE-2001-1446 2001-09-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.
1545 CVE-2001-1447 +Priv 2001-10-17 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.
1546 CVE-2001-1448 Exec Code 2001-12-17 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts.
1547 CVE-2001-1449 2001-11-28 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
1548 CVE-2001-1450 DoS 2001-05-11 2021-07-23
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".
1549 CVE-2001-1452 2001-08-31 2019-04-30
5.0
None Remote Low Not required None Partial None
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
1550 CVE-2001-1453 Exec Code Overflow 2001-02-09 2019-10-07
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 (This Page)32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.