CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1551 CVE-2000-1163 Exec Code 2001-01-09 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.
1552 CVE-2000-1162 2001-01-09 2017-10-10
3.7
None Local High Not required Partial Partial Partial
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.
1553 CVE-2000-1161 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.
1554 CVE-2000-1160 DoS 2001-01-09 2008-09-05
5.0
None Remote Low Not required None None Partial
NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large number of login requests.
1555 CVE-2000-1159 +Priv 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
NAI Sniffer Agent allows remote attackers to gain privileges on the agent by sniffing the initial UDP authentication packets and spoofing commands.
1556 CVE-2000-1158 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords.
1557 CVE-2000-1157 Exec Code Overflow 2001-01-09 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in NAI Sniffer Agent allows remote attackers to execute arbitrary commands via a long SNMP community name.
1558 CVE-2000-1156 2001-01-09 2017-12-19
3.6
None Local Low Not required Partial Partial None
StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.
1559 CVE-2000-1155 DoS 2001-01-09 2008-09-10
5.0
None Remote Low Not required None None Partial
RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request.
1560 CVE-2000-1154 DoS 2001-01-09 2008-09-10
5.0
None Remote Low Not required None None Partial
RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request.
1561 CVE-2000-1153 DoS 2001-01-09 2008-09-10
5.0
None Remote Low Not required None None Partial
PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
1562 CVE-2000-1152 DoS 2001-01-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
1563 CVE-2000-1151 DoS 2001-01-09 2008-09-10
5.0
None Remote Low Not required None None Partial
Baxter IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
1564 CVE-2000-1150 DoS 2001-01-09 2008-09-10
5.0
None Remote Low Not required None None Partial
Felix IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
1565 CVE-2000-1149 Exec Code Overflow 2001-01-09 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.
1566 CVE-2000-1148 +Priv 2001-01-09 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server.
1567 CVE-2000-1147 Exec Code Overflow 2001-01-09 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag.
1568 CVE-2000-1146 DoS 2001-01-09 2017-10-10
2.1
None Local Low Not required None None Partial
Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.
1569 CVE-2000-1145 2001-01-09 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or fsdb to read /dev/mem and raw disk devices to identify ManTrap processes or modify arbitrary data files.
1570 CVE-2000-1144 2001-01-09 2017-10-10
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.
1571 CVE-2000-1143 2001-01-09 2017-10-10
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.
1572 CVE-2000-1142 Exec Code 2001-01-09 2017-10-10
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system.
1573 CVE-2000-1141 2001-01-09 2017-10-10
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.
1574 CVE-2000-1140 2001-01-09 2017-10-10
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem.
1575 CVE-2000-1139 798 +Priv 2001-01-09 2020-04-02
7.5
None Remote Low Not required Partial Partial Partial
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
1576 CVE-2000-1138 2001-01-09 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected.
1577 CVE-2000-1137 2001-01-09 2018-05-03
4.6
None Local Low Not required Partial Partial Partial
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
1578 CVE-2000-1136 2001-01-09 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack.
1579 CVE-2000-1135 2001-01-09 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.
1580 CVE-2000-1134 2001-01-09 2017-10-19
7.2
None Local Low Not required Complete Complete Complete
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
1581 CVE-2000-1133 Bypass 2001-01-09 2016-10-18
5.0
None Remote Low Not required Partial None None
Authentix Authentix100 allows remote attackers to bypass authentication by inserting a . (dot) into the URL for a protected directory.
1582 CVE-2000-1132 2001-01-09 2017-10-10
6.4
None Remote Low Not required Partial None Partial
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
1583 CVE-2000-1131 Exec Code 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable.
1584 CVE-2000-1130 Bypass 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment.
1585 CVE-2000-1129 DoS 2001-01-09 2008-09-05
5.0
None Remote Low Not required None None Partial
McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field.
1586 CVE-2000-1128 2001-01-09 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.
1587 CVE-2000-1127 2001-01-09 2008-09-05
3.6
None Local Low Not required Partial Partial None
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable.
1588 CVE-2000-1126 DoS Exec Code 2001-01-09 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service.
1589 CVE-2000-1125 2001-01-09 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
1590 CVE-2000-1124 Overflow +Priv 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.
1591 CVE-2000-1123 Exec Code Overflow 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.
1592 CVE-2000-1122 Exec Code Overflow 2001-01-09 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.
1593 CVE-2000-1121 Exec Code Overflow 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.
1594 CVE-2000-1120 Exec Code Overflow 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.
1595 CVE-2000-1119 Exec Code Overflow 2001-01-09 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.
1596 CVE-2000-1118 Bypass 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request.
1597 CVE-2000-1117 2001-01-09 2008-09-10
5.0
None Remote Low Not required Partial None None
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
1598 CVE-2000-1116 DoS Exec Code Overflow 2001-01-09 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long command.
1599 CVE-2000-1115 DoS Exec Code Overflow 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
1600 CVE-2000-1114 2001-01-09 2008-09-05
5.0
None Remote Low Not required Partial None None
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 (This Page)33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.