CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1551 CVE-2001-1454 Exec Code Overflow 2001-02-09 2019-10-07
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.
1552 CVE-2001-1455 Bypass 2001-08-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
1553 CVE-2001-1456 119 Exec Code Overflow 2001-09-04 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message.
1554 CVE-2001-1458 Dir. Trav. 2001-10-15 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.
1555 CVE-2001-1459 Exec Code Bypass 2001-06-19 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
1556 CVE-2001-1460 Sql Bypass 2001-10-13 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.
1557 CVE-2001-1461 Dir. Trav. 2001-10-22 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences.
1558 CVE-2001-1462 +Info 2001-10-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information.
1559 CVE-2001-1463 310 2001-11-19 2020-07-28
7.5
None Remote Low Not required Partial Partial Partial
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
1560 CVE-2001-1464 2001-01-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.
1561 CVE-2001-1466 Exec Code Overflow 2001-12-30 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
1562 CVE-2001-1467 2001-04-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.
1563 CVE-2001-1468 Exec Code File Inclusion 2001-02-07 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code.
1564 CVE-2001-1469 2001-01-18 2017-07-11
5.0
None Remote Low Not required None Partial None
The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check (CRC) with the CRC of a mask consisting of all the bits of the original message that were modified.
1565 CVE-2001-1470 2001-01-18 2017-07-11
5.0
None Remote Low Not required None Partial None
The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message.
1566 CVE-2001-1471 Exec Code 2001-07-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
1567 CVE-2001-1472 Exec Code Sql 2001-08-03 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
1568 CVE-2001-1473 310 2001-01-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
1569 CVE-2001-1474 2001-01-18 2017-07-11
5.0
None Remote Low Not required None Partial None
SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache.
1570 CVE-2001-1475 2001-01-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated.
1571 CVE-2001-1476 2001-01-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not.
1572 CVE-2001-1477 2001-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.
1573 CVE-2001-1478 Exec Code Overflow 2001-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0.0 allows local users to execute arbitrary code.
1574 CVE-2001-1479 2001-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT.
1575 CVE-2001-1480 2001-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.
1576 CVE-2001-1481 +Priv 2001-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
1577 CVE-2001-1482 Sql 2001-12-31 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.
1578 CVE-2001-1483 2001-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.
1579 CVE-2001-1484 2001-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication.
1580 CVE-2001-1487 Exec Code 2001-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option.
1581 CVE-2001-1488 2001-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet. NOTE: a followup post suggests that this is not an issue in the daemon.
1582 CVE-2001-1489 DoS 2001-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
1583 CVE-2001-1490 DoS 2001-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
1584 CVE-2001-1491 DoS 2001-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
1585 CVE-2001-1494 Exec Code 2001-12-31 2017-10-11
2.1
None Local Low Not required None Partial None
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
1586 CVE-2001-1495 Exec Code 2001-12-31 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
network_query.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter.
1587 CVE-2001-1496 DoS Exec Code Overflow 2001-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
1588 CVE-2001-1497 2001-12-31 2021-07-23
2.1
None Local Low Not required Partial None None
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
1589 CVE-2001-1498 Exec Code Overflow 2001-12-31 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary commands via a long script.
1590 CVE-2001-1499 2001-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks.
1591 CVE-2001-1500 Bypass 2001-12-31 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
1592 CVE-2001-1501 DoS 2001-12-31 2008-09-10
5.0
None Remote Low Not required None None Partial
The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.
1593 CVE-2001-1502 Exec Code 2001-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the NEXTPAGE parameter.
1594 CVE-2001-1503 2001-12-31 2018-10-30
2.1
None Local Low Not required Partial None None
The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.
1595 CVE-2001-1504 Exec Code 2001-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message.
1596 CVE-2001-1505 2001-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets.
1597 CVE-2001-1506 2001-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.
1598 CVE-2001-1507 2001-12-31 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
1599 CVE-2001-1508 Exec Code Overflow 2001-12-31 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument.
1600 CVE-2001-1509 +Priv 2001-12-31 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 (This Page)33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.