CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2001-1429 DoS Exec Code Overflow 2001-11-12 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file.
152 CVE-2001-1428 2001-05-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped with a default password, which allows remote attackers to gain unauthorized access.
153 CVE-2001-1427 2001-07-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.
154 CVE-2001-1426 2001-04-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations.
155 CVE-2001-1425 +Priv 2001-04-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login.
156 CVE-2001-1424 2001-04-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.
157 CVE-2001-1423 +Priv 2001-10-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter.
158 CVE-2001-1422 Bypass 2001-01-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
159 CVE-2001-1421 DoS 2001-10-06 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag.
160 CVE-2001-1419 DoS 2001-10-02 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
161 CVE-2001-1418 DoS 2001-10-06 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file.
162 CVE-2001-1417 DoS 2001-10-06 2017-07-11
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data.
163 CVE-2001-1416 XSS 2001-01-18 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags.
164 CVE-2001-1415 2001-11-13 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.
165 CVE-2001-1414 2001-10-09 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.
166 CVE-2001-1408 Dir. Trav. 2001-07-05 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.
167 CVE-2001-1407 Bypass 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
168 CVE-2001-1406 2001-09-10 2016-10-18
2.1
None Local Low Not required Partial None None
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
169 CVE-2001-1405 DoS 2001-09-10 2016-10-18
2.1
None Local Low Not required None None Partial
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
170 CVE-2001-1404 +Priv 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.
171 CVE-2001-1403 +Priv 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
172 CVE-2001-1402 Sql XSS 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.
173 CVE-2001-1401 Bypass 2001-09-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
174 CVE-2001-1400 DoS 2001-04-17 2016-12-08
2.1
None Local Low Not required None None Partial
Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).
175 CVE-2001-1399 2001-04-17 2016-12-08
2.1
None Local Low Not required None Partial None
Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."
176 CVE-2001-1398 2001-04-17 2016-12-08
7.5
None Remote Low Not required Partial Partial Partial
Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.
177 CVE-2001-1397 2001-04-17 2016-12-08
2.1
None Local Low Not required None Partial None
The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.
178 CVE-2001-1396 2001-04-17 2016-12-08
3.6
None Local Low Not required Partial Partial None
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.
179 CVE-2001-1395 2001-04-17 2016-12-08
3.6
None Local Low Not required Partial Partial None
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.
180 CVE-2001-1394 DoS 2001-04-17 2016-12-08
2.1
None Local Low Not required None None Partial
Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.
181 CVE-2001-1393 DoS 2001-04-17 2016-12-08
2.1
None Local Low Not required None None Partial
Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).
182 CVE-2001-1392 2001-04-17 2016-12-08
2.1
None Local Low Not required None None Partial
The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.
183 CVE-2001-1391 2001-04-17 2017-10-10
2.1
None Local Low Not required None Partial None
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.
184 CVE-2001-1390 2001-04-17 2016-12-08
6.2
None Local High Not required Complete Complete Complete
Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.
185 CVE-2001-1389 DoS Exec Code Overflow 2001-08-29 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination.
186 CVE-2001-1388 770 2001-11-05 2021-02-02
5.0
None Remote Low Not required None None Partial
iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator.
187 CVE-2001-1387 200 +Info 2001-11-05 2021-02-02
2.1
None Local Low Not required Partial None None
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.
188 CVE-2001-1386 Bypass 2001-07-01 2017-10-10
5.0
None Remote Low Not required Partial None None
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.
189 CVE-2001-1385 2001-01-12 2016-10-18
5.0
None Remote Low Not required Partial None None
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
190 CVE-2001-1384 +Priv 2001-10-18 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.
191 CVE-2001-1383 2001-09-26 2008-09-10
6.2
None Local High Not required Complete Complete Complete
initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.
192 CVE-2001-1382 2001-09-27 2008-09-05
5.0
None Remote Low Not required Partial None None
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
193 CVE-2001-1380 2001-10-18 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
194 CVE-2001-1379 Sql Bypass 2001-08-29 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.
195 CVE-2001-1378 59 2001-09-06 2011-02-16
2.1
None Local Low Not required None Partial None
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
196 CVE-2001-1375 Exec Code 2001-07-19 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory.
197 CVE-2001-1374 +Priv 2001-07-19 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
198 CVE-2001-1373 2001-07-18 2017-10-10
5.0
None Remote Low Not required None Partial None
MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments.
199 CVE-2001-1370 Exec Code 2001-07-21 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
200 CVE-2001-1369 Exec Code Bypass 2001-09-10 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.