CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2000-1187 Exec Code Overflow 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
152 CVE-2000-1188 Dir. Trav. 2001-01-09 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Quikstore shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "page" parameter.
153 CVE-2000-1189 Overflow +Priv 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.
154 CVE-2000-1190 2001-08-31 2016-10-18
2.1
None Local Low Not required None Partial None
imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.
155 CVE-2000-1191 209 2001-08-31 2020-12-09
5.0
None Remote Low Not required Partial None None
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
156 CVE-2000-1192 DoS Exec Code Overflow 2001-08-31 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string trap.
157 CVE-2000-1193 DoS 2001-08-31 2017-10-10
5.0
None Remote Low Not required None None Partial
Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port.
158 CVE-2000-1194 DoS Exec Code 2001-08-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands.
159 CVE-2000-1195 Bypass 2001-08-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.
160 CVE-2000-1196 1 2001-08-31 2017-10-10
5.0
None Remote Low Not required Partial None None
PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.
161 CVE-2000-1197 DoS 2001-08-31 2016-10-18
2.1
None Local Low Not required None None Partial
POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
162 CVE-2000-1198 DoS 2001-08-31 2016-10-18
2.1
None Local Low Not required None None Partial
qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.
163 CVE-2000-1199 +Priv 2001-08-31 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
164 CVE-2000-1200 +Info 2001-08-31 2017-10-10
5.0
None Remote Low Not required Partial None None
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
165 CVE-2000-1201 DoS 2001-08-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.
166 CVE-2000-1202 Exec Code 2001-08-31 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class.
167 CVE-2000-1203 DoS 2001-08-20 2017-10-10
5.0
None Remote Low Not required None None Partial
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
168 CVE-2000-1215 +Info 2001-09-19 2017-07-11
5.0
None Remote Low Not required Partial None None
The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information.
169 CVE-2001-0001 Bypass 2001-06-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie.
170 CVE-2001-0002 2001-07-21 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
171 CVE-2001-0003 2001-02-12 2018-10-12
5.0
None Remote Low Not required Partial None None
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
172 CVE-2001-0004 2001-02-12 2018-10-30
5.0
None Remote Low Not required Partial None None
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
173 CVE-2001-0005 Exec Code Overflow 2001-02-12 2018-10-12
6.2
None Local High Not required Complete Complete Complete
Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
174 CVE-2001-0006 DoS 2001-02-12 2018-10-12
2.1
None Local Low Not required None None Partial
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
175 CVE-2001-0007 DoS Overflow 2001-02-12 2017-10-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface.
176 CVE-2001-0008 2001-02-12 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.
177 CVE-2001-0009 Dir. Trav. 2001-02-12 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
178 CVE-2001-0010 Overflow +Priv 2001-02-12 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.
179 CVE-2001-0011 Overflow +Priv 2001-02-12 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
180 CVE-2001-0012 2001-02-12 2008-09-10
5.0
None Remote Low Not required Partial None None
BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
181 CVE-2001-0013 +Priv 2001-02-12 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
182 CVE-2001-0014 DoS 2001-02-12 2019-04-30
5.0
None Remote Low Not required None None Partial
Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability.
183 CVE-2001-0015 +Priv 2001-03-12 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process.
184 CVE-2001-0016 2001-03-12 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access.
185 CVE-2001-0017 DoS 2001-03-12 2018-10-12
5.0
None Remote Low Not required None None Partial
Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability.
186 CVE-2001-0018 DoS 2001-07-21 2019-04-30
5.0
None Remote Low Not required None None Partial
Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests.
187 CVE-2001-0019 DoS 2001-02-12 2008-09-05
2.1
None Local Low Not required None None Partial
Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands.
188 CVE-2001-0020 Dir. Trav. 2001-02-12 2017-10-10
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack.
189 CVE-2001-0021 Exec Code 2001-02-16 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.
190 CVE-2001-0022 Exec Code 2001-02-12 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter.
191 CVE-2001-0023 Exec Code 2001-02-12 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter.
192 CVE-2001-0024 Exec Code 2001-02-12 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter.
193 CVE-2001-0025 Exec Code 2001-02-12 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.
194 CVE-2001-0026 DoS 2001-02-12 2017-10-10
5.0
None Remote Low Not required None None Partial
rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.
195 CVE-2001-0027 +Priv 2001-02-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.
196 CVE-2001-0028 Exec Code Overflow 2001-02-12 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters.
197 CVE-2001-0029 Exec Code Overflow 2001-02-12 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other versions) allows remote attackers to execute arbitrary commands via a long host or domain name that is obtained from a reverse DNS lookup.
198 CVE-2001-0030 Bypass 2001-02-16 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
FoolProof 3.9 allows local users to bypass program execution restrictions by downloading the restricted executables from another source and renaming them.
199 CVE-2001-0031 2001-02-16 2017-12-19
5.0
None Remote Low Not required Partial None None
BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist.
200 CVE-2001-0032 DoS +Priv 2001-02-16 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.