CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2001-0041 399 DoS 2001-02-16 2017-10-10
7.8
None Remote Low Not required None None Complete
Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts.
152 CVE-2001-1432 22 Dir. Trav. 2001-12-29 2017-07-11
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
153 CVE-2001-0127 DoS Exec Code Overflow 2001-03-12 2008-09-05
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag.
154 CVE-2001-0166 DoS 2001-03-26 2017-10-10
7.6
None Remote High Not required Complete Complete Complete
Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file.
155 CVE-2001-0167 Exec Code Overflow 2001-05-03 2017-12-19
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string.
156 CVE-2001-0174 DoS Exec Code Overflow 2001-05-03 2017-10-10
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a large "To" address.
157 CVE-2001-0198 1 Exec Code Overflow 2001-05-03 2017-12-19
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
158 CVE-1999-0359 DoS 2001-03-12 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords.
159 CVE-1999-0923 DoS 2001-03-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls.
160 CVE-1999-1024 DoS 2001-11-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a denial of service via a packet with a zero length header, which causes an infinite loop and core dump when tcpdump prints the packet.
161 CVE-1999-1514 DoS Exec Code Overflow 2001-11-28 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long USER command.
162 CVE-2000-0891 Exec Code 2001-07-21 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email.
163 CVE-2000-1093 Exec Code Overflow 2001-01-09 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command.
164 CVE-2000-1094 Exec Code Overflow 2001-01-09 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.
165 CVE-2000-1100 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.
166 CVE-2000-1104 XSS 2001-01-09 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.
167 CVE-2000-1113 Exec Code Overflow 2001-01-09 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.
168 CVE-2000-1115 DoS Exec Code Overflow 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
169 CVE-2000-1116 DoS Exec Code Overflow 2001-01-09 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long command.
170 CVE-2000-1118 Bypass 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request.
171 CVE-2000-1130 Bypass 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment.
172 CVE-2000-1131 Exec Code 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable.
173 CVE-2000-1138 2001-01-09 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected.
174 CVE-2000-1139 798 +Priv 2001-01-09 2020-04-02
7.5
None Remote Low Not required Partial Partial Partial
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
175 CVE-2000-1149 Exec Code Overflow 2001-01-09 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.
176 CVE-2000-1158 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords.
177 CVE-2000-1159 +Priv 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
NAI Sniffer Agent allows remote attackers to gain privileges on the agent by sniffing the initial UDP authentication packets and spoofing commands.
178 CVE-2000-1161 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.
179 CVE-2000-1166 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.
180 CVE-2000-1167 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.
181 CVE-2000-1168 DoS Exec Code 2001-01-09 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
182 CVE-2000-1169 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
183 CVE-2000-1170 Exec Code Overflow 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request.
184 CVE-2000-1174 Exec Code Overflow 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.
185 CVE-2000-1176 Dir. Trav. 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catsearch" form field.
186 CVE-2000-1186 Exec Code Overflow 2001-01-09 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header.
187 CVE-2000-1187 Exec Code Overflow 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
188 CVE-2000-1192 DoS Exec Code Overflow 2001-08-31 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string trap.
189 CVE-2000-1194 DoS Exec Code 2001-08-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands.
190 CVE-2000-1195 Bypass 2001-08-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.
191 CVE-2001-0001 Bypass 2001-06-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie.
192 CVE-2001-0002 2001-07-21 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
193 CVE-2001-0027 +Priv 2001-02-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.
194 CVE-2001-0047 +Priv 2001-02-16 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities.
195 CVE-2001-0051 2001-02-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database.
196 CVE-2001-0056 2001-02-16 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection.
197 CVE-2001-0082 Bypass 2001-02-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets.
198 CVE-2001-0088 +Priv 2001-02-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog.
199 CVE-2001-0126 Exec Code 2001-03-12 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.
200 CVE-2001-0145 Exec Code Overflow 2001-05-03 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.