CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2001-1368 2001-06-11 2017-12-19
5.0
None Remote Low Not required None Partial None
Vulnerability in iPlanet Web Server 4 included in Virtualvault Operating System (VVOS) 4.0 running HP-UX 11.04 could allow attackers to corrupt data.
202 CVE-2001-1367 +Priv 2001-07-19 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.
203 CVE-2001-1366 +Info 2001-07-19 2008-09-05
5.0
None Remote Low Not required Partial None None
netscript before 1.6.3 parses dynamic variables, which could allow remote attackers to alter program behavior or obtain sensitive information.
204 CVE-2001-1365 2001-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in IntraGnat before 1.4.
205 CVE-2001-1364 2001-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified.
206 CVE-2001-1363 +Priv 2001-07-19 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges.
207 CVE-2001-1362 2001-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in the server for nPULSE before 0.53p4.
208 CVE-2001-1361 2001-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.
209 CVE-2001-1360 2001-07-19 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned.
210 CVE-2001-1359 2001-06-08 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server.
211 CVE-2001-1358 +Priv 2001-02-07 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter.
212 CVE-2001-1357 2001-02-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables.
213 CVE-2001-1356 2001-08-04 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
214 CVE-2001-1355 Exec Code Overflow 2001-07-20 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
215 CVE-2001-1354 2001-07-20 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
216 CVE-2001-1353 2001-09-18 2016-10-18
2.6
None Local High Not required Partial Partial None
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.
217 CVE-2001-1352 XSS 2001-12-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter.
218 CVE-2001-1351 XSS 2001-12-25 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers.
219 CVE-2001-1350 XSS 2001-11-25 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter.
220 CVE-2001-1349 DoS +Priv 2001-05-28 2008-09-05
3.7
None Local High Not required Partial Partial Partial
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.
221 CVE-2001-1348 Sql 2001-05-28 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.
222 CVE-2001-1347 DoS +Priv 2001-05-24 2019-04-30
4.6
None Local Low Not required Partial Partial Partial
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
223 CVE-2001-1346 2001-05-18 2021-04-07
1.2
None Local High Not required None Partial None
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
224 CVE-2001-1345 +Priv 2001-06-05 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a Trojan horse program.
225 CVE-2001-1344 Bypass 2001-06-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot).
226 CVE-2001-1343 Exec Code 2001-06-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.
227 CVE-2001-1342 DoS 2001-05-12 2021-06-06
5.0
None Remote Low Not required None None Partial
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
228 CVE-2001-1341 +Info 2001-05-24 2008-09-10
5.0
None Remote Low Not required Partial None None
The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program.
229 CVE-2001-1339 2001-05-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks.
230 CVE-2001-1338 2001-05-24 2008-09-05
5.0
None Remote Low Not required Partial None None
Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system.
231 CVE-2001-1337 DoS 2001-05-21 2008-09-05
5.0
None Remote Low Not required None None Partial
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request.
232 CVE-2001-1336 +Priv 2001-05-28 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.
233 CVE-2001-1335 Dir. Trav. 2001-05-27 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot).
234 CVE-2001-1333 2001-05-10 2008-09-05
1.2
None Local High Not required None Partial None
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
235 CVE-2001-1332 Exec Code Overflow 2001-05-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
236 CVE-2001-1331 2001-05-03 2008-09-10
1.2
None Local High Not required None Partial None
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
237 CVE-2001-1330 Overflow +Priv 2001-06-11 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
238 CVE-2001-1329 Overflow +Priv 2001-06-11 2017-04-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
239 CVE-2001-1328 Exec Code Overflow 2001-06-22 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.
240 CVE-2001-1327 +Priv 2001-05-24 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake.
241 CVE-2001-1326 Exec Code 2001-05-29 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.
242 CVE-2001-1325 2001-04-20 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
243 CVE-2001-1324 +Priv 2001-06-26 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.
244 CVE-2001-1323 120 DoS Exec Code Overflow 2001-05-16 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.
245 CVE-2001-1322 2001-07-10 2008-09-10
3.6
None Local Low Not required Partial Partial None
xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.
246 CVE-2001-1321 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.
247 CVE-2001-1320 DoS Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.
248 CVE-2001-1319 DoS 2001-07-16 2020-04-09
5.0
None Remote Low Not required None None Partial
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
249 CVE-2001-1318 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
250 CVE-2001-1317 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstrated by the PROTOS LDAPv3 test suite.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.