CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001 (CVSS score >= 3)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2001-1329 Overflow +Priv 2001-06-11 2017-04-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
202 CVE-2001-1328 Exec Code Overflow 2001-06-22 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.
203 CVE-2001-1327 +Priv 2001-05-24 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake.
204 CVE-2001-1326 Exec Code 2001-05-29 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.
205 CVE-2001-1325 2001-04-20 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
206 CVE-2001-1324 +Priv 2001-06-26 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.
207 CVE-2001-1323 120 DoS Exec Code Overflow 2001-05-16 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.
208 CVE-2001-1322 2001-07-10 2008-09-10
3.6
None Local Low Not required Partial Partial None
xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.
209 CVE-2001-1321 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.
210 CVE-2001-1320 DoS Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.
211 CVE-2001-1319 DoS 2001-07-16 2020-04-09
5.0
None Remote Low Not required None None Partial
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
212 CVE-2001-1318 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
213 CVE-2001-1317 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstrated by the PROTOS LDAPv3 test suite.
214 CVE-2001-1316 DoS Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
215 CVE-2001-1315 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
216 CVE-2001-1314 DoS Exec Code Overflow 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
217 CVE-2001-1313 DoS Exec Code 2001-07-16 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
218 CVE-2001-1312 DoS Exec Code 2001-07-16 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
219 CVE-2001-1311 DoS Exec Code Overflow 2001-07-16 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
220 CVE-2001-1310 DoS Exec Code 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite.
221 CVE-2001-1309 DoS Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
222 CVE-2001-1308 DoS Exec Code 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
223 CVE-2001-1307 DoS Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
224 CVE-2001-1306 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite.
225 CVE-2001-1305 2001-08-17 2016-10-18
5.0
None Remote Low Not required None Partial None
ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.
226 CVE-2001-1304 DoS Overflow 2001-08-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header.
227 CVE-2001-1303 +Info 2001-07-18 2017-10-10
5.0
None Remote Low Not required Partial None None
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.
228 CVE-2001-1299 2001-10-02 2008-09-05
5.0
None Remote Low Not required None Partial None
Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
229 CVE-2001-1298 2001-10-02 2008-09-10
5.0
None Remote Low Not required None Partial None
Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
230 CVE-2001-1297 Exec Code File Inclusion 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.
231 CVE-2001-1296 2001-10-02 2008-09-10
5.0
None Remote Low Not required None Partial None
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
232 CVE-2001-1295 Dir. Trav. 2001-08-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command.
233 CVE-2001-1294 DoS Overflow 2001-08-22 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password.
234 CVE-2001-1293 DoS Overflow 2001-09-26 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request.
235 CVE-2001-1292 DoS Exec Code 2001-08-13 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.
236 CVE-2001-1291 2001-07-12 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
237 CVE-2001-1290 Exec Code +Priv 2001-06-28 2017-12-19
5.0
None Remote Low Not required None Partial None
admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter.
238 CVE-2001-1289 DoS 2001-07-29 2008-09-10
5.0
None Remote Low Not required None None Partial
Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters.
239 CVE-2001-1287 Exec Code Overflow 2001-10-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
240 CVE-2001-1286 2001-10-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
241 CVE-2001-1285 Dir. Trav. 2001-10-12 2008-09-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
242 CVE-2001-1284 2001-10-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
243 CVE-2001-1283 DoS Exec Code Overflow 2001-10-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.
244 CVE-2001-1282 +Info 2001-10-12 2008-09-10
5.0
None Remote Low Not required Partial None None
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
245 CVE-2001-1281 2001-10-12 2008-09-10
5.0
None Remote Low Not required None Partial None
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.
246 CVE-2001-1280 2001-10-12 2008-09-10
5.0
None Remote Low Not required Partial None None
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.
247 CVE-2001-1279 DoS Exec Code Overflow 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.
248 CVE-2001-1278 Bypass 2001-10-10 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
249 CVE-2001-1275 +Priv 2001-01-19 2019-10-07
7.2
None Local Low Not required Complete Complete Complete
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
250 CVE-2001-1274 DoS Overflow +Priv 2001-01-23 2019-10-07
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
Total number of vulnerabilities : 1506   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.