CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2001-0400 Exec Code 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address.
252 CVE-2001-0402 Bypass 2001-06-18 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.
253 CVE-2001-0405 Bypass 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.
254 CVE-2001-0410 DoS Exec Code Overflow 2001-06-18 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long "From" header.
255 CVE-2001-0419 Exec Code Overflow 2001-07-02 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.
256 CVE-2001-0425 +Priv 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information.
257 CVE-2001-0433 DoS Exec Code Overflow 2001-06-18 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header.
258 CVE-2001-0436 Exec Code 2001-07-02 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.
259 CVE-2001-0439 Exec Code 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
260 CVE-2001-0440 DoS Exec Code Overflow 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
261 CVE-2001-0441 Exec Code Overflow 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
262 CVE-2001-0442 DoS Exec Code Overflow 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command.
263 CVE-2001-0443 DoS Exec Code Overflow 2001-07-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via (1) a long username, or (2) a long password.
264 CVE-2001-0447 DoS Exec Code 2001-06-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters.
265 CVE-2001-0451 +Priv Bypass 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1.
266 CVE-2001-0455 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.
267 CVE-2001-0456 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
268 CVE-2001-0458 Exec Code Overflow 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
269 CVE-2001-0461 Exec Code 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi.
270 CVE-2001-0471 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack.
271 CVE-2001-0473 Exec Code 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
272 CVE-2001-0475 Exec Code 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.
273 CVE-2001-0476 Exec Code Overflow 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl parameter.
274 CVE-2001-0477 Exec Code 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in WebCalendar 0.9.26 allows remote command execution.
275 CVE-2001-0478 Exec Code Dir. Trav. 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
276 CVE-2001-0479 Exec Code Dir. Trav. 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
277 CVE-2001-0483 2001-06-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set.
278 CVE-2001-0489 Exec Code 2001-06-27 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands.
279 CVE-2001-0490 Exec Code Overflow 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.
280 CVE-2001-0494 Exec Code Overflow 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header.
281 CVE-2001-0504 +Priv 2001-08-14 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying.
282 CVE-2001-0514 DoS +Info 2001-07-21 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network.
283 CVE-2001-0519 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags.
284 CVE-2001-0520 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.
285 CVE-2001-0521 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document.
286 CVE-2001-0522 +Priv 2001-08-14 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
287 CVE-2001-0523 Dir. Trav. Bypass 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.
288 CVE-2001-0524 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.
289 CVE-2001-0535 2001-10-30 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.
290 CVE-2001-0541 Exec Code Overflow 2001-09-20 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file.
291 CVE-2001-0542 Exec Code Overflow 2001-12-20 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
292 CVE-2001-0550 Exec Code 2001-11-30 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
293 CVE-2001-0561 Dir. Trav. 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.
294 CVE-2001-0562 Exec Code 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters.
295 CVE-2001-0572 +Info 2001-08-22 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
296 CVE-2001-0579 Overflow +Priv 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command.
297 CVE-2001-0591 Dir. Trav. 2001-08-22 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack.
298 CVE-2001-0596 2001-08-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
299 CVE-2001-0605 2001-08-22 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data.
300 CVE-2001-0608 +Priv 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.