CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001 (CVSS score >= 3)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2001-1272 Exec Code 2001-12-06 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.
252 CVE-2001-1266 Dir. Trav. 2001-07-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'.
253 CVE-2001-1265 Dir. Trav. 2001-07-20 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack.
254 CVE-2001-1264 2001-07-19 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
255 CVE-2001-1263 DoS Overflow 2001-06-06 2017-12-19
5.0
None Remote Low Not required None None Partial
telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers to cause a denial of service (crash) via a large number of characters to port 23, possibly due to a buffer overflow.
256 CVE-2001-1262 Bypass 2001-08-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.
257 CVE-2001-1261 2001-08-07 2008-09-05
5.0
None Remote Low Not required None Partial None
Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.
258 CVE-2001-1260 +Priv 2001-08-07 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
259 CVE-2001-1259 DoS 2001-08-07 2008-09-05
5.0
None Remote Low Not required None None Partial
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.
260 CVE-2001-1258 2001-07-21 2011-03-08
3.6
None Local Low Not required Partial Partial None
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
261 CVE-2001-1257 XSS 2001-07-21 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
262 CVE-2001-1255 2001-10-02 2019-10-07
4.6
None Local Low Not required Partial Partial Partial
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
263 CVE-2001-1254 2001-09-27 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.
264 CVE-2001-1253 2001-09-27 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users.
265 CVE-2001-1252 Bypass 2001-09-28 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
266 CVE-2001-1251 DoS 2001-06-29 2008-09-10
5.0
None Remote Low Not required None None Partial
SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests.
267 CVE-2001-1250 DoS Overflow 2001-06-29 2008-09-10
5.0
None Remote Low Not required None None Partial
vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow.
268 CVE-2001-1249 DoS 2001-06-29 2008-09-10
5.0
None Remote Low Not required None None Partial
vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.
269 CVE-2001-1248 2001-06-29 2008-09-10
5.0
None Remote Low Not required Partial None None
vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).
270 CVE-2001-1247 264 2001-12-06 2012-06-25
6.4
None Remote Low Not required Partial Partial None
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
271 CVE-2001-1246 Exec Code 2001-06-30 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
272 CVE-2001-1245 DoS 2001-07-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
273 CVE-2001-1244 DoS 2001-07-07 2018-10-30
5.0
None Remote Low Not required None None Partial
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
274 CVE-2001-1243 DoS 2001-07-04 2018-10-30
5.0
None Remote Low Not required None None Partial
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
275 CVE-2001-1242 Exec Code Dir. Trav. 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
276 CVE-2001-1241 Exec Code 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
277 CVE-2001-1240 2001-07-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
278 CVE-2001-1239 DoS 2001-06-29 2008-09-10
5.0
None Remote Low Not required None None Partial
PowerNet IX allows remote attackers to cause a denial of service via a port scan.
279 CVE-2001-1238 2001-07-16 2019-04-30
4.6
None Local Low Not required Partial Partial Partial
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
280 CVE-2001-1237 Exec Code 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.
281 CVE-2001-1236 Exec Code 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
282 CVE-2001-1235 Exec Code 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
283 CVE-2001-1234 Exec Code 2001-10-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
284 CVE-2001-1233 2001-08-14 2018-10-30
5.0
None Remote Low Not required Partial None None
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
285 CVE-2001-1232 2001-08-14 2017-12-19
5.0
None Remote Low Not required Partial None None
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
286 CVE-2001-1231 2001-08-14 2017-10-10
5.0
None Remote Low Not required Partial None None
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
287 CVE-2001-1230 DoS Exec Code Overflow 2001-03-13 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
288 CVE-2001-1229 DoS Exec Code Overflow 2001-03-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
289 CVE-2001-1228 Exec Code Overflow 2001-11-18 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
290 CVE-2001-1227 Bypass 2001-10-10 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
291 CVE-2001-1226 2001-12-25 2008-09-05
5.0
None Remote Low Not required None Partial None
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.
292 CVE-2001-1224 Exec Code Sql 2001-12-23 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack.
293 CVE-2001-1223 +Priv 2001-12-26 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.
294 CVE-2001-1221 2001-12-21 2008-09-05
5.0
None Remote Low Not required Partial None None
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.
295 CVE-2001-1220 +Priv 2001-12-21 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.
296 CVE-2001-1219 DoS 2001-12-20 2021-07-23
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
297 CVE-2001-1217 Dir. Trav. 2001-12-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
298 CVE-2001-1216 Exec Code Overflow 2001-12-21 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
299 CVE-2001-1215 Exec Code 2001-12-20 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.
300 CVE-2001-1214 Exec Code 2001-12-15 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters.
Total number of vulnerabilities : 1506   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.