CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2001-1265 Dir. Trav. 2001-07-20 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack.
302 CVE-2001-1264 2001-07-19 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
303 CVE-2001-1263 DoS Overflow 2001-06-06 2017-12-19
5.0
None Remote Low Not required None None Partial
telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers to cause a denial of service (crash) via a large number of characters to port 23, possibly due to a buffer overflow.
304 CVE-2001-1262 Bypass 2001-08-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.
305 CVE-2001-1261 2001-08-07 2008-09-05
5.0
None Remote Low Not required None Partial None
Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.
306 CVE-2001-1260 +Priv 2001-08-07 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
307 CVE-2001-1259 DoS 2001-08-07 2008-09-05
5.0
None Remote Low Not required None None Partial
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.
308 CVE-2001-1258 2001-07-21 2011-03-08
3.6
None Local Low Not required Partial Partial None
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
309 CVE-2001-1257 XSS 2001-07-21 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
310 CVE-2001-1256 2001-06-11 2017-12-19
1.2
None Local High Not required None Partial None
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
311 CVE-2001-1255 2001-10-02 2019-10-07
4.6
None Local Low Not required Partial Partial Partial
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
312 CVE-2001-1254 2001-09-27 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.
313 CVE-2001-1253 2001-09-27 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users.
314 CVE-2001-1252 Bypass 2001-09-28 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
315 CVE-2001-1251 DoS 2001-06-29 2008-09-10
5.0
None Remote Low Not required None None Partial
SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests.
316 CVE-2001-1250 DoS Overflow 2001-06-29 2008-09-10
5.0
None Remote Low Not required None None Partial
vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow.
317 CVE-2001-1249 DoS 2001-06-29 2008-09-10
5.0
None Remote Low Not required None None Partial
vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.
318 CVE-2001-1248 2001-06-29 2008-09-10
5.0
None Remote Low Not required Partial None None
vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).
319 CVE-2001-1247 264 2001-12-06 2012-06-25
6.4
None Remote Low Not required Partial Partial None
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
320 CVE-2001-1246 Exec Code 2001-06-30 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
321 CVE-2001-1245 DoS 2001-07-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
322 CVE-2001-1244 DoS 2001-07-07 2018-10-30
5.0
None Remote Low Not required None None Partial
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
323 CVE-2001-1243 DoS 2001-07-04 2018-10-30
5.0
None Remote Low Not required None None Partial
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
324 CVE-2001-1242 Exec Code Dir. Trav. 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
325 CVE-2001-1241 Exec Code 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
326 CVE-2001-1240 2001-07-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
327 CVE-2001-1239 DoS 2001-06-29 2008-09-10
5.0
None Remote Low Not required None None Partial
PowerNet IX allows remote attackers to cause a denial of service via a port scan.
328 CVE-2001-1238 2001-07-16 2019-04-30
4.6
None Local Low Not required Partial Partial Partial
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
329 CVE-2001-1237 Exec Code 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.
330 CVE-2001-1236 Exec Code 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
331 CVE-2001-1235 Exec Code 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
332 CVE-2001-1234 Exec Code 2001-10-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
333 CVE-2001-1233 2001-08-14 2018-10-30
5.0
None Remote Low Not required Partial None None
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
334 CVE-2001-1232 2001-08-14 2017-12-19
5.0
None Remote Low Not required Partial None None
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
335 CVE-2001-1231 2001-08-14 2017-10-10
5.0
None Remote Low Not required Partial None None
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
336 CVE-2001-1230 DoS Exec Code Overflow 2001-03-13 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
337 CVE-2001-1229 DoS Exec Code Overflow 2001-03-12 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
338 CVE-2001-1228 Exec Code Overflow 2001-11-18 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
339 CVE-2001-1227 Bypass 2001-10-10 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
340 CVE-2001-1226 2001-12-25 2008-09-05
5.0
None Remote Low Not required None Partial None
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.
341 CVE-2001-1225 DoS 2001-12-26 2008-09-05
2.1
None Local Low Not required None None Partial
Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.
342 CVE-2001-1224 Exec Code Sql 2001-12-23 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack.
343 CVE-2001-1223 +Priv 2001-12-26 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.
344 CVE-2001-1221 2001-12-21 2008-09-05
5.0
None Remote Low Not required Partial None None
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.
345 CVE-2001-1220 +Priv 2001-12-21 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.
346 CVE-2001-1219 DoS 2001-12-20 2021-07-23
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
347 CVE-2001-1218 DoS 2001-12-20 2008-09-10
2.1
None Local Low Not required None None Partial
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
348 CVE-2001-1217 Dir. Trav. 2001-12-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
349 CVE-2001-1216 Exec Code Overflow 2001-12-21 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
350 CVE-2001-1215 Exec Code 2001-12-20 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.