| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
401 |
CVE-2001-1159 |
|
|
Exec Code |
2001-07-02 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP. |
|
402 |
CVE-2001-1158 |
|
|
Bypass |
2001-07-09 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts. |
|
403 |
CVE-2001-1157 |
|
|
Bypass |
2001-08-12 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode. |
|
404 |
CVE-2001-1156 |
|
|
DoS |
2001-10-08 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR. |
|
405 |
CVE-2001-1155 |
|
|
Bypass |
2001-08-23 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing. |
|
406 |
CVE-2001-1154 |
|
|
DoS |
2001-08-30 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients. |
|
407 |
CVE-2001-1153 |
|
|
DoS Exec Code |
2001-08-28 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument. |
|
408 |
CVE-2001-1152 |
|
|
Bypass |
2001-09-05 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters. |
|
409 |
CVE-2001-1151 |
|
|
|
2001-10-15 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password. |
|
410 |
CVE-2001-1150 |
|
|
|
2001-08-22 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files. |
|
411 |
CVE-2001-1149 |
|
|
DoS |
2001-08-21 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file. |
|
412 |
CVE-2001-1148 |
|
|
Overflow +Priv |
2001-06-13 |
2017-07-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh. |
|
413 |
CVE-2001-1147 |
|
|
|
2001-10-08 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits. |
|
414 |
CVE-2001-1146 |
|
|
|
2001-07-11 |
2017-10-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack. |
|
415 |
CVE-2001-1145 |
|
|
|
2001-08-17 |
2008-09-10 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories. |
|
416 |
CVE-2001-1144 |
|
|
Dir. Trav. |
2001-07-11 |
2013-08-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request. |
|
417 |
CVE-2001-1143 |
|
|
DoS |
2001-07-11 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789. |
|
418 |
CVE-2001-1142 |
|
|
+Priv |
2001-07-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges. |
|
419 |
CVE-2001-1141 |
|
|
|
2001-07-10 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers. |
|
420 |
CVE-2001-1140 |
|
|
|
2001-08-22 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request. |
|
421 |
CVE-2001-1139 |
|
|
Dir. Trav. |
2001-08-22 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request. |
|
422 |
CVE-2001-1138 |
|
|
Exec Code Dir. Trav. |
2001-09-07 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter. |
|
423 |
CVE-2001-1137 |
|
|
DoS |
2001-09-06 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments. |
|
424 |
CVE-2001-1136 |
|
|
DoS |
2001-09-13 |
2017-12-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service. |
|
425 |
CVE-2001-1135 |
|
|
|
2001-08-14 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known. |
|
426 |
CVE-2001-1134 |
|
|
DoS |
2001-08-09 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm. |
|
427 |
CVE-2001-1133 |
|
|
DoS |
2001-08-21 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions. |
|
428 |
CVE-2001-1132 |
|
|
|
2001-09-05 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication. |
|
429 |
CVE-2001-1131 |
|
|
Dir. Trav. |
2001-08-21 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command. |
|
430 |
CVE-2001-1130 |
|
|
Exec Code |
2001-08-02 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file. |
|
431 |
CVE-2001-1129 |
|
|
Exec Code |
2001-11-02 |
2017-12-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable. |
|
432 |
CVE-2001-1128 |
|
|
Exec Code Overflow |
2001-10-08 |
2017-12-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. |
|
433 |
CVE-2001-1127 |
|
|
Exec Code Overflow |
2001-10-05 |
2017-12-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. |
|
434 |
CVE-2001-1126 |
|
|
DoS |
2001-10-05 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site. |
|
435 |
CVE-2001-1125 |
|
|
Exec Code |
2001-10-05 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. |
|
436 |
CVE-2001-1124 |
|
|
DoS Overflow |
2001-10-01 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow. |
|
437 |
CVE-2001-1123 |
|
|
Exec Code Overflow |
2001-10-01 |
2017-12-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID. |
|
438 |
CVE-2001-1122 |
|
|
DoS |
2001-08-03 |
2017-12-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode. |
|
439 |
CVE-2001-1121 |
|
|
|
2001-07-02 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-2001-1084. |
|
440 |
CVE-2001-1120 |
|
|
|
2001-07-11 |
2017-12-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates. |
|
441 |
CVE-2001-1119 |
|
|
|
2001-08-03 |
2017-10-10 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack. |
|
442 |
CVE-2001-1118 |
|
|
Exec Code |
2001-08-02 |
2017-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL. |
|
443 |
CVE-2001-1117 |
|
|
|
2001-08-10 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. |
|
444 |
CVE-2001-1116 |
|
|
Bypass |
2001-08-02 |
2017-10-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display. |
|
445 |
CVE-2001-1115 |
|
|
|
2001-08-13 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter. |
|
446 |
CVE-2001-1114 |
|
|
Exec Code |
2001-08-13 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter. |
|
447 |
CVE-2001-1113 |
|
|
Exec Code Overflow |
2001-08-13 |
2017-10-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command. |
|
448 |
CVE-2001-1112 |
|
|
Exec Code Overflow |
2001-09-12 |
2017-12-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters. |
|
449 |
CVE-2001-1111 |
|
|
|
2001-09-12 |
2017-12-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file. |
|
450 |
CVE-2001-1110 |
|
|
+Info |
2001-09-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection. |
