CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2001-1159 Exec Code 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.
402 CVE-2001-1158 Bypass 2001-07-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.
403 CVE-2001-1157 Bypass 2001-08-12 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode.
404 CVE-2001-1156 DoS 2001-10-08 2008-09-05
5.0
None Remote Low Not required None None Partial
TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.
405 CVE-2001-1155 Bypass 2001-08-23 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
406 CVE-2001-1154 DoS 2001-08-30 2017-12-19
5.0
None Remote Low Not required None None Partial
Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.
407 CVE-2001-1153 DoS Exec Code 2001-08-28 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument.
408 CVE-2001-1152 Bypass 2001-09-05 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
409 CVE-2001-1151 2001-10-15 2017-12-19
5.0
None Remote Low Not required Partial None None
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.
410 CVE-2001-1150 2001-08-22 2008-09-05
5.0
None Remote Low Not required Partial None None
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
411 CVE-2001-1149 DoS 2001-08-21 2008-09-05
5.0
None Remote Low Not required None None Partial
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.
412 CVE-2001-1148 Overflow +Priv 2001-06-13 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh.
413 CVE-2001-1147 2001-10-08 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
414 CVE-2001-1146 2001-07-11 2017-10-10
1.2
None Local High Not required None Partial None
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.
415 CVE-2001-1145 2001-08-17 2008-09-10
6.2
None Local High Not required Complete Complete Complete
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.
416 CVE-2001-1144 Dir. Trav. 2001-07-11 2013-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.
417 CVE-2001-1143 DoS 2001-07-11 2008-09-05
5.0
None Remote Low Not required None None Partial
IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.
418 CVE-2001-1142 +Priv 2001-07-12 2008-09-05
5.0
None Remote Low Not required Partial None None
ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.
419 CVE-2001-1141 2001-07-10 2017-10-10
5.0
None Remote Low Not required Partial None None
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
420 CVE-2001-1140 2001-08-22 2017-12-19
5.0
None Remote Low Not required Partial None None
BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request.
421 CVE-2001-1139 Dir. Trav. 2001-08-22 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request.
422 CVE-2001-1138 Exec Code Dir. Trav. 2001-09-07 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter.
423 CVE-2001-1137 DoS 2001-09-06 2017-12-19
5.0
None Remote Low Not required None None Partial
D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments.
424 CVE-2001-1136 DoS 2001-09-13 2017-12-19
2.1
None Local Low Not required None None Partial
The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.
425 CVE-2001-1135 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known.
426 CVE-2001-1134 DoS 2001-08-09 2008-09-10
5.0
None Remote Low Not required None None Partial
Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm.
427 CVE-2001-1133 DoS 2001-08-21 2008-09-05
2.1
None Local Low Not required None None Partial
Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions.
428 CVE-2001-1132 2001-09-05 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
429 CVE-2001-1131 Dir. Trav. 2001-08-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command.
430 CVE-2001-1130 Exec Code 2001-08-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.
431 CVE-2001-1129 Exec Code 2001-11-02 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.
432 CVE-2001-1128 Exec Code Overflow 2001-10-08 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.
433 CVE-2001-1127 Exec Code Overflow 2001-10-05 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
434 CVE-2001-1126 DoS 2001-10-05 2017-12-19
5.0
None Remote Low Not required None None Partial
Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site.
435 CVE-2001-1125 Exec Code 2001-10-05 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
436 CVE-2001-1124 DoS Overflow 2001-10-01 2017-12-19
5.0
None Remote Low Not required None None Partial
rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow.
437 CVE-2001-1123 Exec Code Overflow 2001-10-01 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID.
438 CVE-2001-1122 DoS 2001-08-03 2017-12-19
2.1
None Local Low Not required None None Partial
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
439 CVE-2001-1121 2001-07-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-2001-1084.
440 CVE-2001-1120 2001-07-11 2017-12-19
6.4
None Remote Low Not required Partial Partial None
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
441 CVE-2001-1119 2001-08-03 2017-10-10
6.2
None Local High Not required Complete Complete Complete
cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack.
442 CVE-2001-1118 Exec Code 2001-08-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.
443 CVE-2001-1117 2001-08-10 2017-10-10
5.0
None Remote Low Not required Partial None None
LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.
444 CVE-2001-1116 Bypass 2001-08-02 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display.
445 CVE-2001-1115 2001-08-13 2017-12-19
5.0
None Remote Low Not required Partial None None
generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter.
446 CVE-2001-1114 Exec Code 2001-08-13 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter.
447 CVE-2001-1113 Exec Code Overflow 2001-08-13 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command.
448 CVE-2001-1112 Exec Code Overflow 2001-09-12 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters.
449 CVE-2001-1111 2001-09-12 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file.
450 CVE-2001-1110 +Info 2001-09-12 2008-09-05
5.0
None Remote Low Not required Partial None None
EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.
Total number of vulnerabilities : 1677   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.