CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001 (CVSS score >= 3)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2001-1104 2001-07-25 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
402 CVE-2001-1103 Exec Code 2001-03-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands.
403 CVE-2001-1102 2001-09-08 2017-12-19
6.2
None Local High Not required Complete Complete Complete
Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable.
404 CVE-2001-1101 2001-09-08 2017-12-19
6.4
None Remote Low Not required None Partial Partial
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.
405 CVE-2001-1100 Exec Code 2001-10-07 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.
406 CVE-2001-1099 434 2001-09-07 2020-04-02
5.0
None Remote Low Not required Partial None None
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
407 CVE-2001-1097 DoS 2001-07-24 2017-12-19
5.0
None Remote Low Not required None None Partial
Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.
408 CVE-2001-1096 Exec Code Overflow 2001-10-09 2013-07-25
4.6
None Local Low Not required Partial Partial Partial
Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code.
409 CVE-2001-1095 Exec Code Overflow 2001-10-09 2016-09-17
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter.
410 CVE-2001-1094 Bypass 2001-09-11 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version.
411 CVE-2001-1093 Exec Code Overflow 2001-09-10 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument.
412 CVE-2001-1091 +Priv 2001-08-23 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.
413 CVE-2001-1090 Exec Code 2001-09-10 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
414 CVE-2001-1089 Exec Code 2001-09-10 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
415 CVE-2001-1088 2001-06-05 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
416 CVE-2001-1087 2001-07-05 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device.
417 CVE-2001-1086 2001-07-04 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
418 CVE-2001-1085 2001-07-05 2017-10-10
3.7
None Local High Not required Partial Partial Partial
Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
419 CVE-2001-1084 XSS 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.
420 CVE-2001-1083 DoS 2001-06-26 2017-10-10
5.0
None Remote Low Not required None None Partial
Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).
421 CVE-2001-1082 Dir. Trav. 2001-07-13 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a .. (dot dot) attack.
422 CVE-2001-1081 DoS Exec Code 2001-07-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages.
423 CVE-2001-1080 +Priv 2001-06-19 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program.
424 CVE-2001-1078 Exec Code +Priv 2001-06-21 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
425 CVE-2001-1077 Overflow +Priv 2001-06-15 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument.
426 CVE-2001-1076 Exec Code Overflow 2001-07-05 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.
427 CVE-2001-1075 Bypass 2001-07-04 2017-10-10
5.0
None Remote Low Not required None Partial None
poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.
428 CVE-2001-1074 +Priv 2001-05-28 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
429 CVE-2001-1073 +Info 2001-08-31 2017-12-19
5.0
None Remote Low Not required Partial None None
Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR.
430 CVE-2001-1072 Bypass 2001-08-31 2017-10-10
5.0
None Remote Low Not required None None Partial
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
431 CVE-2001-1071 DoS 2001-10-09 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements.
432 CVE-2001-1069 2001-08-31 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior.
433 CVE-2001-1068 2001-08-31 2017-12-19
5.0
None Remote Low Not required Partial None None
qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system.
434 CVE-2001-1067 DoS Exec Code Overflow 2001-08-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.
435 CVE-2001-1065 2001-08-31 2017-12-19
5.0
None Remote Low Not required None None Partial
Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.
436 CVE-2001-1064 DoS 2001-08-31 2017-12-19
5.0
None Remote Low Not required None None Partial
Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets.
437 CVE-2001-1063 Overflow +Priv 2001-08-31 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument.
438 CVE-2001-1062 Exec Code Overflow 2001-08-31 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code.
439 CVE-2001-1061 2001-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error.
440 CVE-2001-1060 Exec Code 2001-07-31 2009-04-03
7.5
None Remote Low Not required Partial Partial Partial
phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.
441 CVE-2001-1059 2001-07-30 2017-10-10
3.6
None Local Low Not required Partial Partial None
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.
442 CVE-2001-1057 DoS 2001-07-30 2017-12-19
5.0
None Remote Low Not required None None Partial
The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests.
443 CVE-2001-1056 Bypass 2001-07-30 2018-09-20
7.5
None Remote Low Not required Partial Partial Partial
IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.
444 CVE-2001-1055 DoS 2001-07-30 2017-10-10
5.0
None Remote Low Not required None None Partial
The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.
445 CVE-2001-1054 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
446 CVE-2001-1053 +Priv Bypass 2001-07-13 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
447 CVE-2001-1052 2001-10-02 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
448 CVE-2001-1051 2001-10-02 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
449 CVE-2001-1050 2001-10-02 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
450 CVE-2001-1049 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Total number of vulnerabilities : 1506   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.