CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-1472 Exec Code Sql 2001-08-03 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
2 CVE-2001-1455 Bypass 2001-08-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
3 CVE-2001-1452 2001-08-31 2008-09-05
5.0
None Remote Low Not required None Partial None
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
4 CVE-2001-1444 2001-08-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.
5 CVE-2001-1443 2001-08-27 2008-09-05
5.0
None Remote Low Not required Partial None None
KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.
6 CVE-2001-1389 DoS Exec Code Overflow 2001-08-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination.
7 CVE-2001-1379 Sql Bypass 2001-08-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.
8 CVE-2001-1356 2001-08-04 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
9 CVE-2001-1305 2001-08-17 2008-09-10
5.0
None Remote Low Not required None Partial None
ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.
10 CVE-2001-1304 DoS Overflow 2001-08-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header.
11 CVE-2001-1301 2001-08-07 2008-09-05
1.2
None Local High Not required None Partial None
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
12 CVE-2001-1295 Dir. Trav. 2001-08-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command.
13 CVE-2001-1294 DoS Overflow 2001-08-22 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password.
14 CVE-2001-1292 DoS Exec Code 2001-08-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.
15 CVE-2001-1262 Bypass 2001-08-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.
16 CVE-2001-1261 2001-08-07 2008-09-05
5.0
None Remote Low Not required None Partial None
Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.
17 CVE-2001-1260 +Priv 2001-08-07 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
18 CVE-2001-1259 DoS 2001-08-07 2008-09-05
5.0
None Remote Low Not required None None Partial
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.
19 CVE-2001-1233 2001-08-14 2008-09-05
5.0
None Remote Low Not required Partial None None
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
20 CVE-2001-1232 2001-08-14 2008-09-05
5.0
None Remote Low Not required Partial None None
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
21 CVE-2001-1231 2001-08-14 2008-09-05
5.0
None Remote Low Not required Partial None None
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
22 CVE-2001-1168 Dir. Trav. 2001-08-29 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter.
23 CVE-2001-1166 2001-08-21 2008-09-05
5.0
None Remote Low Not required Partial None None
linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.
24 CVE-2001-1157 Bypass 2001-08-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode.
25 CVE-2001-1155 Bypass 2001-08-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
26 CVE-2001-1154 DoS 2001-08-30 2008-09-05
5.0
None Remote Low Not required None None Partial
Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.
27 CVE-2001-1153 DoS Exec Code 2001-08-28 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument.
28 CVE-2001-1150 2001-08-22 2008-09-05
5.0
None Remote Low Not required Partial None None
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
29 CVE-2001-1149 DoS 2001-08-21 2008-09-05
5.0
None Remote Low Not required None None Partial
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.
30 CVE-2001-1145 2001-08-17 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.
31 CVE-2001-1140 2001-08-22 2008-09-05
5.0
None Remote Low Not required Partial None None
BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request.
32 CVE-2001-1139 Dir. Trav. 2001-08-22 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request.
33 CVE-2001-1135 2001-08-14 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known.
34 CVE-2001-1134 DoS 2001-08-09 2008-09-10
5.0
None Remote Low Not required None None Partial
Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm.
35 CVE-2001-1133 DoS 2001-08-21 2008-09-05
2.1
None Local Low Not required None None Partial
Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions.
36 CVE-2001-1131 Dir. Trav. 2001-08-21 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command.
37 CVE-2001-1130 Exec Code 2001-08-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.
38 CVE-2001-1122 DoS 2001-08-03 2008-09-05
2.1
None Local Low Not required None None Partial
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
39 CVE-2001-1119 2001-08-03 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack.
40 CVE-2001-1118 Exec Code 2001-08-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.
41 CVE-2001-1117 2001-08-10 2008-09-05
5.0
None Remote Low Not required Partial None None
LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.
42 CVE-2001-1116 Bypass 2001-08-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display.
43 CVE-2001-1115 2001-08-13 2008-09-05
5.0
None Remote Low Not required Partial None None
generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter.
44 CVE-2001-1114 Exec Code 2001-08-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter.
45 CVE-2001-1113 Exec Code Overflow 2001-08-13 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command.
46 CVE-2001-1091 +Priv 2001-08-23 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.
47 CVE-2001-1073 +Info 2001-08-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR.
48 CVE-2001-1072 Bypass 2001-08-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
49 CVE-2001-1070 DoS 2001-08-31 2008-09-05
2.1
None Local Low Not required None None Partial
Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters.
50 CVE-2001-1069 2001-08-31 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior.
Total number of vulnerabilities : 205   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.