CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2001(Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-1585 287 Bypass 2001-12-31 2010-06-24
6.8
None Remote Medium Not required Partial Partial Partial
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.
2 CVE-2001-1581 Bypass 2001-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows remote attackers to bypass e-mail attachment filtering policies via a modified name in a Content-Type header.
3 CVE-2001-1572 Bypass 2001-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.
4 CVE-2001-1567 Bypass 2001-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.
5 CVE-2001-1549 Bypass 2001-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
6 CVE-2001-1548 Bypass 2001-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
7 CVE-2001-1542 Exec Code Bypass 2001-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments.
8 CVE-2001-1534 Bypass +Info 2001-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
9 CVE-2001-1500 Bypass 2001-12-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
10 CVE-2001-1460 Sql Bypass 2001-10-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.
11 CVE-2001-1459 Exec Code Bypass 2001-06-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
12 CVE-2001-1455 Bypass 2001-08-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
13 CVE-2001-1445 Bypass 2001-03-01 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in "RCPT TO" commands.
14 CVE-2001-1422 Bypass 2001-01-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
15 CVE-2001-1407 Bypass 2001-09-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
16 CVE-2001-1401 Bypass 2001-09-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
17 CVE-2001-1386 Bypass 2001-07-01 2008-09-10
5.0
None Remote Low Not required Partial None None
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.
18 CVE-2001-1379 Sql Bypass 2001-08-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.
19 CVE-2001-1369 Exec Code Bypass 2001-09-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.
20 CVE-2001-1344 Bypass 2001-06-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot).
21 CVE-2001-1278 Bypass 2001-10-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
22 CVE-2001-1262 Bypass 2001-08-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.
23 CVE-2001-1252 Bypass 2001-09-28 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
24 CVE-2001-1227 Bypass 2001-10-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
25 CVE-2001-1200 Bypass 2001-12-17 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys.
26 CVE-2001-1182 +Priv Bypass 2001-07-17 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.
27 CVE-2001-1158 Bypass 2001-07-09 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.
28 CVE-2001-1157 Bypass 2001-08-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode.
29 CVE-2001-1155 Bypass 2001-08-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
30 CVE-2001-1152 Bypass 2001-09-05 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
31 CVE-2001-1116 Bypass 2001-08-02 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display.
32 CVE-2001-1105 Bypass 2001-09-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
33 CVE-2001-1094 Bypass 2001-09-11 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version.
34 CVE-2001-1075 Bypass 2001-07-04 2008-09-05
5.0
None Remote Low Not required None Partial None
poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.
35 CVE-2001-1072 Bypass 2001-08-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
36 CVE-2001-1056 Bypass 2001-07-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.
37 CVE-2001-1053 +Priv Bypass 2001-07-13 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
38 CVE-2001-1030 Bypass 2001-07-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
39 CVE-2001-1029 Bypass 2001-09-20 2008-09-05
2.1
None Local Low Not required Partial None None
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
40 CVE-2001-1022 Exec Code Bypass 2001-07-26 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
41 CVE-2001-0929 Bypass 2001-11-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists.
42 CVE-2001-0910 +Priv Bypass 2001-11-21 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup.
43 CVE-2001-0867 Bypass 2001-12-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.
44 CVE-2001-0866 Bypass 2001-12-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.
45 CVE-2001-0864 Bypass 2001-12-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.
46 CVE-2001-0862 Bypass 2001-12-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
47 CVE-2001-0851 Bypass 2001-12-06 2008-09-10
5.0
None Remote Low Not required Partial None None
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
48 CVE-2001-0816 Bypass 2001-12-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
49 CVE-2001-0766 Bypass 2001-10-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
50 CVE-2001-0731 Bypass 2001-10-01 2008-09-05
5.0
None Remote Low Not required Partial None None
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
Total number of vulnerabilities : 83   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.