CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2001-0296 Exec Code Overflow 2001-05-03 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.
452 CVE-2001-0301 Exec Code Overflow 2001-05-03 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.
453 CVE-2001-0320 +Priv 2001-05-03 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.
454 CVE-2001-0353 Overflow +Priv 2001-07-21 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.
455 CVE-2001-0372 2001-06-18 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores (1) barry, (2) basic, or (3) construct.
456 CVE-2001-0388 DoS 2001-06-27 2017-10-09
10.0
None Remote Low Not required Complete Complete Complete
time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
457 CVE-2001-0414 DoS Exec Code Overflow 2001-06-18 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
458 CVE-2001-0431 2001-07-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in iPlanet Web Server Enterprise Edition 4.x.
459 CVE-2001-0432 Exec Code Overflow 2001-07-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands.
460 CVE-2001-0464 Exec Code Overflow 2001-07-02 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.
461 CVE-2001-0499 Overflow +Priv 2001-07-21 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
462 CVE-2001-0500 Exec Code Overflow 2001-07-21 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
463 CVE-2001-0527 +Priv 2001-08-14 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
464 CVE-2001-0534 DoS Exec Code Overflow 2001-07-21 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands.
465 CVE-2001-0538 Exec Code 2001-08-14 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
466 CVE-2001-0552 Exec Code 2001-09-20 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message.
467 CVE-2001-0554 Exec Code Overflow 2001-08-14 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
468 CVE-2001-0555 2001-08-14 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
469 CVE-2001-0609 +Priv 2001-08-02 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
470 CVE-2001-0629 119 Overflow +Priv 2001-08-14 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.
471 CVE-2001-0671 Overflow +Priv 2001-12-06 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges.
472 CVE-2001-0679 Exec Code Overflow 1999-11-08 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote attacker to execute arbitrary code by sending a long HELO command to the server.
473 CVE-2001-0717 Exec Code 2001-10-30 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function.
474 CVE-2001-0746 DoS Exec Code Overflow 2001-10-18 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.
475 CVE-2001-0779 Overflow 2001-10-18 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
476 CVE-2001-0789 DoS Exec Code 2001-10-18 2018-11-28
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 for Sendmail allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed mail message.
477 CVE-2001-0797 Exec Code Overflow 2001-12-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
478 CVE-2001-0799 Exec Code Overflow 2001-12-06 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument.
479 CVE-2001-0800 Exec Code 2001-12-06 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
480 CVE-2001-0803 119 Exec Code Overflow 2001-12-06 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
481 CVE-2001-0808 Exec Code 2001-12-06 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.
482 CVE-2001-0817 +Priv 2001-12-06 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.
483 CVE-2001-0825 Exec Code Overflow 2001-12-06 2018-05-02
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.
484 CVE-2001-0840 Exec Code Overflow 2001-12-06 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.
485 CVE-2001-0846 Exec Code 2001-12-06 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
486 CVE-2001-0850 Overflow 2001-12-06 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow.
487 CVE-2001-0953 +Priv 2001-12-08 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root.
488 CVE-2001-0960 +Priv 2001-09-15 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.
489 CVE-2001-0961 Exec Code Overflow 2001-09-18 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most.
490 CVE-2001-0966 Dir. Trav. 2001-08-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command.
491 CVE-2001-0968 +Priv 2001-08-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges.
492 CVE-2001-0969 2001-08-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.
493 CVE-2001-0972 +Priv 2001-08-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."
494 CVE-2001-0981 2001-08-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
495 CVE-2001-1009 264 +Priv 2001-08-31 2011-02-16
10.0
Admin Remote Low Not required Complete Complete Complete
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
496 CVE-2001-1011 +Priv 2001-07-25 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
497 CVE-2001-1025 2001-08-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
498 CVE-2001-1027 Exec Code Overflow 2001-08-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.
499 CVE-2001-1046 Overflow +Priv 2001-06-02 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.
500 CVE-2001-1053 +Priv Bypass 2001-07-13 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.