# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
76551 |
CVE-2001-1340 |
|
|
|
2002-05-21 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Beck GmbH [email protected] TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service. |
76552 |
CVE-2001-1338 |
|
|
|
2001-05-24 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Beck IPC GmbH [email protected] TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system. |
76553 |
CVE-2001-1337 |
|
|
DoS |
2001-05-21 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Beck IPC GmbH [email protected] Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request. |
76554 |
CVE-2001-1335 |
|
|
Dir. Trav. |
2001-05-27 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot). |
76555 |
CVE-2001-1334 |
|
|
|
2002-05-19 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL. |
76556 |
CVE-2001-1333 |
|
|
|
2001-05-10 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files. |
76557 |
CVE-2001-1331 |
|
|
|
2001-05-03 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. |
76558 |
CVE-2001-1327 |
|
|
+Priv |
2001-05-24 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake. |
76559 |
CVE-2001-1324 |
|
|
+Priv |
2001-06-26 |
2008-09-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges. |
76560 |
CVE-2001-1322 |
|
|
|
2001-07-10 |
2008-09-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask. |
76561 |
CVE-2001-1319 |
|
|
DoS |
2001-07-16 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. |
76562 |
CVE-2001-1305 |
|
|
|
2001-08-17 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer. |
76563 |
CVE-2001-1304 |
|
|
DoS Overflow |
2001-08-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header. |
76564 |
CVE-2001-1303 |
|
|
+Info |
2001-07-18 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication. |
76565 |
CVE-2001-1302 |
|
|
|
2001-07-18 |
2019-04-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function. |
76566 |
CVE-2001-1301 |
|
|
|
2001-08-07 |
2008-09-05 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file. |
76567 |
CVE-2001-1300 |
|
|
Dir. Trav. |
2002-06-25 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Dynu FTP server 1.05 and earlier allows remote attackers to read arbitrary files via a .. in the CD (CWD) command. |
76568 |
CVE-2001-1299 |
|
|
|
2001-10-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
76569 |
CVE-2001-1298 |
|
|
|
2001-10-02 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
76570 |
CVE-2001-1296 |
|
|
|
2001-10-02 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. |
76571 |
CVE-2001-1295 |
|
|
Dir. Trav. |
2001-08-21 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command. |
76572 |
CVE-2001-1294 |
|
|
DoS Overflow |
2001-08-22 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password. |
76573 |
CVE-2001-1293 |
|
|
DoS Overflow |
2001-09-26 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request. |
76574 |
CVE-2001-1290 |
|
|
Exec Code +Priv |
2001-06-28 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter. |
76575 |
CVE-2001-1289 |
|
|
DoS |
2001-07-29 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters. |
76576 |
CVE-2001-1288 |
|
|
DoS |
2001-07-27 |
2019-04-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe. |
76577 |
CVE-2001-1285 |
|
|
Dir. Trav. |
2001-10-12 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter. |
76578 |
CVE-2001-1282 |
|
|
+Info |
2001-10-12 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information. |
76579 |
CVE-2001-1281 |
|
|
|
2001-10-12 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form. |
76580 |
CVE-2001-1280 |
|
|
|
2001-10-12 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system. |
76581 |
CVE-2001-1277 |
|
|
|
2001-06-11 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters. |
76582 |
CVE-2001-1276 |
|
|
|
2001-06-21 |
2016-10-17 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file. |
76583 |
CVE-2001-1273 |
|
|
DoS |
2001-02-12 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt). |
76584 |
CVE-2001-1272 |
|
|
Exec Code |
2001-12-06 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option. |
76585 |
CVE-2001-1271 |
|
|
Dir. Trav. |
2001-07-12 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames. |
76586 |
CVE-2001-1270 |
|
|
Dir. Trav. |
2001-07-12 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files. |
76587 |
CVE-2001-1269 |
|
|
|
2001-07-12 |
2010-05-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character. |
76588 |
CVE-2001-1268 |
|
|
Dir. Trav. |
2001-07-12 |
2010-05-25 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename. |
76589 |
CVE-2001-1267 |
|
|
Dir. Trav. |
2001-07-12 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). |
76590 |
CVE-2001-1266 |
|
|
Dir. Trav. |
2001-07-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'. |
76591 |
CVE-2001-1263 |
|
|
DoS Overflow |
2001-06-06 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers to cause a denial of service (crash) via a large number of characters to port 23, possibly due to a buffer overflow. |
76592 |
CVE-2001-1261 |
|
|
|
2001-08-07 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file. |
76593 |
CVE-2001-1259 |
|
|
DoS |
2001-08-07 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload. |
76594 |
CVE-2001-1258 |
|
|
|
2001-07-21 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server. |
76595 |
CVE-2001-1256 |
|
|
|
2001-06-11 |
2017-12-18 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files. |
76596 |
CVE-2001-1255 |
|
|
|
2001-10-02 |
2019-10-07 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database. |
76597 |
CVE-2001-1253 |
|
|
|
2001-09-27 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users. |
76598 |
CVE-2001-1251 |
|
|
DoS |
2001-06-29 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests. |
76599 |
CVE-2001-1250 |
|
|
DoS Overflow |
2001-06-29 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow. |
76600 |
CVE-2001-1249 |
|
|
DoS |
2001-06-29 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names. |