| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
76701 |
CVE-2001-1040 |
|
|
|
2001-08-31 |
2008-09-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password. |
|
76702 |
CVE-2001-1038 |
|
|
DoS |
2001-07-11 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. |
|
76703 |
CVE-2001-1037 |
|
|
Exec Code |
2001-01-08 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. |
|
76704 |
CVE-2001-1033 |
|
|
DoS |
2001-09-25 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state. |
|
76705 |
CVE-2001-1031 |
|
|
Dir. Trav. |
2001-09-27 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Meteor FTP 1.0 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the ls/LIST command, or (2) a ... in the cd/CWD command. |
|
76706 |
CVE-2001-1029 |
|
|
Bypass |
2001-09-20 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files. |
|
76707 |
CVE-2001-1023 |
|
|
|
2001-09-21 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header. |
|
76708 |
CVE-2001-1019 |
|
|
Dir. Trav. |
2001-09-08 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter. |
|
76709 |
CVE-2001-1018 |
|
|
|
2001-09-20 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters. |
|
76710 |
CVE-2001-1013 |
|
|
|
2001-09-12 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server. |
|
76711 |
CVE-2001-1010 |
|
|
Dir. Trav. |
2001-07-22 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter. |
|
76712 |
CVE-2001-1007 |
|
|
|
2001-08-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack. |
|
76713 |
CVE-2001-1006 |
|
|
|
2001-08-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application. |
|
76714 |
CVE-2001-1004 |
|
|
XSS |
2001-08-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags. |
|
76715 |
CVE-2001-1003 |
|
|
+Priv |
2001-08-31 |
2016-10-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges. |
|
76716 |
CVE-2001-1000 |
|
|
|
2001-09-07 |
2017-12-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file. |
|
76717 |
CVE-2001-0998 |
|
|
DoS |
2001-09-24 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd. |
|
76718 |
CVE-2001-0996 |
|
|
|
2001-09-02 |
2017-12-18 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly. |
|
76719 |
CVE-2001-0994 |
|
|
DoS |
2001-09-04 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents others from logging into the device. |
|
76720 |
CVE-2001-0993 |
|
|
DoS |
2001-07-24 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length. |
|
76721 |
CVE-2001-0990 |
|
|
+Info |
2001-09-04 |
2017-12-18 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library. |
|
76722 |
CVE-2001-0986 |
|
|
+Info |
2001-09-14 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. |
|
76723 |
CVE-2001-0984 |
|
|
|
2001-09-13 |
2017-12-19 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize and prompt on restore" options enabled, which could allow an attacker with access to the memory (e.g. an administrator) to read the passwords. |
|
76724 |
CVE-2001-0983 |
|
|
+Priv |
2001-08-31 |
2016-10-17 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges. |
|
76725 |
CVE-2001-0982 |
|
|
Dir. Trav. |
2001-07-23 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings. |
|
76726 |
CVE-2001-0977 |
|
|
DoS |
2001-07-16 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. |
|
76727 |
CVE-2001-0973 |
|
|
|
2001-08-31 |
2008-09-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space. |
|
76728 |
CVE-2001-0971 |
|
|
Dir. Trav. |
2001-08-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. |
|
76729 |
CVE-2001-0965 |
|
|
DoS |
2001-08-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters. |
|
76730 |
CVE-2001-0959 |
|
|
+Info |
2001-09-15 |
2017-10-09 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files. |
|
76731 |
CVE-2001-0954 |
|
|
DoS |
2001-12-07 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory. |
|
76732 |
CVE-2001-0952 |
|
|
DoS |
2001-12-07 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
THQ Volition Red Faction Game allows remote attackers to cause a denial of service (hang) of a client or server via packets to UDP port 7755. |
|
76733 |
CVE-2001-0951 |
|
|
DoS |
2001-12-07 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. |
|
76734 |
CVE-2001-0946 |
|
|
DoS |
2001-12-04 |
2017-10-09 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins. |
|
76735 |
CVE-2001-0945 |
|
|
DoS Overflow |
2001-12-03 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line. |
|
76736 |
CVE-2001-0942 |
|
|
|
2001-11-29 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp. |
|
76737 |
CVE-2001-0941 |
|
|
Exec Code Overflow |
2001-11-30 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable. |
|
76738 |
CVE-2001-0939 |
|
|
DoS |
2001-11-30 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443. |
|
76739 |
CVE-2001-0938 |
|
|
Dir. Trav. |
2001-11-30 |
2016-10-17 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp. |
|
76740 |
CVE-2001-0926 |
|
|
|
2001-11-28 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement. |
|
76741 |
CVE-2001-0925 |
|
|
|
2001-03-12 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex. |
|
76742 |
CVE-2001-0924 |
|
|
Dir. Trav. |
2001-11-22 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter. |
|
76743 |
CVE-2001-0921 |
|
|
|
2001-11-21 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext. |
|
76744 |
CVE-2001-0920 |
|
|
Exec Code |
2001-11-26 |
2017-10-09 |
6.2 |
Admin |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string. |
|
76745 |
CVE-2001-0919 |
|
|
|
2001-11-26 |
2016-10-17 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript. |
|
76746 |
CVE-2001-0918 |
|
|
Exec Code |
2001-11-22 |
2017-10-09 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely. |
|
76747 |
CVE-2001-0917 |
|
|
|
2001-11-22 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension. |
|
76748 |
CVE-2001-0914 |
|
|
DoS |
2001-11-21 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading. |
|
76749 |
CVE-2001-0907 |
|
|
DoS |
2001-10-18 |
2018-09-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link. |
|
76750 |
CVE-2001-0906 |
|
|
+Priv |
2001-06-22 |
2017-10-09 |
6.2 |
Admin |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr. |
