# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
77101 |
CVE-2001-0232 |
|
|
|
2001-03-26 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via shell metacharacters. |
77102 |
CVE-2001-0231 |
|
|
Dir. Trav. |
2001-03-26 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via a .. in the "t" parameter. |
77103 |
CVE-2001-0230 |
|
|
Overflow +Priv |
2001-06-02 |
2017-10-09 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges. |
77104 |
CVE-2001-0228 |
|
|
Dir. Trav. |
2001-05-03 |
2017-12-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request. |
77105 |
CVE-2001-0227 |
|
|
DoS Exec Code Overflow |
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. |
77106 |
CVE-2001-0226 |
|
|
Dir. Trav. |
2001-05-03 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in BiblioWeb web server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) or ... attack in an HTTP GET request. |
77107 |
CVE-2001-0224 |
|
|
|
2001-06-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter. |
77108 |
CVE-2001-0222 |
|
|
|
2001-03-26 |
2017-10-09 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack. |
77109 |
CVE-2001-0219 |
|
|
DoS |
2001-03-26 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service. |
77110 |
CVE-2001-0217 |
|
|
Dir. Trav. |
2001-06-02 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in PALS Library System pals-cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the documentName parameter. |
77111 |
CVE-2001-0215 |
|
|
|
2001-06-02 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte. |
77112 |
CVE-2001-0214 |
|
|
|
2001-06-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte. |
77113 |
CVE-2001-0211 |
|
|
Dir. Trav. |
2001-06-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter. |
77114 |
CVE-2001-0210 |
|
|
Dir. Trav. |
2001-06-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter. |
77115 |
CVE-2001-0208 |
|
|
+Priv |
2001-06-02 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the mfaslmf directory and the nolicense file with insecure permissions, which allows local users to gain privileges by modifying files. |
77116 |
CVE-2001-0206 |
|
|
Dir. Trav. |
2001-06-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or ... into the requested pathname of an HTTP GET request. |
77117 |
CVE-2001-0205 |
|
|
Dir. Trav. |
2001-05-03 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "..." into the requested pathname, a modified .. (dot dot) attack. |
77118 |
CVE-2001-0204 |
|
|
DoS |
2001-06-02 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets. |
77119 |
CVE-2001-0202 |
|
|
|
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Picserver web server allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTP GET request. |
77120 |
CVE-2001-0200 |
|
|
|
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled. |
77121 |
CVE-2001-0199 |
|
|
Dir. Trav. |
2001-05-03 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request. |
77122 |
CVE-2001-0196 |
|
|
|
2001-05-03 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group. |
77123 |
CVE-2001-0195 |
|
|
+Priv |
2001-03-26 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking. |
77124 |
CVE-2001-0189 |
|
|
Dir. Trav. |
2001-03-26 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request. |
77125 |
CVE-2001-0188 |
|
|
DoS |
2001-03-26 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to cause a denial of service via a flood of connections to the server, which causes it to crash. |
77126 |
CVE-2001-0186 |
|
|
Dir. Trav. |
2001-05-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
77127 |
CVE-2001-0185 |
|
|
DoS |
2001-03-26 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash. |
77128 |
CVE-2001-0184 |
|
|
DoS |
2001-03-26 |
2017-12-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet. |
77129 |
CVE-2001-0182 |
|
|
DoS |
2001-03-26 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources. |
77130 |
CVE-2001-0179 |
|
|
|
2001-05-03 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." |
77131 |
CVE-2001-0178 |
|
|
+Priv |
2001-03-26 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges. |
77132 |
CVE-2001-0177 |
|
|
DoS |
2001-03-26 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a denial of service via a buddy relationship between the IRC server and a server clone. |
77133 |
CVE-2001-0175 |
|
|
DoS |
2001-03-26 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs. |
77134 |
CVE-2001-0170 |
|
|
|
2001-03-26 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files. |
77135 |
CVE-2001-0169 |
|
|
|
2001-03-26 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib. |
77136 |
CVE-2001-0163 |
|
|
|
2001-01-01 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. |
77137 |
CVE-2001-0161 |
|
|
|
2001-01-01 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks. |
77138 |
CVE-2001-0160 |
|
|
|
2001-01-01 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector (IV) values for the Wireless Encryption Protocol (WEP) which allows remote attackers to quickly compile information that will let them decrypt messages. |
77139 |
CVE-2001-0157 |
|
|
Bypass |
2001-06-02 |
2017-10-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled. |
77140 |
CVE-2001-0156 |
|
|
|
2001-06-02 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems. |
77141 |
CVE-2001-0152 |
|
|
|
2001-05-03 |
2018-10-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders. |
77142 |
CVE-2001-0151 |
|
|
DoS |
2001-06-02 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. |
77143 |
CVE-2001-0150 |
|
|
Exec Code |
2001-06-02 |
2018-10-12 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts. |
77144 |
CVE-2001-0149 |
|
|
|
2001-06-02 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. |
77145 |
CVE-2001-0146 |
|
|
DoS |
2001-06-02 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. |
77146 |
CVE-2001-0143 |
|
|
|
2001-03-12 |
2017-10-09 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack. |
77147 |
CVE-2001-0142 |
|
|
|
2001-03-12 |
2017-10-09 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
77148 |
CVE-2001-0141 |
|
|
|
2001-03-12 |
2017-10-09 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
77149 |
CVE-2001-0140 |
|
|
|
2001-03-12 |
2017-10-09 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |
77150 |
CVE-2001-0139 |
|
|
|
2001-03-12 |
2017-10-09 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. |