CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10601 CVE-2001-1520 2001-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN.
10602 CVE-2001-1519 2001-12-31 2008-09-05
3.6
None Local Low Not required Partial Partial None
** DISPUTED ** RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it.
10603 CVE-2001-1518 DoS 2001-12-31 2019-04-30
2.1
None Local Low Not required None None Partial
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.
10604 CVE-2001-1517 +Info 2001-12-31 2019-04-30
2.1
None Local Low Not required Partial None None
** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information.
10605 CVE-2001-1503 2001-12-31 2018-10-30
2.1
None Local Low Not required Partial None None
The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.
10606 CVE-2001-1497 2001-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
10607 CVE-2001-1494 Exec Code 2001-12-31 2017-10-10
2.1
None Local Low Not required None Partial None
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
10608 CVE-2001-1479 2001-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT.
10609 CVE-2001-1450 DoS 2001-05-11 2017-07-10
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".
10610 CVE-2001-1439 DoS Overflow 2001-02-16 2017-07-10
2.1
None Local Low Not required None None Partial
Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit.
10611 CVE-2001-1412 2003-11-17 2016-10-17
2.1
None Local Low Not required Partial None None
nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument.
10612 CVE-2001-1409 2003-07-24 2010-05-25
3.6
None Local Low Not required Partial Partial None
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
10613 CVE-2001-1406 2001-09-10 2016-10-17
2.1
None Local Low Not required Partial None None
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
10614 CVE-2001-1405 DoS 2001-09-10 2016-10-17
2.1
None Local Low Not required None None Partial
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
10615 CVE-2001-1400 DoS 2001-04-17 2016-12-07
2.1
None Local Low Not required None None Partial
Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).
10616 CVE-2001-1399 2001-04-17 2016-12-07
2.1
None Local Low Not required None Partial None
Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."
10617 CVE-2001-1397 2001-04-17 2016-12-07
2.1
None Local Low Not required None Partial None
The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.
10618 CVE-2001-1396 2001-04-17 2016-12-07
3.6
None Local Low Not required Partial Partial None
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.
10619 CVE-2001-1395 2001-04-17 2016-12-07
3.6
None Local Low Not required Partial Partial None
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.
10620 CVE-2001-1394 DoS 2001-04-17 2016-12-07
2.1
None Local Low Not required None None Partial
Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.
10621 CVE-2001-1393 DoS 2001-04-17 2016-12-07
2.1
None Local Low Not required None None Partial
Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).
10622 CVE-2001-1392 2001-04-17 2016-12-07
2.1
None Local Low Not required None None Partial
The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.
10623 CVE-2001-1391 2001-04-17 2017-10-09
2.1
None Local Low Not required None Partial None
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.
10624 CVE-2001-1387 +Info 2001-11-05 2008-09-05
2.1
None Local Low Not required Partial None None
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.
10625 CVE-2001-1378 59 2001-09-06 2011-02-16
2.1
None Local Low Not required None Partial None
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
10626 CVE-2001-1353 2001-09-18 2016-10-17
2.6
None Local High Not required Partial Partial None
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.
10627 CVE-2001-1349 DoS +Priv 2001-05-28 2008-09-05
3.7
User Local High Not required Partial Partial Partial
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.
10628 CVE-2001-1346 2001-05-18 2008-09-10
1.2
None Local High Not required None Partial None
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
10629 CVE-2001-1333 2001-05-10 2008-09-05
1.2
None Local High Not required None Partial None
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
10630 CVE-2001-1331 2001-05-03 2008-09-10
1.2
None Local High Not required None Partial None
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
10631 CVE-2001-1322 2001-07-10 2008-09-10
3.6
None Local Low Not required Partial Partial None
xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.
10632 CVE-2001-1302 2001-07-18 2019-04-30
2.1
None Local Low Not required None Partial None
The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.
10633 CVE-2001-1301 2001-08-07 2008-09-05
1.2
None Local High Not required None Partial None
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
10634 CVE-2001-1288 DoS 2001-07-27 2019-04-30
2.1
None Local Low Not required None None Partial
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
10635 CVE-2001-1277 2001-06-11 2016-10-17
2.1
None Local Low Not required None Partial None
makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.
10636 CVE-2001-1276 2001-06-21 2016-10-17
1.2
None Local High Not required None Partial None
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.
10637 CVE-2001-1273 DoS 2001-02-12 2008-09-05
2.1
None Local Low Not required None None Partial
The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).
10638 CVE-2001-1271 Dir. Trav. 2001-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.
10639 CVE-2001-1270 Dir. Trav. 2001-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files.
10640 CVE-2001-1269 2001-07-12 2010-05-25
2.1
None Local Low Not required None Partial None
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
10641 CVE-2001-1268 Dir. Trav. 2001-07-12 2010-05-25
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
10642 CVE-2001-1267 Dir. Trav. 2001-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
10643 CVE-2001-1258 2001-07-21 2008-09-05
3.6
None Local Low Not required Partial Partial None
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
10644 CVE-2001-1256 2001-06-11 2017-12-18
1.2
None Local High Not required None Partial None
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
10645 CVE-2001-1225 DoS 2001-12-26 2008-09-05
2.1
None Local Low Not required None None Partial
Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.
10646 CVE-2001-1218 DoS 2001-12-20 2008-09-10
2.1
None Local Low Not required None None Partial
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
10647 CVE-2001-1146 2001-07-11 2017-10-09
1.2
None Local High Not required None Partial None
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.
10648 CVE-2001-1136 DoS 2001-09-13 2017-12-18
2.1
None Local Low Not required None None Partial
The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.
10649 CVE-2001-1133 DoS 2001-08-21 2008-09-05
2.1
None Local Low Not required None None Partial
Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions.
10650 CVE-2001-1122 DoS 2001-08-03 2017-12-18
2.1
None Local Low Not required None None Partial
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.