# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
109051 |
CVE-2001-1012 |
|
|
+Priv |
2001-09-05 |
2017-12-18 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/. |
109052 |
CVE-2001-1011 |
|
|
+Priv |
2001-07-25 |
2017-10-09 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters. |
109053 |
CVE-2001-1010 |
|
|
Dir. Trav. |
2001-07-22 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter. |
109054 |
CVE-2001-1009 |
264 |
|
+Priv |
2001-08-31 |
2011-02-16 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request. |
109055 |
CVE-2001-1008 |
|
|
|
2001-08-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate. |
109056 |
CVE-2001-1007 |
|
|
|
2001-08-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack. |
109057 |
CVE-2001-1006 |
|
|
|
2001-08-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application. |
109058 |
CVE-2001-1005 |
|
|
+Priv |
2001-08-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges. |
109059 |
CVE-2001-1004 |
|
|
XSS |
2001-08-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags. |
109060 |
CVE-2001-1003 |
|
|
+Priv |
2001-08-31 |
2016-10-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges. |
109061 |
CVE-2001-1002 |
|
|
Exec Code +Priv |
2001-08-31 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands. |
109062 |
CVE-2001-0999 |
|
|
|
2001-09-12 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script. |
109063 |
CVE-2001-0998 |
|
|
DoS |
2001-09-24 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd. |
109064 |
CVE-2001-0997 |
|
|
Exec Code |
2001-09-11 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter. |
109065 |
CVE-2001-0996 |
|
|
|
2001-09-02 |
2017-12-18 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly. |
109066 |
CVE-2001-0995 |
|
|
|
2001-08-31 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs. |
109067 |
CVE-2001-0994 |
|
|
DoS |
2001-09-04 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents others from logging into the device. |
109068 |
CVE-2001-0992 |
|
|
Exec Code |
2001-09-05 |
2017-12-18 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter. |
109069 |
CVE-2001-0991 |
|
|
XSS |
2001-07-24 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message. |
109070 |
CVE-2001-0990 |
|
|
+Info |
2001-09-04 |
2017-12-18 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library. |
109071 |
CVE-2001-0989 |
|
|
Overflow +Priv |
2001-07-23 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign. |
109072 |
CVE-2001-0988 |
|
|
+Info |
2001-07-23 |
2017-12-18 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information. |
109073 |
CVE-2001-0987 |
|
|
XSS |
2001-07-22 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap. |
109074 |
CVE-2001-0986 |
|
|
+Info |
2001-09-14 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo. |
109075 |
CVE-2001-0985 |
|
|
Exec Code |
2001-09-08 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter. |
109076 |
CVE-2001-0984 |
|
|
|
2001-09-13 |
2017-12-19 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize and prompt on restore" options enabled, which could allow an attacker with access to the memory (e.g. an administrator) to read the passwords. |
109077 |
CVE-2001-0983 |
|
|
+Priv |
2001-08-31 |
2016-10-17 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges. |
109078 |
CVE-2001-0982 |
|
|
Dir. Trav. |
2001-07-23 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings. |
109079 |
CVE-2001-0981 |
|
|
|
2001-08-31 |
2017-10-09 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user. |
109080 |
CVE-2001-0980 |
|
|
Exec Code |
2001-07-17 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page. |
109081 |
CVE-2001-0979 |
|
|
Overflow +Priv |
2001-09-03 |
2017-12-18 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument. |
109082 |
CVE-2001-0978 |
|
|
|
2001-09-03 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program. |
109083 |
CVE-2001-0977 |
|
|
DoS |
2001-07-16 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. |
109084 |
CVE-2001-0976 |
|
|
+Priv |
2001-08-31 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables. |
109085 |
CVE-2001-0975 |
|
|
Exec Code Overflow |
2001-07-16 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. |
109086 |
CVE-2001-0974 |
|
|
Exec Code |
2001-07-17 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. |
109087 |
CVE-2001-0973 |
|
|
|
2001-08-31 |
2008-09-05 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space. |
109088 |
CVE-2001-0972 |
|
|
+Priv |
2001-08-31 |
2017-07-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888." |
109089 |
CVE-2001-0971 |
|
|
Dir. Trav. |
2001-08-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. |
109090 |
CVE-2001-0970 |
|
|
XSS |
2001-08-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script. |
109091 |
CVE-2001-0969 |
|
|
|
2001-08-31 |
2017-10-09 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts. |
109092 |
CVE-2001-0968 |
|
|
+Priv |
2001-08-31 |
2008-09-05 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges. |
109093 |
CVE-2001-0967 |
|
|
|
2001-08-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing. |
109094 |
CVE-2001-0966 |
|
|
Dir. Trav. |
2001-08-31 |
2008-09-05 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command. |
109095 |
CVE-2001-0965 |
|
|
DoS |
2001-08-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters. |
109096 |
CVE-2001-0964 |
|
|
Exec Code Overflow |
2001-09-20 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command. |
109097 |
CVE-2001-0963 |
|
|
Dir. Trav. |
2001-09-20 |
2017-10-09 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... (modified dot dot) in the CD (CWD) command. |
109098 |
CVE-2001-0962 |
|
|
+Priv |
2001-09-19 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. |
109099 |
CVE-2001-0961 |
|
|
Exec Code Overflow |
2001-09-18 |
2017-10-09 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most. |
109100 |
CVE-2001-0960 |
|
|
+Priv |
2001-09-15 |
2017-10-09 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges. |