CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14601 CVE-2001-1291 2001-07-12 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
14602 CVE-2001-1264 2001-07-19 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
14603 CVE-2001-1260 +Priv 2001-08-07 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
14604 CVE-2001-1252 Bypass 2001-09-28 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
14605 CVE-2001-1240 2001-07-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
14606 CVE-2001-1223 +Priv 2001-12-26 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.
14607 CVE-2001-1220 +Priv 2001-12-21 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.
14608 CVE-2001-1196 +Priv Dir. Trav. 2001-12-17 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
14609 CVE-2001-1163 Exec Code Overflow 2001-06-16 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500.
14610 CVE-2001-1162 Dir. Trav. 2001-06-23 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
14611 CVE-2001-1113 Exec Code Overflow 2001-08-13 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command.
14612 CVE-2001-1080 +Priv 2001-06-19 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program.
14613 CVE-2001-1078 Exec Code +Priv 2001-06-21 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
14614 CVE-2001-1067 DoS Exec Code Overflow 2001-08-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.
14615 CVE-2001-1061 2001-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error.
14616 CVE-2001-1053 +Priv Bypass 2001-07-13 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
14617 CVE-2001-1046 Overflow +Priv 2001-06-02 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.
14618 CVE-2001-1027 Exec Code Overflow 2001-08-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.
14619 CVE-2001-1025 2001-08-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
14620 CVE-2001-1011 +Priv 2001-07-25 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
14621 CVE-2001-1009 264 +Priv 2001-08-31 2011-02-16
10.0
Admin Remote Low Not required Complete Complete Complete
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
14622 CVE-2001-0981 2001-08-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
14623 CVE-2001-0972 +Priv 2001-08-31 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."
14624 CVE-2001-0969 2001-08-31 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.
14625 CVE-2001-0968 +Priv 2001-08-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges.
14626 CVE-2001-0966 Dir. Trav. 2001-08-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command.
14627 CVE-2001-0961 Exec Code Overflow 2001-09-18 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most.
14628 CVE-2001-0960 +Priv 2001-09-15 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.
14629 CVE-2001-0953 +Priv 2001-12-08 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root.
14630 CVE-2001-0850 Overflow 2001-12-06 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow.
14631 CVE-2001-0846 Exec Code 2001-12-06 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
14632 CVE-2001-0840 Exec Code Overflow 2001-12-06 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.
14633 CVE-2001-0825 Exec Code Overflow 2001-12-06 2018-05-02
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.
14634 CVE-2001-0817 +Priv 2001-12-06 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.
14635 CVE-2001-0808 Exec Code 2001-12-06 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.
14636 CVE-2001-0803 119 Exec Code Overflow 2001-12-06 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
14637 CVE-2001-0800 Exec Code 2001-12-06 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
14638 CVE-2001-0799 Exec Code Overflow 2001-12-06 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument.
14639 CVE-2001-0797 Exec Code Overflow 2001-12-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
14640 CVE-2001-0789 DoS Exec Code 2001-10-18 2018-11-28
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 for Sendmail allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed mail message.
14641 CVE-2001-0779 Overflow 2001-10-18 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
14642 CVE-2001-0746 DoS Exec Code Overflow 2001-10-18 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.
14643 CVE-2001-0717 Exec Code 2001-10-30 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function.
14644 CVE-2001-0679 Exec Code Overflow 1999-11-08 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote attacker to execute arbitrary code by sending a long HELO command to the server.
14645 CVE-2001-0671 Overflow +Priv 2001-12-06 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges.
14646 CVE-2001-0629 119 Overflow +Priv 2001-08-14 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.
14647 CVE-2001-0609 +Priv 2001-08-02 2017-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
14648 CVE-2001-0555 2001-08-14 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
14649 CVE-2001-0554 Exec Code Overflow 2001-08-14 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
14650 CVE-2001-0552 Exec Code 2001-09-20 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.