CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
20701 CVE-2001-0469 DoS 2001-06-27 2017-10-09
5.0
None Remote Low Not required None None Partial
rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.
20702 CVE-2001-0467 Dir. Trav. 2001-06-27 2017-10-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request.
20703 CVE-2001-0466 Dir. Trav. 2001-06-18 2016-10-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ustorekeeper 1.61 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
20704 CVE-2001-0463 Dir. Trav. 2001-06-27 2017-10-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter.
20705 CVE-2001-0462 Dir. Trav. 2001-06-27 2017-10-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
20706 CVE-2001-0460 DoS 2001-06-27 2017-12-18
5.0
None Remote Low Not required None None Partial
Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header.
20707 CVE-2001-0457 DoS 2001-06-27 2017-10-09
5.0
None Remote Low Not required None None Partial
man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).
20708 CVE-2001-0454 Dir. Trav. 2001-06-27 2017-12-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in SlimServe HTTPd 1.1a allows remote attackers to read arbitrary files via a ... (modified dot dot) in the HTTP request.
20709 CVE-2001-0453 Dir. Trav. 2001-06-27 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories.
20710 CVE-2001-0452 2001-06-27 2008-09-05
5.0
None Remote Low Not required Partial None None
BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.
20711 CVE-2001-0448 DoS 2001-06-18 2008-09-05
5.0
None Remote Low Not required None None Partial
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories with legacy DOS device names.
20712 CVE-2001-0446 2001-06-18 2016-10-17
5.0
None Remote Low Not required Partial None None
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
20713 CVE-2001-0437 2001-07-02 2017-12-18
5.0
None Remote Low Not required None Partial None
upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.
20714 CVE-2001-0429 DoS 2001-07-02 2017-10-09
5.0
None Remote Low Not required None None Partial
Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.
20715 CVE-2001-0428 DoS 2001-07-02 2018-10-30
5.0
None Remote Low Not required None None Partial
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option.
20716 CVE-2001-0420 Dir. Trav. 2001-06-18 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter.
20717 CVE-2001-0418 2001-07-02 2008-09-05
5.0
None Remote Low Not required Partial None None
content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter.
20718 CVE-2001-0413 DoS 2001-06-18 2017-10-09
5.0
None Remote Low Not required None None Partial
BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang.
20719 CVE-2001-0411 DoS 2001-06-18 2016-10-17
5.0
None Remote Low Not required None None Partial
Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet.
20720 CVE-2001-0408 Exec Code 2001-06-18 2017-10-09
5.1
User Remote High Not required Partial Partial Partial
vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.
20721 CVE-2001-0404 Dir. Trav. 2001-06-18 2016-10-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory.
20722 CVE-2001-0399 2001-06-18 2016-10-17
5.0
None Remote Low Not required Partial None None
Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request.
20723 CVE-2001-0396 +Info 2001-07-02 2008-09-05
5.0
None Remote Low Not required Partial None None
The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users.
20724 CVE-2001-0394 DoS 2001-08-22 2017-10-09
5.0
None Remote Low Not required None None Partial
Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.
20725 CVE-2001-0393 DoS 2001-06-18 2016-10-17
5.0
None Remote Low Not required None None Partial
Navision Financials Server 2.0 allows remote attackers to cause a denial of service via a series of connections to the server without providing a username/password combination, which consumes the license limits.
20726 CVE-2001-0392 DoS 2001-06-18 2016-10-17
5.0
None Remote Low Not required None None Partial
Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash.
20727 CVE-2001-0391 2001-07-02 2008-09-10
5.0
None Remote Low Not required None None Partial
Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.
20728 CVE-2001-0390 DoS 2001-07-02 2008-09-05
5.0
None Remote Low Not required None None Partial
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters.
20729 CVE-2001-0389 2001-07-02 2008-09-05
5.0
None Remote Low Not required Partial None None
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.
20730 CVE-2001-0386 DoS 2001-07-02 2017-10-09
5.0
None Remote Low Not required None None Partial
AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.
20731 CVE-2001-0385 DoS 2001-07-02 2017-12-19
5.0
None Remote Low Not required None None Partial
GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.
20732 CVE-2001-0383 2001-06-18 2017-10-09
5.0
None Remote Low Not required None Partial None
banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.
20733 CVE-2001-0377 DoS 2001-06-18 2017-10-09
5.0
None Remote Low Not required None None Partial
Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string.
20734 CVE-2001-0375 DoS 2001-06-18 2017-10-09
5.0
None Remote Low Not required None None Partial
Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests.
20735 CVE-2001-0368 Dir. Trav. 2001-06-27 2017-10-09
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in BearShare 2.2.2 and earlier allows a remote attacker to read certain files via a URL containing a series of . characters, a variation of the .. (dot dot) attack.
20736 CVE-2001-0367 DoS 2001-06-27 2016-10-17
5.0
None Remote Low Not required None None Partial
Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters.
20737 CVE-2001-0364 DoS 2001-06-27 2017-10-09
5.0
None Remote Low Not required None None Partial
SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections.
20738 CVE-2001-0360 Dir. Trav. 2001-06-27 2017-12-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and earlier allows a remote attacker to read arbitrary files via a .. (dot dot) attack in the helpon parameter.
20739 CVE-2001-0355 2001-06-27 2016-10-17
5.0
None Remote Low Not required Partial None None
Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies.
20740 CVE-2001-0354 DoS 2001-07-02 2008-09-05
5.0
None Remote Low Not required None None Partial
TheNet CheckBO 1.56 allows remote attackers to cause a denial of service via a flood of characters to the TCP ports which it is listening on.
20741 CVE-2001-0352 2001-07-21 2008-09-10
5.0
None Remote Low Not required Partial None None
SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point allow remote attackers to obtain the WEP encryption key by reading it from a MIB when the value should be write-only, via (1) dot11WEPDefaultKeyValue in the dot11WEPDefaultKeysTable of the IEEE 802.11b MIB, or (2) ap128bWepKeyValue in the ap128bWEPKeyTable in the Symbol MIB.
20742 CVE-2001-0348 DoS 2001-07-21 2018-10-12
5.0
None Remote Low Not required None None Partial
Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
20743 CVE-2001-0346 DoS 2001-07-21 2018-10-12
5.0
None Remote Low Not required None None Partial
Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
20744 CVE-2001-0345 DoS 2001-07-21 2018-10-12
5.0
None Remote Low Not required None None Partial
Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
20745 CVE-2001-0338 2001-06-27 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."
20746 CVE-2001-0337 DoS 2001-06-27 2018-10-12
5.0
None Remote Low Not required None None Partial
The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.
20747 CVE-2001-0336 DoS 2001-06-27 2018-10-12
5.0
None Remote Low Not required None None Partial
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.
20748 CVE-2001-0335 2001-06-27 2018-10-12
5.0
None Remote Low Not required Partial None None
FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.
20749 CVE-2001-0334 DoS 2001-06-27 2018-10-12
5.0
None Remote Low Not required None None Partial
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
20750 CVE-2001-0332 2001-06-27 2018-10-12
5.0
None Remote Low Not required Partial None None
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability.
Total number of vulnerabilities : 21598   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 (This Page)416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.