| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
22451 |
CVE-2002-0055 |
|
|
DoS |
2002-03-08 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. |
|
22452 |
CVE-2002-0052 |
|
|
|
2002-03-08 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files. |
|
22453 |
CVE-2002-0047 |
|
|
DoS |
2002-01-31 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet. |
|
22454 |
CVE-2002-0046 |
|
|
|
2002-01-31 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet. |
|
22455 |
CVE-2002-0041 |
|
|
|
2002-04-22 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, when running with the -R option, allows local and remote attackers to cause a core dump. |
|
22456 |
CVE-2002-0039 |
|
|
DoS |
2002-03-28 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths. |
|
22457 |
CVE-2002-0038 |
|
|
DoS |
2002-01-31 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk. |
|
22458 |
CVE-2002-0036 |
|
|
DoS |
2003-02-19 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value. |
|
22459 |
CVE-2002-0025 |
|
|
|
2002-03-08 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document. |
|
22460 |
CVE-2002-0023 |
|
|
Bypass |
2002-03-08 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks. |
|
22461 |
CVE-2002-0021 |
|
|
DoS |
2002-03-08 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement. |
|
22462 |
CVE-2002-0011 |
|
|
+Info |
2002-01-31 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. |
|
22463 |
CVE-2002-0009 |
|
|
|
2002-01-31 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. |
|
22464 |
CVE-2001-1587 |
119 |
|
DoS Overflow |
2010-04-05 |
2010-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command. |
|
22465 |
CVE-2001-1580 |
|
|
Dir. Trav. |
2001-12-31 |
2017-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string. |
|
22466 |
CVE-2001-1579 |
|
|
DoS |
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service. |
|
22467 |
CVE-2001-1575 |
|
|
DoS Overflow |
2001-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow. |
|
22468 |
CVE-2001-1571 |
|
|
|
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing. |
|
22469 |
CVE-2001-1567 |
|
|
Bypass |
2001-12-31 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino. |
|
22470 |
CVE-2001-1558 |
|
|
DoS |
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 allows attackers to cause a denial of service (crash). |
|
22471 |
CVE-2001-1556 |
|
|
|
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep. |
|
22472 |
CVE-2001-1554 |
|
|
DoS |
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets. |
|
22473 |
CVE-2001-1552 |
|
|
DoS |
2001-12-31 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced. |
|
22474 |
CVE-2001-1545 |
|
|
|
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing. |
|
22475 |
CVE-2001-1544 |
|
|
Dir. Trav. |
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request. |
|
22476 |
CVE-2001-1540 |
|
|
DoS |
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a denial of service via fragmented IP packets that split the TCP header. |
|
22477 |
CVE-2001-1539 |
119 |
|
DoS Overflow |
2001-12-31 |
2010-01-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the vendor could not reproduce the problem. |
|
22478 |
CVE-2001-1537 |
|
|
+Priv +Info |
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges. |
|
22479 |
CVE-2001-1536 |
|
|
XSS +Info |
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack. |
|
22480 |
CVE-2001-1533 |
|
|
DoS |
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE. |
|
22481 |
CVE-2001-1532 |
|
|
|
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebX stores authentication information in the HTTP_REFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions. |
|
22482 |
CVE-2001-1528 |
|
|
|
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack. |
|
22483 |
CVE-2001-1525 |
|
|
Dir. Trav. |
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter. |
|
22484 |
CVE-2001-1515 |
|
|
|
2001-12-31 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. |
|
22485 |
CVE-2001-1511 |
|
|
|
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570". |
|
22486 |
CVE-2001-1510 |
|
|
|
2001-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL. |
|
22487 |
CVE-2001-1505 |
|
|
|
2001-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets. |
|
22488 |
CVE-2001-1501 |
|
|
DoS |
2001-12-31 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument. |
|
22489 |
CVE-2001-1499 |
|
|
|
2001-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks. |
|
22490 |
CVE-2001-1491 |
|
|
DoS |
2001-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. |
|
22491 |
CVE-2001-1490 |
|
|
DoS |
2001-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. |
|
22492 |
CVE-2001-1489 |
|
|
DoS |
2001-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images. |
|
22493 |
CVE-2001-1488 |
|
|
|
2001-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet. NOTE: a followup post suggests that this is not an issue in the daemon. |
|
22494 |
CVE-2001-1483 |
|
|
|
2001-12-31 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist. |
|
22495 |
CVE-2001-1474 |
|
|
|
2001-01-18 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache. |
|
22496 |
CVE-2001-1470 |
|
|
|
2001-01-18 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message. |
|
22497 |
CVE-2001-1469 |
|
|
|
2001-01-18 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check (CRC) with the CRC of a mask consisting of all the bits of the original message that were modified. |
|
22498 |
CVE-2001-1458 |
|
|
Dir. Trav. |
2001-10-15 |
2017-07-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character. |
|
22499 |
CVE-2001-1452 |
|
|
|
2001-08-31 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. |
|
22500 |
CVE-2001-1451 |
|
|
DoS |
2002-10-22 |
2019-04-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests. |
