| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
23451 |
CVE-2001-1561 |
|
|
Exec Code Overflow |
2001-12-31 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments. |
|
23452 |
CVE-2001-1557 |
|
|
Overflow +Priv |
2001-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges. |
|
23453 |
CVE-2001-1547 |
|
|
Exec Code |
2001-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code. |
|
23454 |
CVE-2001-1543 |
|
|
|
2001-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera. |
|
23455 |
CVE-2001-1542 |
|
|
Exec Code Bypass |
2001-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments. |
|
23456 |
CVE-2001-1541 |
|
|
Exec Code Overflow |
2001-12-31 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument. |
|
23457 |
CVE-2001-1538 |
|
|
|
2001-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access. |
|
23458 |
CVE-2001-1531 |
|
|
DoS Exec Code Overflow |
2001-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an email attachment with a long filename. |
|
23459 |
CVE-2001-1529 |
|
|
Overflow |
2001-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779. |
|
23460 |
CVE-2001-1513 |
|
|
|
2001-12-31 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx. |
|
23461 |
CVE-2001-1507 |
|
|
|
2001-12-31 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged. |
|
23462 |
CVE-2001-1504 |
|
|
Exec Code |
2001-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message. |
|
23463 |
CVE-2001-1502 |
|
|
Exec Code |
2001-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the NEXTPAGE parameter. |
|
23464 |
CVE-2001-1500 |
|
|
Bypass |
2001-12-31 |
2017-12-18 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged. |
|
23465 |
CVE-2001-1498 |
|
|
Exec Code Overflow |
2001-12-31 |
2017-12-18 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary commands via a long script. |
|
23466 |
CVE-2001-1496 |
|
|
DoS Exec Code Overflow |
2001-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
|
23467 |
CVE-2001-1495 |
|
|
Exec Code |
2001-12-31 |
2017-07-18 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
network_query.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter. |
|
23468 |
CVE-2001-1484 |
|
|
|
2001-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication. |
|
23469 |
CVE-2001-1482 |
|
|
Sql |
2001-12-31 |
2017-12-18 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable. |
|
23470 |
CVE-2001-1480 |
|
|
|
2001-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard. |
|
23471 |
CVE-2001-1478 |
|
|
Exec Code Overflow |
2001-12-31 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0.0 allows local users to execute arbitrary code. |
|
23472 |
CVE-2001-1476 |
|
|
|
2001-01-18 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not. |
|
23473 |
CVE-2001-1475 |
|
|
|
2001-01-18 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated. |
|
23474 |
CVE-2001-1473 |
310 |
|
|
2001-01-18 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target. |
|
23475 |
CVE-2001-1468 |
|
|
Exec Code File Inclusion |
2001-02-07 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code. |
|
23476 |
CVE-2001-1467 |
|
|
|
2001-04-11 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks. |
|
23477 |
CVE-2001-1466 |
|
|
Exec Code Overflow |
2001-12-30 |
2017-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password. |
|
23478 |
CVE-2001-1464 |
|
|
|
2001-01-10 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords. |
|
23479 |
CVE-2001-1463 |
310 |
|
|
2001-11-19 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords. |
|
23480 |
CVE-2001-1462 |
|
|
+Info |
2001-10-24 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information. |
|
23481 |
CVE-2001-1461 |
|
|
Dir. Trav. |
2001-10-22 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences. |
|
23482 |
CVE-2001-1460 |
|
|
Sql Bypass |
2001-10-13 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter. |
|
23483 |
CVE-2001-1459 |
|
|
Exec Code Bypass |
2001-06-19 |
2017-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d. |
|
23484 |
CVE-2001-1457 |
|
|
Exec Code Overflow |
2002-01-30 |
2017-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable. |
|
23485 |
CVE-2001-1456 |
119 |
|
Exec Code Overflow |
2001-09-04 |
2017-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message. |
|
23486 |
CVE-2001-1455 |
|
|
Bypass |
2001-08-24 |
2017-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters. |
|
23487 |
CVE-2001-1454 |
|
|
Exec Code Overflow |
2001-02-09 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request. |
|
23488 |
CVE-2001-1453 |
|
|
Exec Code Overflow |
2001-02-09 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter. |
|
23489 |
CVE-2001-1449 |
|
|
|
2001-11-28 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. |
|
23490 |
CVE-2001-1447 |
|
|
+Priv |
2001-10-17 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges. |
|
23491 |
CVE-2001-1446 |
|
|
|
2001-09-11 |
2017-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories. |
|
23492 |
CVE-2001-1445 |
|
|
Bypass |
2001-03-01 |
2017-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in "RCPT TO" commands. |
|
23493 |
CVE-2001-1444 |
|
|
|
2001-08-27 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack. |
|
23494 |
CVE-2001-1437 |
|
|
|
2001-12-01 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out. |
|
23495 |
CVE-2001-1433 |
|
|
+Priv |
2001-12-29 |
2017-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities. |
|
23496 |
CVE-2001-1432 |
22 |
|
Dir. Trav. |
2001-12-29 |
2017-07-10 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
|
23497 |
CVE-2001-1430 |
|
|
|
2001-06-11 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access. |
|
23498 |
CVE-2001-1428 |
|
|
|
2001-05-24 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The (1) FTP and (2) Telnet services in Beck GmbH [email protected] are shipped with a default password, which allows remote attackers to gain unauthorized access. |
|
23499 |
CVE-2001-1427 |
|
|
|
2001-07-11 |
2017-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors. |
|
23500 |
CVE-2001-1426 |
|
|
|
2001-04-10 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations. |
