| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
26151 |
CVE-2001-0872 |
|
|
+Priv |
2001-12-21 |
2018-05-02 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. |
|
26152 |
CVE-2001-0871 |
|
|
Exec Code Dir. Trav. |
2001-12-21 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10. |
|
26153 |
CVE-2001-0869 |
|
|
Exec Code |
2001-12-21 |
2018-05-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands. |
|
26154 |
CVE-2001-0867 |
|
|
Bypass |
2001-12-06 |
2017-10-09 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls. |
|
26155 |
CVE-2001-0866 |
|
|
Bypass |
2001-12-06 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls. |
|
26156 |
CVE-2001-0865 |
|
|
|
2001-12-06 |
2017-10-09 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access. |
|
26157 |
CVE-2001-0864 |
|
|
Bypass |
2001-12-06 |
2017-10-09 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions. |
|
26158 |
CVE-2001-0862 |
|
|
Bypass |
2001-12-06 |
2017-10-09 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL. |
|
26159 |
CVE-2001-0860 |
|
|
|
2001-12-06 |
2017-10-09 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT). |
|
26160 |
CVE-2001-0857 |
|
|
XSS |
2001-12-06 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter. |
|
26161 |
CVE-2001-0855 |
|
|
Overflow +Priv |
2001-12-06 |
2016-10-17 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable. |
|
26162 |
CVE-2001-0849 |
|
|
Exec Code |
2001-12-06 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget. |
|
26163 |
CVE-2001-0847 |
|
|
|
2001-12-06 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID. |
|
26164 |
CVE-2001-0844 |
|
|
Exec Code |
2001-12-06 |
2016-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter. |
|
26165 |
CVE-2001-0842 |
|
|
+Priv Dir. Trav. |
2001-12-06 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie. |
|
26166 |
CVE-2001-0841 |
|
|
+Priv Dir. Trav. |
2001-12-06 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie. |
|
26167 |
CVE-2001-0839 |
|
|
|
2001-12-06 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing. |
|
26168 |
CVE-2001-0838 |
|
|
Exec Code |
2001-12-06 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command. |
|
26169 |
CVE-2001-0836 |
|
|
Exec Code Overflow |
2001-12-06 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. |
|
26170 |
CVE-2001-0835 |
|
|
XSS |
2001-12-06 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup. |
|
26171 |
CVE-2001-0833 |
|
|
Exec Code Overflow |
2001-12-06 |
2018-05-02 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability." |
|
26172 |
CVE-2001-0826 |
|
|
Exec Code Overflow |
2001-12-06 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS, (4) PORT, (5) DELE, (6) REST, (7) RMD, or (8) MKD. |
|
26173 |
CVE-2001-0824 |
|
|
XSS |
2001-12-06 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. |
|
26174 |
CVE-2001-0823 |
|
|
+Priv |
2001-12-06 |
2017-10-09 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR). |
|
26175 |
CVE-2001-0820 |
|
|
Exec Code Overflow |
2001-12-06 |
2017-12-18 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c. |
|
26176 |
CVE-2001-0819 |
119 |
|
Exec Code Overflow |
2001-12-06 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header. |
|
26177 |
CVE-2001-0818 |
|
|
Exec Code Overflow |
2001-12-06 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data. |
|
26178 |
CVE-2001-0816 |
|
|
Bypass |
2001-12-06 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands. |
|
26179 |
CVE-2001-0815 |
|
|
Exec Code Overflow |
2001-12-06 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension. |
|
26180 |
CVE-2001-0801 |
|
|
+Priv |
2001-12-06 |
2017-10-09 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library. |
|
26181 |
CVE-2001-0792 |
|
|
Exec Code |
2001-10-18 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname. |
|
26182 |
CVE-2001-0782 |
|
|
+Priv |
2001-10-18 |
2017-12-18 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file. |
|
26183 |
CVE-2001-0781 |
284 |
|
Exec Code Overflow |
2001-05-30 |
2017-12-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST. |
|
26184 |
CVE-2001-0775 |
119 |
|
Exec Code Overflow |
2001-10-18 |
2016-05-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field. |
|
26185 |
CVE-2001-0771 |
264 |
|
|
2001-10-18 |
2018-11-29 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator access via a single character in the "loginpass" field. |
|
26186 |
CVE-2001-0770 |
|
|
Exec Code Overflow |
2001-10-18 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command. |
|
26187 |
CVE-2001-0766 |
|
|
Bypass |
2001-10-18 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters. |
|
26188 |
CVE-2001-0764 |
|
|
Exec Code Overflow |
2001-10-18 |
2017-10-09 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument. |
|
26189 |
CVE-2001-0763 |
|
|
Exec Code Overflow |
2001-10-18 |
2018-05-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function. |
|
26190 |
CVE-2001-0761 |
|
|
Exec Code Overflow |
2001-10-18 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1.2 allows remote attackers to execute arbitrary code via a long value to a certain parameter. |
|
26191 |
CVE-2001-0759 |
|
|
Exec Code Overflow |
2001-10-18 |
2008-09-05 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount. |
|
26192 |
CVE-2001-0758 |
|
|
Dir. Trav. |
2001-10-18 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in Shambala 4.5 allows remote attackers to escape the FTP root directory via "CWD ..." command. |
|
26193 |
CVE-2001-0757 |
|
|
|
2001-10-18 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet. |
|
26194 |
CVE-2001-0756 |
|
|
Exec Code |
2001-10-18 |
2016-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualCart) allows remote attackers to execute arbitrary code via the template parameter. |
|
26195 |
CVE-2001-0755 |
|
|
DoS Exec Code Overflow |
2001-10-18 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command. |
|
26196 |
CVE-2001-0753 |
|
|
+Priv |
2001-10-18 |
2017-07-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. |
|
26197 |
CVE-2001-0751 |
|
|
|
2001-10-18 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections. |
|
26198 |
CVE-2001-0749 |
|
|
|
2001-05-24 |
2017-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Beck IPC GmbH [email protected] Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root. |
|
26199 |
CVE-2001-0747 |
|
|
DoS Exec Code Overflow |
2001-10-18 |
2017-08-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, service packs 3 through 7, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long method name in an HTTP request. |
|
26200 |
CVE-2001-0742 |
|
|
Overflow |
2001-10-18 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows remote attackers to run arbitrary code via a long HELO command. |
