| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
27101 |
CVE-2002-0051 |
|
|
|
2002-04-04 |
2019-04-30 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access. |
|
27102 |
CVE-2002-0034 |
|
|
|
2004-02-03 |
2019-04-30 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected. |
|
27103 |
CVE-2002-0031 |
|
|
Exec Code Overflow |
2002-07-26 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend. |
|
27104 |
CVE-2002-0030 |
|
|
Exec Code |
2003-04-02 |
2008-09-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe. |
|
27105 |
CVE-2001-1576 |
|
|
Exec Code Overflow |
2001-12-31 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument. |
|
27106 |
CVE-2001-1555 |
|
|
|
2001-12-31 |
2018-10-30 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY. |
|
27107 |
CVE-2001-1553 |
|
|
Exec Code Overflow |
2001-12-31 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in setiathome for [email protected] 3.03, if installed setuid, could allow local users to execute arbitrary code via long command line options (1) socks_server, (2) socks_user, and (3) socks_passwd. NOTE: since the default configuration of setiathome is not setuid, perhaps this issue should not be included in CVE. |
|
27108 |
CVE-2001-1546 |
|
|
+Priv |
2001-12-31 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file. |
|
27109 |
CVE-2001-1535 |
|
|
|
2001-12-31 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack. |
|
27110 |
CVE-2001-1530 |
|
|
Exec Code |
2001-12-31 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands. |
|
27111 |
CVE-2001-1526 |
|
|
XSS |
2001-12-31 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter. |
|
27112 |
CVE-2001-1524 |
|
|
XSS |
2001-12-31 |
2008-09-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php. |
|
27113 |
CVE-2001-1523 |
|
|
XSS |
2001-12-31 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter. |
|
27114 |
CVE-2001-1522 |
|
|
XSS |
2001-12-31 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message. |
|
27115 |
CVE-2001-1516 |
|
|
XSS |
2001-12-31 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews. |
|
27116 |
CVE-2001-1509 |
|
|
+Priv |
2001-12-31 |
2017-10-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges. |
|
27117 |
CVE-2001-1508 |
|
|
Exec Code Overflow |
2001-12-31 |
2017-12-18 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument. |
|
27118 |
CVE-2001-1506 |
|
|
|
2001-12-31 |
2017-07-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files. |
|
27119 |
CVE-2001-1487 |
|
|
Exec Code |
2001-12-31 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option. |
|
27120 |
CVE-2001-1477 |
|
|
|
2001-12-31 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain. |
|
27121 |
CVE-2001-1472 |
|
|
Exec Code Sql |
2001-08-03 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter. |
|
27122 |
CVE-2001-1471 |
|
|
Exec Code |
2001-07-31 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement. |
|
27123 |
CVE-2001-1465 |
|
|
Bypass |
2002-02-26 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements. |
|
27124 |
CVE-2001-1448 |
|
|
Exec Code |
2001-12-17 |
2017-07-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts. |
|
27125 |
CVE-2001-1442 |
|
|
Overflow +Priv |
2001-04-21 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument. |
|
27126 |
CVE-2001-1436 |
|
|
|
2001-01-18 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device password. |
|
27127 |
CVE-2001-1429 |
|
|
DoS Exec Code Overflow |
2001-11-12 |
2017-07-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file. |
|
27128 |
CVE-2001-1415 |
|
|
|
2001-11-13 |
2017-07-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes. |
|
27129 |
CVE-2001-1375 |
|
|
Exec Code |
2001-07-19 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory. |
|
27130 |
CVE-2001-1354 |
|
|
|
2001-07-20 |
2017-12-18 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password. |
|
27131 |
CVE-2001-1347 |
|
|
DoS +Priv |
2001-05-24 |
2019-04-30 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes. |
|
27132 |
CVE-2001-1345 |
|
|
+Priv |
2001-06-05 |
2017-10-09 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a Trojan horse program. |
|
27133 |
CVE-2001-1327 |
|
|
+Priv |
2001-05-24 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake. |
|
27134 |
CVE-2001-1324 |
|
|
+Priv |
2001-06-26 |
2008-09-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges. |
|
27135 |
CVE-2001-1272 |
|
|
Exec Code |
2001-12-06 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option. |
|
27136 |
CVE-2001-1255 |
|
|
|
2001-10-02 |
2019-10-07 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database. |
|
27137 |
CVE-2001-1253 |
|
|
|
2001-09-27 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users. |
|
27138 |
CVE-2001-1238 |
|
|
|
2001-07-16 |
2019-04-30 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager. |
|
27139 |
CVE-2001-1197 |
|
|
|
2001-12-14 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file. |
|
27140 |
CVE-2001-1190 |
|
|
|
2001-12-12 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended. |
|
27141 |
CVE-2001-1189 |
|
|
|
2001-12-13 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. |
|
27142 |
CVE-2001-1172 |
|
|
|
2001-07-19 |
2017-10-09 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file. |
|
27143 |
CVE-2001-1165 |
|
|
+Priv |
2002-04-01 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Intego FileGuard 4.0 uses weak encryption to store user information and passwords, which allows local users to gain privileges by decrypting the information, e.g., with the Disengage tool. |
|
27144 |
CVE-2001-1148 |
|
|
Overflow +Priv |
2001-06-13 |
2017-07-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh. |
|
27145 |
CVE-2001-1116 |
|
|
Bypass |
2001-08-02 |
2017-10-09 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display. |
|
27146 |
CVE-2001-1111 |
|
|
|
2001-09-12 |
2017-12-18 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file. |
|
27147 |
CVE-2001-1096 |
|
|
Exec Code Overflow |
2001-10-09 |
2013-07-25 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code. |
|
27148 |
CVE-2001-1095 |
|
|
Exec Code Overflow |
2001-10-09 |
2016-09-16 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter. |
|
27149 |
CVE-2001-1094 |
|
|
Bypass |
2001-09-11 |
2017-12-18 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version. |
|
27150 |
CVE-2001-1077 |
|
|
Overflow +Priv |
2001-06-15 |
2017-12-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument. |
