CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4101 CVE-2001-0807 2001-12-06 2017-12-18
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.
4102 CVE-2001-0744 2001-10-18 2008-09-10
2.1
None Local Low Not required None Partial None
Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.
4103 CVE-2001-0741 DoS 2001-10-18 2017-10-09
2.1
None Local Low Not required None None Partial
Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets.
4104 CVE-2001-0736 2001-10-18 2017-12-18
2.1
None Local Low Not required None Partial None
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
4105 CVE-2001-0715 +Info 2001-10-30 2008-09-05
2.1
None Local Low Not required Partial None None
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.
4106 CVE-2001-0714 DoS 2001-10-30 2008-09-05
2.1
None Local Low Not required None None Partial
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option.
4107 CVE-2001-0706 DoS 2001-09-20 2017-10-09
2.1
None Local Low Not required None None Partial
Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders.
4108 CVE-2001-0685 2001-09-20 2017-10-09
2.6
None Local High Not required None Partial Partial
Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file.
4109 CVE-2001-0682 DoS 2001-08-29 2017-10-09
2.1
None Local Low Not required None None Partial
ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.
4110 CVE-2001-0666 DoS 2001-10-30 2018-10-12
2.1
None Local Low Not required None None Partial
Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
4111 CVE-2001-0642 Dir. Trav. 2001-09-20 2017-12-18
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in the content.ini file.
4112 CVE-2001-0624 2001-08-02 2017-12-18
2.1
None Local Low Not required Partial None None
QNX 2.4 allows a local user to read arbitrary files by directly accessing the mount point for the FAT disk partition, e.g. /fs-dos.
4113 CVE-2001-0620 2001-08-02 2017-12-18
2.1
None Local Low Not required Partial None None
iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions.
4114 CVE-2001-0589 Bypass 2001-08-22 2017-10-09
2.1
None Local Low Not required None None Partial
NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns.
4115 CVE-2001-0584 DoS 2001-08-22 2017-12-18
2.1
None Local Low Not required None None Partial
IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands.
4116 CVE-2001-0569 2001-08-22 2008-09-05
2.1
None Local Low Not required None Partial None
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
4117 CVE-2001-0568 2001-08-22 2008-09-05
2.1
None Local Low Not required None Partial None
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
4118 CVE-2001-0547 DoS 2001-09-20 2018-10-12
2.1
None Local Low Not required None None Partial
Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
4119 CVE-2001-0544 DoS 2001-10-30 2018-10-30
2.1
None Local Low Not required None None Partial
IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.
4120 CVE-2001-0488 DoS 2001-06-27 2017-10-09
2.1
None Local Low Not required None None Partial
pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.
4121 CVE-2001-0474 2001-06-27 2017-10-09
2.1
None Local Low Not required None Partial None
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.
4122 CVE-2001-0444 +Info 2001-07-02 2017-10-09
2.1
None Local Low Not required Partial None None
Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
4123 CVE-2001-0438 2001-07-02 2008-09-05
2.1
None Local Low Not required None Partial None
Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu.
4124 CVE-2001-0417 2001-06-27 2008-09-05
2.1
None Local Low Not required None Partial None
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
4125 CVE-2001-0416 2001-06-27 2017-10-09
2.1
None Local Low Not required Partial None None
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
4126 CVE-2001-0409 2001-06-18 2017-10-09
2.1
None Local Low Not required None Partial None
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
4127 CVE-2001-0406 2001-07-02 2008-09-05
2.1
None Local Low Not required None Partial None
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
4128 CVE-2001-0384 2001-07-02 2008-09-05
2.1
None Local Low Not required None Partial None
ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file.
4129 CVE-2001-0378 2001-06-27 2017-10-09
2.1
None Local Low Not required Partial None None
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
4130 CVE-2001-0373 2001-06-18 2017-10-09
2.1
None Local Low Not required Partial None None
The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.
4131 CVE-2001-0351 DoS 2001-07-21 2018-10-12
2.1
None Local Low Not required None None Partial
Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
4132 CVE-2001-0324 DoS 2001-05-03 2008-09-05
2.6
None Remote High Not required None None Partial
Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.
4133 CVE-2001-0310 2001-06-02 2017-10-09
2.1
None Local Low Not required None None Partial
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.
4134 CVE-2001-0300 2001-06-02 2017-07-10
2.1
None Local Low Not required None Partial None
oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.
4135 CVE-2001-0287 DoS 2001-05-03 2008-09-05
2.1
None Local Low Not required None None Partial
VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command.
4136 CVE-2001-0275 DoS Exec Code 2001-05-03 2008-09-05
2.1
None Local Low Not required None None Partial
Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request.
4137 CVE-2001-0273 2001-05-03 2017-07-10
2.6
None Remote High Not required Partial None None
pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.
4138 CVE-2001-0265 2001-06-18 2017-10-09
2.1
None Local Low Not required None Partial None
ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file.
4139 CVE-2001-0261 2001-06-02 2017-12-18
2.1
None Local Low Not required Partial None None
Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
4140 CVE-2001-0235 2001-03-26 2017-10-09
2.1
None Local Low Not required Partial None None
Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.
4141 CVE-2001-0219 DoS 2001-03-26 2017-10-09
2.1
None Local Low Not required None None Partial
Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service.
4142 CVE-2001-0195 +Priv 2001-03-26 2017-10-09
2.1
None Local Low Not required Partial None None
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
4143 CVE-2001-0184 DoS 2001-03-26 2017-12-18
2.6
None Remote High Not required None None Partial
eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet.
4144 CVE-2001-0178 +Priv 2001-03-26 2017-10-09
2.1
None Local Low Not required Partial None None
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
4145 CVE-2001-0170 2001-03-26 2017-10-09
2.1
None Local Low Not required Partial None None
glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
4146 CVE-2001-0169 2001-03-26 2017-10-09
2.1
None Local Low Not required None Partial None
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
4147 CVE-2001-0156 2001-06-02 2017-10-09
2.1
None Local Low Not required None Partial None
VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems.
4148 CVE-2001-0152 2001-05-03 2018-10-12
2.1
None Local Low Not required Partial None None
The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.
4149 CVE-2001-0135 2001-03-12 2016-10-17
2.1
None Local Low Not required None Partial None
The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs.
4150 CVE-2001-0105 2001-02-12 2017-10-09
2.1
None Local Low Not required None Partial None
Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group.
Total number of vulnerabilities : 4392   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 (This Page)84 85 86 87 88
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.