CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-0353 Overflow +Priv 2001-07-21 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.
2 CVE-2001-0431 2001-07-02 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in iPlanet Web Server Enterprise Edition 4.x.
3 CVE-2001-0432 Exec Code Overflow 2001-07-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands.
4 CVE-2001-0464 Exec Code Overflow 2001-07-02 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.
5 CVE-2001-0499 Overflow +Priv 2001-07-21 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
6 CVE-2001-0500 Exec Code Overflow 2001-07-21 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
7 CVE-2001-0534 DoS Exec Code Overflow 2001-07-21 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands.
8 CVE-2001-1011 +Priv 2001-07-25 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
9 CVE-2001-1053 +Priv Bypass 2001-07-13 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
10 CVE-2001-1240 2001-07-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
11 CVE-2001-1264 2001-07-19 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
12 CVE-2001-1291 2001-07-12 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
13 CVE-2001-1355 Exec Code Overflow 2001-07-20 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
14 CVE-2001-1363 +Priv 2001-07-19 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges.
15 CVE-2001-1367 +Priv 2001-07-19 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.
16 CVE-2001-1370 Exec Code 2001-07-21 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
17 CVE-2001-0537 287 Exec Code Bypass 2001-07-21 2017-10-10
9.3
None Remote Medium Not required Complete Complete Complete
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
18 CVE-2000-0891 Exec Code 2001-07-21 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email.
19 CVE-2001-0002 2001-07-21 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
20 CVE-2001-0238 Bypass 2001-07-02 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
21 CVE-2001-0239 DoS 2001-07-02 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
22 CVE-2001-0262 Exec Code Overflow 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.
23 CVE-2001-0340 434 Exec Code 2001-07-21 2020-04-02
7.5
None Remote Low Not required Partial Partial Partial
An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
24 CVE-2001-0341 Exec Code Overflow 2001-07-21 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.
25 CVE-2001-0347 2001-07-21 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
26 CVE-2001-0395 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.
27 CVE-2001-0400 Exec Code 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address.
28 CVE-2001-0405 Bypass 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.
29 CVE-2001-0419 Exec Code Overflow 2001-07-02 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.
30 CVE-2001-0436 Exec Code 2001-07-02 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.
31 CVE-2001-0439 Exec Code 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
32 CVE-2001-0440 DoS Exec Code Overflow 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
33 CVE-2001-0443 DoS Exec Code Overflow 2001-07-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via (1) a long username, or (2) a long password.
34 CVE-2001-0514 DoS +Info 2001-07-21 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network.
35 CVE-2001-0974 Exec Code 2001-07-17 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
36 CVE-2001-0975 Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
37 CVE-2001-0980 Exec Code 2001-07-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.
38 CVE-2001-0987 XSS 2001-07-22 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap.
39 CVE-2001-0991 XSS 2001-07-24 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message.
40 CVE-2001-1021 Exec Code Overflow 2001-07-26 2019-08-13
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
41 CVE-2001-1022 Exec Code Bypass 2001-07-26 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
42 CVE-2001-1024 Exec Code 2001-07-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument.
43 CVE-2001-1026 2001-07-09 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address.
44 CVE-2001-1030 Bypass 2001-07-18 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
45 CVE-2001-1056 Bypass 2001-07-30 2018-09-20
7.5
None Remote Low Not required Partial Partial Partial
IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.
46 CVE-2001-1060 Exec Code 2001-07-31 2009-04-03
7.5
None Remote Low Not required Partial Partial Partial
phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.
47 CVE-2001-1081 DoS Exec Code 2001-07-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages.
48 CVE-2001-1084 XSS 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.
49 CVE-2001-1086 2001-07-04 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
50 CVE-2001-1087 2001-07-05 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device.
Total number of vulnerabilities : 191   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.