CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-0527 +Priv 2001-08-14 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
2 CVE-2001-0538 Exec Code 2001-08-14 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
3 CVE-2001-0554 120 Exec Code Overflow 2001-08-14 2022-01-21
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
4 CVE-2001-0555 2001-08-14 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
5 CVE-2001-0609 +Priv 2001-08-02 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
6 CVE-2001-0629 119 Overflow +Priv 2001-08-14 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.
7 CVE-2001-0966 Dir. Trav. 2001-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command.
8 CVE-2001-0968 +Priv 2001-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges.
9 CVE-2001-0969 2001-08-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.
10 CVE-2001-0972 +Priv 2001-08-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."
11 CVE-2001-0981 2001-08-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
12 CVE-2001-1009 264 +Priv 2001-08-31 2011-02-16
10.0
None Remote Low Not required Complete Complete Complete
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
13 CVE-2001-1025 2001-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
14 CVE-2001-1027 Exec Code Overflow 2001-08-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.
15 CVE-2001-1061 2001-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error.
16 CVE-2001-1067 DoS Exec Code Overflow 2001-08-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.
17 CVE-2001-1113 Exec Code Overflow 2001-08-13 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command.
18 CVE-2001-1260 +Priv 2001-08-07 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
19 CVE-2001-1356 2001-08-04 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
20 CVE-2000-1192 DoS Exec Code Overflow 2001-08-31 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string trap.
21 CVE-2000-1194 DoS Exec Code 2001-08-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands.
22 CVE-2000-1195 Bypass 2001-08-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.
23 CVE-2001-0357 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.
24 CVE-2001-0504 +Priv 2001-08-14 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying.
25 CVE-2001-0519 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags.
26 CVE-2001-0520 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.
27 CVE-2001-0521 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document.
28 CVE-2001-0522 +Priv 2001-08-14 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
29 CVE-2001-0523 Dir. Trav. Bypass 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.
30 CVE-2001-0524 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.
31 CVE-2001-0561 Dir. Trav. 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.
32 CVE-2001-0562 Exec Code 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters.
33 CVE-2001-0572 +Info 2001-08-22 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
34 CVE-2001-0579 Overflow +Priv 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command.
35 CVE-2001-0591 Dir. Trav. 2001-08-22 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack.
36 CVE-2001-0596 2001-08-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
37 CVE-2001-0605 2001-08-22 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data.
38 CVE-2001-0608 +Priv 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program.
39 CVE-2001-0611 Overflow +Priv 2001-08-14 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Becky! 2.00.05 and earlier can allow a remote attacker to gain additional privileges via a buffer overflow attack on long messages without newline characters.
40 CVE-2001-0614 Exec Code +Priv 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL.
41 CVE-2001-0617 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled.
42 CVE-2001-0618 2001-08-02 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the 'Network Name' or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic.
43 CVE-2001-0619 2001-08-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
The Lucent Closed Network protocol can allow remote attackers to join Closed Network networks which they do not have access to. The 'Network Name' or SSID, which is used as a shared secret to join the network, is transmitted in the clear.
44 CVE-2001-0621 2001-08-14 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.
45 CVE-2001-0622 +Priv 2001-08-14 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface.
46 CVE-2001-0626 2001-08-22 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.
47 CVE-2001-0632 +Priv 2001-08-22 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges.
48 CVE-2001-0967 2001-08-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing.
49 CVE-2001-0970 XSS 2001-08-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script.
50 CVE-2001-0995 2001-08-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.
Total number of vulnerabilities : 205   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.