CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2001 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-1441 XSS 2001-07-02 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.
2 CVE-2001-1427 2001-07-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.
3 CVE-2001-1408 Dir. Trav. 2001-07-05 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.
4 CVE-2001-1386 Bypass 2001-07-01 2017-10-10
5.0
None Remote Low Not required Partial None None
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.
5 CVE-2001-1374 +Priv 2001-07-19 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
6 CVE-2001-1373 2001-07-18 2017-10-10
5.0
None Remote Low Not required None Partial None
MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments.
7 CVE-2001-1370 Exec Code 2001-07-21 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
8 CVE-2001-1367 +Priv 2001-07-19 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.
9 CVE-2001-1366 +Info 2001-07-19 2008-09-05
5.0
None Remote Low Not required Partial None None
netscript before 1.6.3 parses dynamic variables, which could allow remote attackers to alter program behavior or obtain sensitive information.
10 CVE-2001-1365 2001-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in IntraGnat before 1.4.
11 CVE-2001-1364 2001-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified.
12 CVE-2001-1363 +Priv 2001-07-19 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges.
13 CVE-2001-1362 2001-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in the server for nPULSE before 0.53p4.
14 CVE-2001-1361 2001-07-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.
15 CVE-2001-1360 2001-07-19 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned.
16 CVE-2001-1355 Exec Code Overflow 2001-07-20 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
17 CVE-2001-1321 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.
18 CVE-2001-1320 DoS Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.
19 CVE-2001-1319 DoS 2001-07-16 2020-04-09
5.0
None Remote Low Not required None None Partial
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
20 CVE-2001-1318 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
21 CVE-2001-1317 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstrated by the PROTOS LDAPv3 test suite.
22 CVE-2001-1316 DoS Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
23 CVE-2001-1315 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
24 CVE-2001-1314 DoS Exec Code Overflow 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
25 CVE-2001-1313 DoS Exec Code 2001-07-16 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
26 CVE-2001-1312 DoS Exec Code 2001-07-16 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
27 CVE-2001-1311 DoS Exec Code Overflow 2001-07-16 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
28 CVE-2001-1310 DoS Exec Code 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite.
29 CVE-2001-1309 DoS Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
30 CVE-2001-1308 DoS Exec Code 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
31 CVE-2001-1307 DoS Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
32 CVE-2001-1306 DoS Exec Code 2001-07-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite.
33 CVE-2001-1303 +Info 2001-07-18 2017-10-10
5.0
None Remote Low Not required Partial None None
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.
34 CVE-2001-1291 2001-07-12 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
35 CVE-2001-1289 DoS 2001-07-29 2008-09-10
5.0
None Remote Low Not required None None Partial
Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters.
36 CVE-2001-1279 DoS Exec Code Overflow 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.
37 CVE-2001-1266 Dir. Trav. 2001-07-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'.
38 CVE-2001-1265 Dir. Trav. 2001-07-20 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack.
39 CVE-2001-1264 2001-07-19 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
40 CVE-2001-1257 XSS 2001-07-21 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
41 CVE-2001-1245 DoS 2001-07-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
42 CVE-2001-1244 DoS 2001-07-07 2018-10-30
5.0
None Remote Low Not required None None Partial
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
43 CVE-2001-1243 DoS 2001-07-04 2018-10-30
5.0
None Remote Low Not required None None Partial
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
44 CVE-2001-1242 Exec Code Dir. Trav. 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
45 CVE-2001-1241 Exec Code 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
46 CVE-2001-1240 2001-07-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
47 CVE-2001-1183 DoS 2001-07-12 2017-10-10
5.0
None Remote Low Not required None None Partial
PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.
48 CVE-2001-1182 +Priv Bypass 2001-07-17 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.
49 CVE-2001-1181 +Priv 2001-07-16 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges.
50 CVE-2001-1180 +Priv 2001-07-10 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.
Total number of vulnerabilities : 161   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.