CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2001 (CVSS score >= 8)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-1370 Exec Code 2001-07-21 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
2 CVE-2001-1367 +Priv 2001-07-19 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.
3 CVE-2001-1363 +Priv 2001-07-19 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges.
4 CVE-2001-1355 Exec Code Overflow 2001-07-20 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
5 CVE-2001-1291 2001-07-12 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
6 CVE-2001-1264 2001-07-19 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
7 CVE-2001-1240 2001-07-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
8 CVE-2001-1053 +Priv Bypass 2001-07-13 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
9 CVE-2001-1011 +Priv 2001-07-25 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
10 CVE-2001-0537 287 Exec Code Bypass 2001-07-21 2017-10-10
9.3
None Remote Medium Not required Complete Complete Complete
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
11 CVE-2001-0534 DoS Exec Code Overflow 2001-07-21 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands.
12 CVE-2001-0500 Exec Code Overflow 2001-07-21 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
13 CVE-2001-0499 Overflow +Priv 2001-07-21 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
14 CVE-2001-0464 Exec Code Overflow 2001-07-02 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.
15 CVE-2001-0432 Exec Code Overflow 2001-07-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands.
16 CVE-2001-0431 2001-07-02 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in iPlanet Web Server Enterprise Edition 4.x.
17 CVE-2001-0353 Overflow +Priv 2001-07-21 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.
Total number of vulnerabilities : 17   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.