CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2001-0480 Dir. Trav. 2001-06-27 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Alex's FTP Server 0.7 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the (1) GET or (2) CD commands.
52 CVE-2001-0479 Exec Code Dir. Trav. 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
53 CVE-2001-0478 Exec Code Dir. Trav. 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
54 CVE-2001-0477 Exec Code 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in WebCalendar 0.9.26 allows remote command execution.
55 CVE-2001-0476 Exec Code Overflow 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl parameter.
56 CVE-2001-0475 Exec Code 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.
57 CVE-2001-0474 2001-06-27 2017-10-10
2.1
None Local Low Not required None Partial None
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.
58 CVE-2001-0473 Exec Code 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
59 CVE-2001-0472 DoS 2001-06-27 2017-12-19
5.0
None Remote Low Not required None None Partial
Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request.
60 CVE-2001-0471 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack.
61 CVE-2001-0470 Overflow +Priv 2001-06-27 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name.
62 CVE-2001-0469 DoS 2001-06-27 2017-10-10
5.0
None Remote Low Not required None None Partial
rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.
63 CVE-2001-0468 Overflow +Priv 2001-06-27 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in FTPFS allows local users to gain root privileges via a long user name.
64 CVE-2001-0467 Dir. Trav. 2001-06-27 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request.
65 CVE-2001-0466 Dir. Trav. 2001-06-18 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ustorekeeper 1.61 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
66 CVE-2001-0465 +Info 2001-06-18 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information.
67 CVE-2001-0463 Dir. Trav. 2001-06-27 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter.
68 CVE-2001-0462 Dir. Trav. 2001-06-27 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
69 CVE-2001-0461 Exec Code 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi.
70 CVE-2001-0460 DoS 2001-06-27 2017-12-19
5.0
None Remote Low Not required None None Partial
Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header.
71 CVE-2001-0459 Overflow +Priv 2001-06-27 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option.
72 CVE-2001-0458 Exec Code Overflow 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
73 CVE-2001-0457 DoS 2001-06-27 2017-10-10
5.0
None Remote Low Not required None None Partial
man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).
74 CVE-2001-0456 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
75 CVE-2001-0455 2001-06-27 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.
76 CVE-2001-0454 Dir. Trav. 2001-06-27 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in SlimServe HTTPd 1.1a allows remote attackers to read arbitrary files via a ... (modified dot dot) in the HTTP request.
77 CVE-2001-0453 Dir. Trav. 2001-06-27 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories.
78 CVE-2001-0452 2001-06-27 2008-09-05
5.0
None Remote Low Not required Partial None None
BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.
79 CVE-2001-0451 +Priv Bypass 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1.
80 CVE-2001-0450 Dir. Trav. 2001-06-27 2017-12-19
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Transsoft FTP Broker before 5.5 allows attackers to (1) delete arbitrary files via DELETE, or (2) list arbitrary directories via LIST, via a .. (dot dot) in the file name.
81 CVE-2001-0449 Exec Code Overflow 2001-06-27 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option.
82 CVE-2001-0448 DoS 2001-06-18 2008-09-05
5.0
None Remote Low Not required None None Partial
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories with legacy DOS device names.
83 CVE-2001-0447 DoS Exec Code 2001-06-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters.
84 CVE-2001-0446 2001-06-18 2016-10-18
5.0
None Remote Low Not required Partial None None
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
85 CVE-2001-0442 DoS Exec Code Overflow 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command.
86 CVE-2001-0441 Exec Code Overflow 2001-06-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
87 CVE-2001-0433 DoS Exec Code Overflow 2001-06-18 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header.
88 CVE-2001-0427 20 DoS 2001-06-18 2017-10-10
7.1
None Remote Medium Not required None None Complete
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.
89 CVE-2001-0425 +Priv 2001-06-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information.
90 CVE-2001-0420 Dir. Trav. 2001-06-18 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter.
91 CVE-2001-0417 2001-06-27 2020-01-21
2.1
None Local Low Not required None Partial None
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
92 CVE-2001-0416 2001-06-27 2017-10-10
2.1
None Local Low Not required Partial None None
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
93 CVE-2001-0415 2001-06-27 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts.
94 CVE-2001-0414 DoS Exec Code Overflow 2001-06-18 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
95 CVE-2001-0413 DoS 2001-06-18 2017-10-10
5.0
None Remote Low Not required None None Partial
BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang.
96 CVE-2001-0412 +Priv 2001-06-18 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
97 CVE-2001-0411 DoS 2001-06-18 2016-10-18
5.0
None Remote Low Not required None None Partial
Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet.
98 CVE-2001-0410 DoS Exec Code Overflow 2001-06-18 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long "From" header.
99 CVE-2001-0409 2001-06-18 2017-10-10
2.1
None Local Low Not required None Partial None
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
100 CVE-2001-0408 Exec Code 2001-06-18 2017-10-10
5.1
None Remote High Not required Partial Partial Partial
vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.
Total number of vulnerabilities : 211   Page : 1 2 (This Page)3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.