CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2001-1258 2001-07-21 2011-03-08
3.6
None Local Low Not required Partial Partial None
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
52 CVE-2001-1257 XSS 2001-07-21 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
53 CVE-2001-1245 DoS 2001-07-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
54 CVE-2001-1244 DoS 2001-07-07 2018-10-30
5.0
None Remote Low Not required None None Partial
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
55 CVE-2001-1243 DoS 2001-07-04 2018-10-30
5.0
None Remote Low Not required None None Partial
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
56 CVE-2001-1242 Exec Code Dir. Trav. 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
57 CVE-2001-1241 Exec Code 2001-07-17 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
58 CVE-2001-1240 2001-07-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
59 CVE-2001-1238 2001-07-16 2019-04-30
4.6
None Local Low Not required Partial Partial Partial
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
60 CVE-2001-1183 DoS 2001-07-12 2017-10-10
5.0
None Remote Low Not required None None Partial
PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.
61 CVE-2001-1182 +Priv Bypass 2001-07-17 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.
62 CVE-2001-1181 +Priv 2001-07-16 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges.
63 CVE-2001-1180 +Priv 2001-07-10 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.
64 CVE-2001-1179 +Priv 2001-07-17 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.
65 CVE-2001-1178 Overflow +Priv 2001-07-11 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
66 CVE-2001-1177 2001-07-17 2017-10-10
6.2
None Local High Not required Complete Complete Complete
ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
67 CVE-2001-1176 Exec Code 2001-07-12 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.
68 CVE-2001-1173 +Priv 2001-07-26 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in MasqMail before 0.1.15 allows local users to gain privileges via piped aliases.
69 CVE-2001-1172 2001-07-19 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file.
70 CVE-2001-1161 XSS 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.
71 CVE-2001-1159 Exec Code 2001-07-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.
72 CVE-2001-1158 Bypass 2001-07-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.
73 CVE-2001-1146 2001-07-11 2017-10-10
1.2
None Local High Not required None Partial None
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.
74 CVE-2001-1144 Dir. Trav. 2001-07-11 2013-08-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.
75 CVE-2001-1143 DoS 2001-07-11 2008-09-05
5.0
None Remote Low Not required None None Partial
IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.
76 CVE-2001-1142 +Priv 2001-07-12 2008-09-05
5.0
None Remote Low Not required Partial None None
ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.
77 CVE-2001-1141 2001-07-10 2017-10-10
5.0
None Remote Low Not required Partial None None
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
78 CVE-2001-1121 2001-07-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-2001-1084.
79 CVE-2001-1120 2001-07-11 2017-12-19
6.4
None Remote Low Not required Partial Partial None
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
80 CVE-2001-1108 Dir. Trav. 2001-07-26 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. (dot dot) attack in the requested URL.
81 CVE-2001-1107 +Priv 2001-07-26 2017-12-19
5.0
None Remote Low Not required Partial None None
SnapStream PVS 1.2a stores its passwords in plaintext in the file SSD.ini, which could allow a remote attacker to gain privileges on the server.
82 CVE-2001-1106 2001-07-25 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.
83 CVE-2001-1104 2001-07-25 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
84 CVE-2001-1097 DoS 2001-07-24 2017-12-19
5.0
None Remote Low Not required None None Partial
Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.
85 CVE-2001-1087 2001-07-05 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device.
86 CVE-2001-1086 2001-07-04 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
87 CVE-2001-1085 2001-07-05 2017-10-10
3.7
None Local High Not required Partial Partial Partial
Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
88 CVE-2001-1084 XSS 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.
89 CVE-2001-1082 Dir. Trav. 2001-07-13 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a .. (dot dot) attack.
90 CVE-2001-1081 DoS Exec Code 2001-07-06 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages.
91 CVE-2001-1076 Exec Code Overflow 2001-07-05 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.
92 CVE-2001-1075 Bypass 2001-07-04 2017-10-10
5.0
None Remote Low Not required None Partial None
poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.
93 CVE-2001-1060 Exec Code 2001-07-31 2009-04-03
7.5
None Remote Low Not required Partial Partial Partial
phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.
94 CVE-2001-1059 2001-07-30 2017-10-10
3.6
None Local Low Not required Partial Partial None
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.
95 CVE-2001-1057 DoS 2001-07-30 2017-12-19
5.0
None Remote Low Not required None None Partial
The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests.
96 CVE-2001-1056 Bypass 2001-07-30 2018-09-20
7.5
None Remote Low Not required Partial Partial Partial
IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.
97 CVE-2001-1055 DoS 2001-07-30 2017-10-10
5.0
None Remote Low Not required None None Partial
The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.
98 CVE-2001-1053 +Priv Bypass 2001-07-13 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
99 CVE-2001-1045 Dir. Trav. 2001-07-06 2017-12-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.
100 CVE-2001-1043 2001-07-01 2017-10-10
5.0
None Remote Low Not required Partial None None
ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
Total number of vulnerabilities : 191   Page : 1 2 (This Page)3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.