CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2001-1068 2001-08-31 2017-12-19
5.0
None Remote Low Not required Partial None None
qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system.
52 CVE-2001-1067 DoS Exec Code Overflow 2001-08-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.
53 CVE-2001-1066 2001-08-31 2018-05-03
2.1
None Local Low Not required None Partial None
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
54 CVE-2001-1065 2001-08-31 2017-12-19
5.0
None Remote Low Not required None None Partial
Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.
55 CVE-2001-1064 DoS 2001-08-31 2017-12-19
5.0
None Remote Low Not required None None Partial
Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets.
56 CVE-2001-1063 Overflow +Priv 2001-08-31 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument.
57 CVE-2001-1062 Exec Code Overflow 2001-08-31 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code.
58 CVE-2001-1061 2001-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error.
59 CVE-2001-1041 2001-08-31 2016-10-18
2.1
None Local Low Not required None Partial None
oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable.
60 CVE-2001-1040 2001-08-31 2008-09-05
6.4
None Remote Low Not required Partial None Partial
HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password.
61 CVE-2001-1039 2001-08-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to the printer.
62 CVE-2001-1036 +Priv 2001-08-31 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.
63 CVE-2001-1027 Exec Code Overflow 2001-08-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.
64 CVE-2001-1025 2001-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
65 CVE-2001-1009 264 +Priv 2001-08-31 2011-02-16
10.0
None Remote Low Not required Complete Complete Complete
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
66 CVE-2001-1008 2001-08-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.
67 CVE-2001-1007 2001-08-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack.
68 CVE-2001-1006 2001-08-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application.
69 CVE-2001-1005 +Priv 2001-08-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges.
70 CVE-2001-1004 XSS 2001-08-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags.
71 CVE-2001-1003 +Priv 2001-08-31 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges.
72 CVE-2001-1002 Exec Code +Priv 2001-08-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.
73 CVE-2001-0995 2001-08-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.
74 CVE-2001-0983 +Priv 2001-08-31 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges.
75 CVE-2001-0981 2001-08-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
76 CVE-2001-0976 +Priv 2001-08-31 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables.
77 CVE-2001-0973 2001-08-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.
78 CVE-2001-0972 +Priv 2001-08-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."
79 CVE-2001-0971 Dir. Trav. 2001-08-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request.
80 CVE-2001-0970 XSS 2001-08-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script.
81 CVE-2001-0969 2001-08-31 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.
82 CVE-2001-0968 +Priv 2001-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges.
83 CVE-2001-0967 2001-08-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing.
84 CVE-2001-0966 Dir. Trav. 2001-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command.
85 CVE-2001-0965 DoS 2001-08-31 2008-09-05
5.0
None Remote Low Not required None None Partial
glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters.
86 CVE-2001-0943 Exec Code 2001-08-31 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.
87 CVE-2001-0711 DoS 2001-08-31 2017-12-19
5.0
None Remote Low Not required None None Partial
Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string.
88 CVE-2001-0682 DoS 2001-08-29 2017-10-10
2.1
None Local Low Not required None None Partial
ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.
89 CVE-2001-0647 DoS 2001-08-06 2008-09-05
5.0
None Remote Low Not required None None Partial
Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version.
90 CVE-2001-0635 +Priv 2001-08-14 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Red Hat Linux 7.1 sets insecure permissions on swap files created during installation, which can allow a local attacker to gain additional privileges by reading sensitive information from the swap file, such as passwords.
91 CVE-2001-0634 DoS +Priv 2001-08-22 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service.
92 CVE-2001-0633 Dir. Trav. 2001-08-22 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'.
93 CVE-2001-0632 +Priv 2001-08-22 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges.
94 CVE-2001-0631 2001-08-22 2017-10-10
5.0
None Remote Low Not required None Partial None
Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users.
95 CVE-2001-0630 Dir. Trav. 2001-08-22 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the 'loc' variable.
96 CVE-2001-0629 119 Overflow +Priv 2001-08-14 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.
97 CVE-2001-0628 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
98 CVE-2001-0627 2001-08-22 2017-10-10
3.7
None Local High Not required Partial Partial Partial
vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.
99 CVE-2001-0626 2001-08-22 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.
100 CVE-2001-0625 2001-08-22 2021-04-09
7.2
None Local Low Not required Complete Complete Complete
ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log .
Total number of vulnerabilities : 205   Page : 1 2 (This Page)3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.