CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2001-1042 2001-07-02 2017-12-19
5.0
None Remote Low Not required Partial None None
Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
102 CVE-2001-1038 DoS 2001-07-11 2018-10-30
5.0
None Remote Low Not required None None Partial
Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023.
103 CVE-2001-1030 Bypass 2001-07-18 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
104 CVE-2001-1026 2001-07-09 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address.
105 CVE-2001-1024 Exec Code 2001-07-27 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument.
106 CVE-2001-1022 Exec Code Bypass 2001-07-26 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
107 CVE-2001-1021 Exec Code Overflow 2001-07-26 2019-08-13
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
108 CVE-2001-1011 +Priv 2001-07-25 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
109 CVE-2001-1010 Dir. Trav. 2001-07-22 2017-10-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter.
110 CVE-2001-0993 DoS 2001-07-24 2017-10-10
2.1
None Local Low Not required None None Partial
sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length.
111 CVE-2001-0991 XSS 2001-07-24 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message.
112 CVE-2001-0989 Overflow +Priv 2001-07-23 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign.
113 CVE-2001-0988 +Info 2001-07-23 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information.
114 CVE-2001-0987 XSS 2001-07-22 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap.
115 CVE-2001-0982 Dir. Trav. 2001-07-23 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings.
116 CVE-2001-0980 Exec Code 2001-07-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.
117 CVE-2001-0977 DoS 2001-07-16 2017-10-10
5.0
None Remote Low Not required None None Partial
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
118 CVE-2001-0975 Exec Code Overflow 2001-07-16 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
119 CVE-2001-0974 Exec Code 2001-07-17 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
120 CVE-2001-0537 287 Exec Code Bypass 2001-07-21 2017-10-10
9.3
None Remote Medium Not required Complete Complete Complete
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
121 CVE-2001-0534 DoS Exec Code Overflow 2001-07-21 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands.
122 CVE-2001-0518 DoS 2001-07-21 2017-10-10
5.0
None Remote Low Not required None None Partial
Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang.
123 CVE-2001-0517 DoS 2001-07-21 2017-10-10
5.0
None Remote Low Not required None None Partial
Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0.
124 CVE-2001-0516 DoS 2001-07-21 2008-09-10
5.0
None Remote Low Not required None None Partial
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.
125 CVE-2001-0515 DoS 2001-07-21 2008-09-10
5.0
None Remote Low Not required None None Partial
Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.
126 CVE-2001-0514 DoS +Info 2001-07-21 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network.
127 CVE-2001-0513 DoS 2001-07-21 2017-10-10
5.0
None Remote Low Not required None None Partial
Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.
128 CVE-2001-0503 DoS 2001-07-21 2018-10-12
5.0
None Remote Low Not required None None Partial
Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability.
129 CVE-2001-0502 2001-07-21 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.
130 CVE-2001-0501 2001-07-21 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
131 CVE-2001-0500 Exec Code Overflow 2001-07-21 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
132 CVE-2001-0499 Overflow +Priv 2001-07-21 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
133 CVE-2001-0498 DoS 2001-07-21 2008-09-10
5.0
None Remote Low Not required None None Partial
Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension.
134 CVE-2001-0497 2001-07-21 2018-09-20
4.6
None Local Low Not required Partial Partial Partial
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
135 CVE-2001-0486 DoS 2001-07-02 2017-10-10
5.0
None Remote Low Not required None None Partial
Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353.
136 CVE-2001-0464 Exec Code Overflow 2001-07-02 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.
137 CVE-2001-0444 +Info 2001-07-02 2017-10-10
2.1
None Local Low Not required Partial None None
Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
138 CVE-2001-0443 DoS Exec Code Overflow 2001-07-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via (1) a long username, or (2) a long password.
139 CVE-2001-0440 DoS Exec Code Overflow 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
140 CVE-2001-0439 Exec Code 2001-07-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
141 CVE-2001-0438 2001-07-02 2008-09-05
2.1
None Local Low Not required None Partial None
Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu.
142 CVE-2001-0437 2001-07-02 2017-12-19
5.0
None Remote Low Not required None Partial None
upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.
143 CVE-2001-0436 Exec Code 2001-07-02 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.
144 CVE-2001-0435 2001-07-02 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate.
145 CVE-2001-0434 DoS 2001-07-02 2017-10-10
6.4
None Remote Low Not required None Partial Partial
The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service.
146 CVE-2001-0432 Exec Code Overflow 2001-07-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands.
147 CVE-2001-0431 2001-07-02 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in iPlanet Web Server Enterprise Edition 4.x.
148 CVE-2001-0430 2001-07-02 2017-10-10
3.6
None Local Low Not required Partial Partial None
Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.
149 CVE-2001-0429 DoS 2001-07-02 2017-10-10
5.0
None Remote Low Not required None None Partial
Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.
150 CVE-2001-0428 DoS 2001-07-02 2018-10-30
5.0
None Remote Low Not required None None Partial
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option.
Total number of vulnerabilities : 191   Page : 1 2 3 (This Page)4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.