CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2001-0624 2001-08-02 2017-12-19
2.1
None Local Low Not required Partial None None
QNX 2.4 allows a local user to read arbitrary files by directly accessing the mount point for the FAT disk partition, e.g. /fs-dos.
102 CVE-2001-0623 +Priv 2001-08-02 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
sendfiled, as included with Simple Asynchronous File Transfer (SAFT), on various Linux systems does not properly drop privileges when sending notification emails, which allows local attackers to gain privileges.
103 CVE-2001-0622 +Priv 2001-08-14 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface.
104 CVE-2001-0621 2001-08-14 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.
105 CVE-2001-0620 2001-08-02 2017-12-19
2.1
None Local Low Not required Partial None None
iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions.
106 CVE-2001-0619 2001-08-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
The Lucent Closed Network protocol can allow remote attackers to join Closed Network networks which they do not have access to. The 'Network Name' or SSID, which is used as a shared secret to join the network, is transmitted in the clear.
107 CVE-2001-0618 2001-08-02 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the 'Network Name' or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic.
108 CVE-2001-0617 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled.
109 CVE-2001-0616 DoS 2001-08-14 2017-10-10
5.0
None Remote Low Not required None None Partial
Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0).
110 CVE-2001-0615 Dir. Trav. 2001-08-14 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'.
111 CVE-2001-0614 Exec Code +Priv 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL.
112 CVE-2001-0613 DoS 2001-08-22 2017-10-10
5.0
None Remote Low Not required None None Partial
Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request.
113 CVE-2001-0612 DoS 2001-08-22 2017-10-10
5.0
None Remote Low Not required None None Partial
McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045.
114 CVE-2001-0611 Overflow +Priv 2001-08-14 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Becky! 2.00.05 and earlier can allow a remote attacker to gain additional privileges via a buffer overflow attack on long messages without newline characters.
115 CVE-2001-0610 +Priv 2001-08-02 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.
116 CVE-2001-0609 +Priv 2001-08-02 2017-12-19
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
117 CVE-2001-0608 +Priv 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program.
118 CVE-2001-0607 DoS +Priv 2001-08-22 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.
119 CVE-2001-0606 DoS 2001-08-22 2017-12-19
5.0
None Remote Low Not required None None Partial
Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service.
120 CVE-2001-0605 2001-08-22 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data.
121 CVE-2001-0604 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters.
122 CVE-2001-0603 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148.
123 CVE-2001-0602 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices.
124 CVE-2001-0601 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters.
125 CVE-2001-0600 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type.
126 CVE-2001-0599 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier as included with Symantec Ghost 6.5 allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to port 2638.
127 CVE-2001-0598 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled.
128 CVE-2001-0597 2001-08-02 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.
129 CVE-2001-0596 2001-08-02 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
130 CVE-2001-0595 Exec Code Overflow 2001-08-02 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program.
131 CVE-2001-0594 Overflow +Priv 2001-08-02 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.
132 CVE-2001-0593 2001-08-22 2018-11-16
5.0
None Remote Low Not required Partial None None
Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter.
133 CVE-2001-0592 DoS 2001-08-02 2017-12-19
5.0
None Remote Low Not required None None Partial
Watchguard Firebox II prior to 4.6 allows a remote attacker to create a denial of service in the kernel via a large stream (>10,000) of malformed ICMP or TCP packets.
134 CVE-2001-0591 Dir. Trav. 2001-08-22 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack.
135 CVE-2001-0590 2001-08-02 2017-10-10
5.0
None Remote Low Not required Partial None None
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
136 CVE-2001-0589 Bypass 2001-08-22 2017-10-10
2.1
None Local Low Not required None None Partial
NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns.
137 CVE-2001-0588 Overflow +Priv 2001-08-22 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
138 CVE-2001-0587 Overflow +Priv 2001-08-22 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
139 CVE-2001-0586 2001-08-22 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords.
140 CVE-2001-0585 DoS 2001-08-22 2017-10-10
5.0
None Remote Low Not required None None Partial
Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000.
141 CVE-2001-0584 DoS 2001-08-22 2017-12-19
2.1
None Local Low Not required None None Partial
IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands.
142 CVE-2001-0583 DoS 2001-08-22 2017-12-19
5.0
None Remote Low Not required None None Partial
Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001.
143 CVE-2001-0582 2001-08-22 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR.
144 CVE-2001-0581 DoS 2001-08-22 2017-12-19
5.0
None Remote Low Not required None None Partial
Spytech Spynet Chat Server 6.5 allows a remote attacker to create a denial of service (crash) via a large number of connections to port 6387.
145 CVE-2001-0580 DoS 2001-08-22 2008-09-10
5.0
None Remote Low Not required None None Partial
Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection.
146 CVE-2001-0579 Overflow +Priv 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command.
147 CVE-2001-0578 Overflow +Priv 2001-08-22 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command.
148 CVE-2001-0577 Overflow +Priv 2001-08-22 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument.
149 CVE-2001-0576 119 Overflow +Priv 2001-08-22 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter.
150 CVE-2001-0575 Overflow +Priv 2001-08-22 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut.
Total number of vulnerabilities : 205   Page : 1 2 3 (This Page)4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.