CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2001-0574 Dir. Trav. 2001-08-14 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows a remote attacker to download arbitrary files via a '..' (dot dot) in the URL.
152 CVE-2001-0573 +Priv 2001-08-02 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory.
153 CVE-2001-0572 +Info 2001-08-22 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
154 CVE-2001-0571 Dir. Trav. 2001-08-22 2016-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL.
155 CVE-2001-0570 +Priv 2001-08-14 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks.
156 CVE-2001-0569 2001-08-22 2008-09-05
2.1
None Local Low Not required None Partial None
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
157 CVE-2001-0568 2001-08-22 2008-09-05
2.1
None Local Low Not required None Partial None
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
158 CVE-2001-0567 +Priv 2001-08-14 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
159 CVE-2001-0566 20 DoS 2001-08-14 2017-12-19
5.0
None Remote Low Not required None None Partial
Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.
160 CVE-2001-0565 Overflow +Priv 2001-08-14 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.
161 CVE-2001-0564 DoS 2001-08-22 2017-10-10
5.0
None Remote Low Not required None None Partial
APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card.
162 CVE-2001-0563 DoS 2001-08-14 2017-10-10
5.0
None Remote Low Not required None None Partial
ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large (> 160000 character) strings sent to port 23.
163 CVE-2001-0562 Exec Code 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters.
164 CVE-2001-0561 Dir. Trav. 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.
165 CVE-2001-0560 Overflow +Priv 2001-08-22 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
166 CVE-2001-0559 +Priv 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.
167 CVE-2001-0558 DoS 2001-08-14 2017-10-10
5.0
None Remote Low Not required None None Partial
T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).
168 CVE-2001-0557 2001-08-14 2017-12-19
5.0
None Remote Low Not required Partial None None
T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e).
169 CVE-2001-0556 2001-08-22 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.
170 CVE-2001-0555 2001-08-14 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
171 CVE-2001-0554 120 Exec Code Overflow 2001-08-14 2022-01-21
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
172 CVE-2001-0553 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.
173 CVE-2001-0549 2001-08-14 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords.
174 CVE-2001-0548 Overflow +Priv 2001-08-14 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.
175 CVE-2001-0538 Exec Code 2001-08-14 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
176 CVE-2001-0533 Overflow +Priv 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable.
177 CVE-2001-0530 Bypass 2001-08-14 2017-10-10
5.0
None Remote Low Not required Partial None None
Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters.
178 CVE-2001-0529 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
179 CVE-2001-0528 +Priv 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges.
180 CVE-2001-0527 +Priv 2001-08-14 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
181 CVE-2001-0526 Overflow +Priv 2001-08-14 2018-05-03
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable.
182 CVE-2001-0525 Overflow +Priv 2001-08-14 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain privileges via a long first command line argument.
183 CVE-2001-0524 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.
184 CVE-2001-0523 Dir. Trav. Bypass 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.
185 CVE-2001-0522 +Priv 2001-08-14 2018-05-03
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
186 CVE-2001-0521 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document.
187 CVE-2001-0520 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.
188 CVE-2001-0519 2001-08-14 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags.
189 CVE-2001-0504 +Priv 2001-08-14 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying.
190 CVE-2001-0394 DoS 2001-08-22 2017-10-10
5.0
None Remote Low Not required None None Partial
Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.
191 CVE-2001-0357 2001-08-22 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.
192 CVE-2000-1203 DoS 2001-08-20 2017-10-10
5.0
None Remote Low Not required None None Partial
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
193 CVE-2000-1202 Exec Code 2001-08-31 2017-12-19
7.2
None Local Low Not required Complete Complete Complete
ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class.
194 CVE-2000-1201 DoS 2001-08-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.
195 CVE-2000-1200 +Info 2001-08-31 2017-10-10
5.0
None Remote Low Not required Partial None None
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
196 CVE-2000-1199 +Priv 2001-08-31 2017-12-19
4.6
None Local Low Not required Partial Partial Partial
PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
197 CVE-2000-1198 DoS 2001-08-31 2016-10-18
2.1
None Local Low Not required None None Partial
qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.
198 CVE-2000-1197 DoS 2001-08-31 2016-10-18
2.1
None Local Low Not required None None Partial
POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
199 CVE-2000-1196 1 2001-08-31 2017-10-10
5.0
None Remote Low Not required Partial None None
PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.
200 CVE-2000-1195 Bypass 2001-08-31 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.
Total number of vulnerabilities : 205   Page : 1 2 3 4 (This Page)5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.