CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2001-1000 2001-09-07 2017-12-19
2.1
None Local Low Not required Partial None None
rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file.
302 CVE-2001-1029 Bypass 2001-09-20 2017-10-10
2.1
None Local Low Not required Partial None None
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
303 CVE-2001-1041 2001-08-31 2016-10-18
2.1
None Local Low Not required None Partial None
oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable.
304 CVE-2001-1066 2001-08-31 2018-05-03
2.1
None Local Low Not required None Partial None
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
305 CVE-2001-1070 DoS 2001-08-31 2017-12-19
2.1
None Local Low Not required None None Partial
Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters.
306 CVE-2001-1092 2001-09-10 2017-12-19
2.1
None Local Low Not required Partial None None
msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file.
307 CVE-2001-1098 2001-10-10 2017-10-10
2.1
None Local Low Not required Partial None None
Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file.
308 CVE-2001-1122 DoS 2001-08-03 2017-12-19
2.1
None Local Low Not required None None Partial
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
309 CVE-2001-1133 DoS 2001-08-21 2008-09-05
2.1
None Local Low Not required None None Partial
Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions.
310 CVE-2001-1136 DoS 2001-09-13 2017-12-19
2.1
None Local Low Not required None None Partial
The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.
311 CVE-2001-1218 DoS 2001-12-20 2008-09-10
2.1
None Local Low Not required None None Partial
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
312 CVE-2001-1225 DoS 2001-12-26 2008-09-05
2.1
None Local Low Not required None None Partial
Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.
313 CVE-2001-1267 Dir. Trav. 2001-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
314 CVE-2001-1268 Dir. Trav. 2001-07-12 2010-05-25
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
315 CVE-2001-1269 2001-07-12 2010-05-25
2.1
None Local Low Not required None Partial None
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
316 CVE-2001-1270 Dir. Trav. 2001-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files.
317 CVE-2001-1271 Dir. Trav. 2001-07-12 2008-09-05
2.1
None Local Low Not required None Partial None
Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.
318 CVE-2001-1273 DoS 2001-02-12 2008-09-05
2.1
None Local Low Not required None None Partial
The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).
319 CVE-2001-1277 2001-06-11 2016-10-18
2.1
None Local Low Not required None Partial None
makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.
320 CVE-2001-1288 DoS 2001-07-27 2019-04-30
2.1
None Local Low Not required None None Partial
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
321 CVE-2001-1302 2001-07-18 2019-04-30
2.1
None Local Low Not required None Partial None
The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.
322 CVE-2001-1353 2001-09-18 2016-10-18
2.6
None Local High Not required Partial Partial None
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.
323 CVE-2001-1378 59 2001-09-06 2011-02-16
2.1
None Local Low Not required None Partial None
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
324 CVE-2001-1387 200 +Info 2001-11-05 2021-02-02
2.1
None Local Low Not required Partial None None
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.
325 CVE-2001-1391 2001-04-17 2017-10-10
2.1
None Local Low Not required None Partial None
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.
326 CVE-2001-1392 2001-04-17 2016-12-08
2.1
None Local Low Not required None None Partial
The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.
327 CVE-2001-1393 DoS 2001-04-17 2016-12-08
2.1
None Local Low Not required None None Partial
Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).
328 CVE-2001-1394 DoS 2001-04-17 2016-12-08
2.1
None Local Low Not required None None Partial
Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.
329 CVE-2001-1397 2001-04-17 2016-12-08
2.1
None Local Low Not required None Partial None
The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.
330 CVE-2001-1399 2001-04-17 2016-12-08
2.1
None Local Low Not required None Partial None
Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."
331 CVE-2001-1400 DoS 2001-04-17 2016-12-08
2.1
None Local Low Not required None None Partial
Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).
332 CVE-2001-1405 DoS 2001-09-10 2016-10-18
2.1
None Local Low Not required None None Partial
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
333 CVE-2001-1406 2001-09-10 2016-10-18
2.1
None Local Low Not required Partial None None
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
334 CVE-2001-1412 2003-11-17 2016-10-18
2.1
None Local Low Not required Partial None None
nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument.
335 CVE-2001-1439 DoS Overflow 2001-02-16 2017-07-11
2.1
None Local Low Not required None None Partial
Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit.
336 CVE-2001-1450 DoS 2001-05-11 2021-07-23
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".
337 CVE-2001-1479 2001-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT.
338 CVE-2001-1494 Exec Code 2001-12-31 2017-10-11
2.1
None Local Low Not required None Partial None
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
339 CVE-2001-1497 2001-12-31 2021-07-23
2.1
None Local Low Not required Partial None None
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
340 CVE-2001-1503 2001-12-31 2018-10-30
2.1
None Local Low Not required Partial None None
The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.
341 CVE-2001-1517 +Info 2001-12-31 2019-04-30
2.1
None Local Low Not required Partial None None
** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information.
342 CVE-2001-1518 DoS 2001-12-31 2019-04-30
2.1
None Local Low Not required None None Partial
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.
343 CVE-2001-1520 2001-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN.
344 CVE-2001-1521 XSS 2001-12-31 2008-09-10
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.
345 CVE-2001-1527 2001-12-31 2009-04-03
2.1
None Local Low Not required Partial None None
easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access.
346 CVE-2001-1534 384 Bypass +Info 2001-12-31 2021-07-15
2.1
None Local Low Not required Partial None None
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
347 CVE-2001-1548 Bypass 2001-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
348 CVE-2001-1549 Bypass 2001-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
349 CVE-2001-1550 2001-12-31 2017-07-11
2.1
None Local Low Not required Partial None None
CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users.
350 CVE-2001-1551 2001-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.