CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-1462 +Info 2001-10-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information.
2 CVE-2001-1461 Dir. Trav. 2001-10-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences.
3 CVE-2001-1460 Sql Bypass 2001-10-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.
4 CVE-2001-1458 Dir. Trav. 2001-10-15 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.
5 CVE-2001-1447 +Priv 2001-10-17 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.
6 CVE-2001-1438 DoS 2001-10-22 2008-09-05
5.0
None Remote Low Not required None None Partial
Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image.
7 CVE-2001-1431 2001-10-08 2008-09-05
5.0
None Remote Low Not required Partial None None
Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.
8 CVE-2001-1423 +Priv 2001-10-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter.
9 CVE-2001-1421 DoS 2001-10-06 2008-09-05
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag.
10 CVE-2001-1419 DoS 2001-10-02 2008-09-05
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
11 CVE-2001-1418 DoS 2001-10-06 2008-09-05
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file.
12 CVE-2001-1417 DoS 2001-10-06 2008-09-05
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data.
13 CVE-2001-1414 2001-10-09 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.
14 CVE-2001-1384 +Priv 2001-10-18 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.
15 CVE-2001-1380 2001-10-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
16 CVE-2001-1299 2001-10-02 2008-09-05
5.0
None Remote Low Not required None Partial None
Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
17 CVE-2001-1298 2001-10-02 2008-09-10
5.0
None Remote Low Not required None Partial None
Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
18 CVE-2001-1297 Exec Code File Inclusion 2001-10-02 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.
19 CVE-2001-1296 2001-10-02 2008-09-10
5.0
None Remote Low Not required None Partial None
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
20 CVE-2001-1287 Exec Code Overflow 2001-10-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
21 CVE-2001-1286 2001-10-12 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
22 CVE-2001-1285 Dir. Trav. 2001-10-12 2008-09-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
23 CVE-2001-1284 2001-10-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
24 CVE-2001-1283 DoS Exec Code Overflow 2001-10-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.
25 CVE-2001-1282 +Info 2001-10-12 2008-09-10
5.0
None Remote Low Not required Partial None None
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
26 CVE-2001-1281 2001-10-12 2008-09-10
5.0
None Remote Low Not required None Partial None
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.
27 CVE-2001-1280 2001-10-12 2008-09-10
5.0
None Remote Low Not required Partial None None
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.
28 CVE-2001-1278 Bypass 2001-10-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
29 CVE-2001-1255 2001-10-02 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
30 CVE-2001-1237 Exec Code 2001-10-02 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.
31 CVE-2001-1236 Exec Code 2001-10-02 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
32 CVE-2001-1235 Exec Code 2001-10-02 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
33 CVE-2001-1234 Exec Code 2001-10-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
34 CVE-2001-1227 Bypass 2001-10-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
35 CVE-2001-1156 DoS 2001-10-08 2008-09-05
5.0
None Remote Low Not required None None Partial
TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.
36 CVE-2001-1151 2001-10-15 2008-09-05
5.0
None Remote Low Not required Partial None None
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.
37 CVE-2001-1147 2001-10-08 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
38 CVE-2001-1128 Exec Code Overflow 2001-10-08 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.
39 CVE-2001-1127 Exec Code Overflow 2001-10-05 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
40 CVE-2001-1126 DoS 2001-10-05 2008-09-05
5.0
None Remote Low Not required None None Partial
Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site.
41 CVE-2001-1125 Exec Code 2001-10-05 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
42 CVE-2001-1124 DoS Overflow 2001-10-01 2009-03-04
5.0
None Remote Low Not required None None Partial
rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow.
43 CVE-2001-1123 Exec Code Overflow 2001-10-01 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID.
44 CVE-2001-1100 Exec Code 2001-10-07 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.
45 CVE-2001-1098 2001-10-10 2008-09-05
2.1
None Local Low Not required Partial None None
Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file.
46 CVE-2001-1096 Exec Code Overflow 2001-10-09 2013-07-25
4.6
User Local Low Not required Partial Partial Partial
Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code.
47 CVE-2001-1095 Exec Code Overflow 2001-10-09 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in uuq in AIX 4 could alllow local users to execute arbitrary code via a long -r parameter.
48 CVE-2001-1071 DoS 2001-10-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements.
49 CVE-2001-1054 2001-10-02 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
50 CVE-2001-1052 2001-10-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
Total number of vulnerabilities : 142   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.