CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2001-1450 DoS 2001-05-11 2008-09-05
2.6
None Remote High Not required None None Partial
Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".
2 CVE-2001-1428 2001-05-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped with a default password, which allows remote attackers to gain unauthorized access.
3 CVE-2001-1349 DoS +Priv 2001-05-28 2008-09-05
3.7
User Local High Not required Partial Partial Partial
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.
4 CVE-2001-1348 Sql 2001-05-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.
5 CVE-2001-1347 DoS +Priv 2001-05-24 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
6 CVE-2001-1346 2001-05-18 2008-09-10
1.2
None Local High Not required None Partial None
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
7 CVE-2001-1342 DoS 2001-05-12 2008-09-10
5.0
None Remote Low Not required None None Partial
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
8 CVE-2001-1341 +Info 2001-05-24 2008-09-10
5.0
None Remote Low Not required Partial None None
The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program.
9 CVE-2001-1339 2001-05-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks.
10 CVE-2001-1338 2001-05-24 2008-09-05
5.0
None Remote Low Not required Partial None None
Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system.
11 CVE-2001-1337 DoS 2001-05-21 2008-09-05
5.0
None Remote Low Not required None None Partial
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request.
12 CVE-2001-1336 +Priv 2001-05-28 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.
13 CVE-2001-1335 Dir. Trav. 2001-05-27 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot).
14 CVE-2001-1333 2001-05-10 2008-09-05
1.2
None Local High Not required None Partial None
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
15 CVE-2001-1332 Exec Code Overflow 2001-05-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
16 CVE-2001-1331 2001-05-03 2008-09-10
1.2
None Local High Not required None Partial None
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
17 CVE-2001-1327 +Priv 2001-05-24 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake.
18 CVE-2001-1326 Exec Code 2001-05-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.
19 CVE-2001-1323 DoS Exec Code Overflow 2001-05-16 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.
20 CVE-2001-1074 +Priv 2001-05-28 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
21 CVE-2001-1028 Overflow +Priv 2001-05-28 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.
22 CVE-2001-0781 Exec Code Overflow 2001-05-30 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST.
23 CVE-2001-0749 2001-05-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root.
24 CVE-2001-0551 Exec Code Overflow 2001-05-22 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window.
25 CVE-2001-0326 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.
26 CVE-2001-0325 DoS Exec Code Overflow 2001-05-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large number of arguments to the stat command.
27 CVE-2001-0324 DoS 2001-05-03 2008-09-05
2.6
None Remote High Not required None None Partial
Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.
28 CVE-2001-0321 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.
29 CVE-2001-0320 +Priv 2001-05-03 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.
30 CVE-2001-0319 2001-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
31 CVE-2001-0317 +Priv 2001-05-03 2008-09-10
3.7
None Local High Not required Partial Partial Partial
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.
32 CVE-2001-0316 +Priv 2001-05-03 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call.
33 CVE-2001-0308 94 Exec Code 2001-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program.
34 CVE-2001-0307 94 Exec Code 2001-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.
35 CVE-2001-0306 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ITAfrica WEBactive HTTP Server 1.00 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
36 CVE-2001-0305 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter.
37 CVE-2001-0304 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a "\.." (dot dot) in a URL request.
38 CVE-2001-0303 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file.
39 CVE-2001-0302 DoS Exec Code Overflow 2001-05-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
40 CVE-2001-0301 Exec Code Overflow 2001-05-03 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.
41 CVE-2001-0298 DoS Exec Code Overflow 2001-05-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request.
42 CVE-2001-0297 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Simple Server HTTPd 1.0 (originally Free Java Server) allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
43 CVE-2001-0296 Exec Code Overflow 2001-05-03 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.
44 CVE-2001-0295 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command.
45 CVE-2001-0294 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in a GET command, or (2) a ... in a CWD command.
46 CVE-2001-0293 Dir. Trav. 2001-05-03 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows remote attackers to read arbitrary files via a .. (dot dot) in the GET command.
47 CVE-2001-0292 2001-05-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.
48 CVE-2001-0291 Exec Code Overflow 2001-05-03 2005-10-20
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters.
49 CVE-2001-0290 2001-05-03 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
50 CVE-2001-0289 +Priv 2001-05-03 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.
Total number of vulnerabilities : 105   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.