CVE Output in CVRF 1.1: 20240227
CVE List
cve@mitre.org
The MITRE Corporation
20240227-102213
Interim
2024.02.27.10
1
2024-02-27T10:22:13
Initial public release
2024-02-27T10:22:13
2024-02-27T10:22:13
MITRE Custom CVE-to-CVRF Converter 2.0
This is a list of CVE Identifiers as published by MITRE.
The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use Common Vulnerabilities and Exposures (CVE (R)) for research, development, and commercial purposes. Any copy you make for such purposes is authorized provided that you reproduce MITREs copyright designation and this license in any such copy.
ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS, AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
CVE-2001-0001
cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie.
2002-03-09
2002-03-01
CVE-2001-0001
http://archives.neohapsis.com/archives/bugtraq/2001-02/0257.html
BUGTRAQ:20010213 RFP2101: RFPlutonium to fuel your PHP-Nuke
https://exchange.xforce.ibmcloud.com/vulnerabilities/6183
XF:php-nuke-elevate-privileges(6183)
CVE-2001-0002
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
2001-05-07
2004-09-02
CVE-2001-0002
http://www.securityfocus.com/bid/2456
BID:2456
BUGTRAQ:20001120 IE 5.x/Outlook allows executing arbitrary programs using .chm files and temporary internet files folder
http://www.guninski.com/chmtempmain.html
MISC:http://www.guninski.com/chmtempmain.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015
MS:MS01-015
http://www.osvdb.org/7823
OSVDB:7823
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920
OVAL:oval:org.mitre.oval:def:920
https://exchange.xforce.ibmcloud.com/vulnerabilities/5567
XF:ie-chm-execute-files(5567)
CVE-2001-0003
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
2001-05-07
2005-11-02
CVE-2001-0003
http://www.securityfocus.com/bid/2199
BID:2199
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-001
MS:MS01-001
https://exchange.xforce.ibmcloud.com/vulnerabilities/5920
XF:wec-ntlm-authentication(5920)
CVE-2001-0004
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
2001-09-18
2005-11-02
CVE-2001-0004
http://www.securityfocus.com/bid/2313
BID:2313
http://marc.info/?l=bugtraq&m=97897954625305&w=2
BUGTRAQ:20010108 IIS 5.0 allows viewing files using %3F+.htr
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-004
MS:MS01-004
https://exchange.xforce.ibmcloud.com/vulnerabilities/5903
XF:iis-read-files(5903)
CVE-2001-0005
Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
2001-05-07
2005-11-02
CVE-2001-0005
http://www.atstake.com/research/advisories/2001/a012301-1.txt
ATSTAKE:A012301-1
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-002
MS:MS01-002
https://exchange.xforce.ibmcloud.com/vulnerabilities/5996
XF:powerpoint-execute-code(5996)
CVE-2001-0006
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
2001-05-07
2005-11-02
CVE-2001-0006
http://marc.info/?l=bugtraq&m=98075221915234&w=2
BUGTRAQ:20010126 ntsecurity.nu advisory: Winsock Mutex Vulnerability in Windows NT 4.0 SP6 and below
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-003
MS:MS01-003
https://exchange.xforce.ibmcloud.com/vulnerabilities/6006
XF:winnt-mutex-dos(6006)
CVE-2001-0007
Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface.
2002-03-09
2002-03-01
CVE-2001-0007
http://www.securityfocus.com/bid/2176
BID:2176
http://www.securityfocus.com/archive/1/155149
BUGTRAQ:20010109 NSFOCUS SA2001-01: NetScreen Firewall WebUI Buffer Overflow vulnerability
http://www.osvdb.org/1707
OSVDB:1707
https://exchange.xforce.ibmcloud.com/vulnerabilities/5908
XF:netscreen-webui-bo(5908)
CVE-2001-0008
Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.
2001-05-07
2005-11-02
CVE-2001-0008
http://www.securityfocus.com/bid/2192
BID:2192
http://www.cert.org/advisories/CA-2001-01.html
CERT:CA-2001-01
https://exchange.xforce.ibmcloud.com/vulnerabilities/5911
XF:interbase-backdoor-account(5911)
CVE-2001-0009
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
2001-05-07
2004-09-02
CVE-2001-0009
http://www.securityfocus.com/bid/2173
BID:2173
http://www.securityfocus.com/archive/1/154537
BUGTRAQ:20010105 Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root
http://www.securityfocus.com/archive/1/155124
BUGTRAQ:20010109 bugtraq id 2173 Lotus Domino Server
http://www.osvdb.org/1703
OSVDB:1703
https://exchange.xforce.ibmcloud.com/vulnerabilities/5899
XF:lotus-domino-directory-traversal(5899)
CVE-2001-0010
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.
2001-05-07
2004-09-02
CVE-2001-0010
http://www.securityfocus.com/bid/2302
BID:2302
http://www.cert.org/advisories/CA-2001-02.html
CERT:CA-2001-02
CONECTIVA:000377
http://www.debian.org/security/2001/dsa-026
DEBIAN:DSA-026
FREEBSD:FreeBSD-SA-01:18
IBM:ERS-SVA-E01-2001:002.1
MANDRAKE:MDKSA-2001-017
http://www.nai.com/research/covert/advisories/047.asp
NAI:20010129 Vulnerabilities in BIND 4 and 8
http://www.redhat.com/support/errata/RHSA-2001-007.html
REDHAT:RHSA-2001:007
XF:bind-tsig-bo
CVE-2001-0011
Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
2001-05-07
2004-09-02
CVE-2001-0011
http://www.securityfocus.com/bid/2307
BID:2307
http://www.cert.org/advisories/CA-2001-02.html
CERT:CA-2001-02
CONECTIVA:000377
FREEBSD:FreeBSD-SA-01:18
IBM:ERS-SVA-E01-2001:002.1
MANDRAKE:MDKSA-2001-017
http://www.nai.com/research/covert/advisories/047.asp
NAI:20010129 Vulnerabilities in BIND 4 and 8
http://www.redhat.com/support/errata/RHSA-2001-007.html
REDHAT:RHSA-2001:007
XF:bind-complain-bo
CVE-2001-0012
BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
2001-05-07
2004-09-02
CVE-2001-0012
http://www.securityfocus.com/bid/2321
BID:2321
http://www.cert.org/advisories/CA-2001-02.html
CERT:CA-2001-02
CONECTIVA:000377
http://www.debian.org/security/2001/dsa-026
DEBIAN:DSA-026
FREEBSD:FreeBSD-SA-01:18
IBM:ERS-SVA-E01-2001:002.1
MANDRAKE:MDKSA-2001-017
http://www.nai.com/research/covert/advisories/047.asp
NAI:20010129 Vulnerabilities in BIND 4 and 8
http://www.redhat.com/support/errata/RHSA-2001-007.html
REDHAT:RHSA-2001:007
XF:bind-inverse-query-disclosure
CVE-2001-0013
Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
2001-05-07
2004-09-02
CVE-2001-0013
http://www.securityfocus.com/bid/2309
BID:2309
http://www.cert.org/advisories/CA-2001-02.html
CERT:CA-2001-02
CONECTIVA:000377
FREEBSD:FreeBSD-SA-01:18
IBM:ERS-SVA-E01-2001:002.1
MANDRAKE:MDKSA-2001-017
http://www.nai.com/research/covert/advisories/047.asp
NAI:20010129 Vulnerabilities in BIND 4 and 8
http://www.redhat.com/support/errata/RHSA-2001-007.html
REDHAT:RHSA-2001:007
XF:bind-complain-format-string
CVE-2001-0014
Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability.
2001-05-07
2005-11-02
CVE-2001-0014
http://www.securityfocus.com/bid/2326
BID:2326
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-006
MS:MS01-006
XF:win2k-rdp-dos
CVE-2001-0015
Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process.
2001-05-07
2005-11-02
CVE-2001-0015
http://www.atstake.com/research/advisories/2001/a020501-1.txt
ATSTAKE:A020501-1
http://www.securityfocus.com/bid/2341
BID:2341
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-007
MS:MS01-007
https://exchange.xforce.ibmcloud.com/vulnerabilities/6062
XF:win-dde-elevate-privileges(6062)
CVE-2001-0016
NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access.
2001-05-07
2005-11-02
CVE-2001-0016
http://www.securityfocus.com/bid/2348
BID:2348
http://razor.bindview.com/publish/advisories/adv_NTLMSSP.html
BINDVIEW:20010207 Local promotion vulnerability in NT4's NTLM Security Support Provider
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-008
MS:MS01-008
https://exchange.xforce.ibmcloud.com/vulnerabilities/6076
XF:ntlm-ssp-elevate-privileges(6076)
CVE-2001-0017
Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability.
2001-05-07
2005-11-02
CVE-2001-0017
http://www.securityfocus.com/bid/2368
BID:2368
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-009
MS:MS01-009
https://exchange.xforce.ibmcloud.com/vulnerabilities/6103
XF:winnt-pptp-dos(6103)
CVE-2001-0018
Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests.
2002-03-09
2002-03-07
CVE-2001-0018
http://www.ciac.org/ciac/bulletins/l-049.shtml
CIAC:L-049
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-011
MS:MS01-011
http://online.securityfocus.com/archive/82/148411
VULN-DEV:20001202 UDP Ping-pong in Win2k
https://exchange.xforce.ibmcloud.com/vulnerabilities/6136
XF:win2k-domain-controller-dos(6136)
CVE-2001-0019
Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands.
2001-02-02
2003-03-21
CVE-2001-0019
http://www.atstake.com/research/advisories/2001/a013101-1.txt
ATSTAKE:A013101-1
http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml
CISCO:20010131 Cisco Content Services Switch Vulnerability
CVE-2001-0020
Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack.
2001-09-18
2004-09-02
CVE-2001-0020
http://www.atstake.com/research/advisories/2001/a013101-1.txt
ATSTAKE:A013101-1
http://www.securityfocus.com/bid/2331
BID:2331
http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml
CISCO:20010131 Cisco Content Services Switch Vulnerability
http://www.osvdb.org/1757
OSVDB:1757
https://exchange.xforce.ibmcloud.com/vulnerabilities/6031
XF:cisco-ccs-file-access(6031)
CVE-2001-0021
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.
2001-05-07
2005-11-02
CVE-2001-0021
http://www.securityfocus.com/bid/2063
BID:2063
http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html
BUGTRAQ:20001206 (SRADV00005) Remote command execution vulnerabilities in MailMan Webmail
http://www.endymion.com/products/mailman/history.htm
CONFIRM:http://www.endymion.com/products/mailman/history.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/5649
XF:mailman-alternate-templates(5649)
CVE-2001-0022
simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter.
2001-02-02
2017-12-18
CVE-2001-0022
http://www.securityfocus.com/bid/2106
BID:2106
http://archives.neohapsis.com/archives/bugtraq/2000-12/0168.html
BUGTRAQ:20001213 Re: Insecure input validation in simplestmail.cgi
https://exchange.xforce.ibmcloud.com/vulnerabilities/5743
XF:http-cgi-simplestguest(5743)
CVE-2001-0023
everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter.
2001-02-02
2017-12-18
CVE-2001-0023
http://www.securityfocus.com/bid/2101
BID:2101
http://archives.neohapsis.com/archives/bugtraq/2000-12/0137.html
BUGTRAQ:20001211 Insecure input validation in everythingform.cgi (remote command execution)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5736
XF:http-cgi-everythingform(5736)
CVE-2001-0024
simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter.
2001-02-02
2017-12-18
CVE-2001-0024
http://www.securityfocus.com/bid/2102
BID:2102
http://archives.neohapsis.com/archives/bugtraq/2000-12/0136.html
BUGTRAQ:20001211 Insecure input validation in simplestmail.cgi (remote command execution)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5739
XF:http-cgi-simplestmail(5739)
CVE-2001-0025
ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.
2001-02-02
2017-12-18
CVE-2001-0025
http://www.securityfocus.com/bid/2103
BID:2103
http://archives.neohapsis.com/archives/bugtraq/2000-12/0143.html
BUGTRAQ:20001211 Insecure input validation in ad.cgi
https://exchange.xforce.ibmcloud.com/vulnerabilities/5741
XF:http-cgi-ad(5741)
CVE-2001-0026
rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.
2001-05-07
2004-09-02
CVE-2001-0026
http://www.securityfocus.com/bid/2098
BID:2098
http://archives.neohapsis.com/archives/bugtraq/2000-12/0134.html
BUGTRAQ:20001211 DoS vulnerability in rp-pppoe versions <= 2.4
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000357
CONECTIVA:CLA-2000:357
http://www.linux-mandrake.com/en/security/MDKSA-2000-084.php3
MANDRAKE:MDKSA-2000:084
http://www.redhat.com/support/errata/RHSA-2000-130.html
REDHAT:RHSA-2000:130
https://exchange.xforce.ibmcloud.com/vulnerabilities/5727
XF:rppppoe-zero-length-dos(5727)
CVE-2001-0027
mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.
2001-02-02
2017-12-18
CVE-2001-0027
http://archives.neohapsis.com/archives/bugtraq/2000-12/0139.html
BUGTRAQ:20001211 mod_sqlpw Password Caching Bug
https://exchange.xforce.ibmcloud.com/vulnerabilities/5737
XF:proftpd-modsqlpw-unauth-access(5737)
CVE-2001-0028
Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters.
2001-05-07
2005-11-02
CVE-2001-0028
http://www.securityfocus.com/bid/2099
BID:2099
http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.html
BUGTRAQ:20001211 [pkc] remote heap buffer overflow in oops
http://archives.neohapsis.com/archives/freebsd/2000-12/0418.html
FREEBSD:FreeBSD-SA-00:79
https://exchange.xforce.ibmcloud.com/vulnerabilities/5725
XF:oops-ftputils-bo(5725)
CVE-2001-0029
Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other versions) allows remote attackers to execute arbitrary commands via a long host or domain name that is obtained from a reverse DNS lookup.
2001-02-02
2017-12-18
CVE-2001-0029
http://www.securityfocus.com/bid/2099
BID:2099
http://archives.neohapsis.com/archives/bugtraq/2000-12/0158.html
BUGTRAQ:20001212 Stack too ;) Re: [pkc] remote heap buffer overflow in oops
http://zipper.paco.net/~igor/oops/ChangeLog
MISC:http://zipper.paco.net/~igor/oops/ChangeLog
https://exchange.xforce.ibmcloud.com/vulnerabilities/6122
XF:oops-dns-bo(6122)
CVE-2001-0030
FoolProof 3.9 allows local users to bypass program execution restrictions by downloading the restricted executables from another source and renaming them.
2001-02-02
2017-12-18
CVE-2001-0030
http://www.securityfocus.com/bid/2089
BID:2089
https://exchange.xforce.ibmcloud.com/vulnerabilities/5758
XF:foolproof-security-bypass(5758)
CVE-2001-0031
BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist.
2001-02-02
2017-12-18
CVE-2001-0031
http://archives.neohapsis.com/archives/bugtraq/2000-12/0074.html
BUGTRAQ:20001207 BroadVision One-To-One Enterprise Path Disclosure Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/5661
XF:broadvision-bv1to1-reveal-path(5661)
CVE-2001-0032
Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL.
2001-02-02
2017-12-18
CVE-2001-0032
http://www.securityfocus.com/bid/2096
BID:2096
http://www.securityfocus.com/archive/1/149917
BUGTRAQ:20001208 format string in ssl dump
https://exchange.xforce.ibmcloud.com/vulnerabilities/5717
XF:ssldump-format-strings(5717)
CVE-2001-0033
KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.
2001-05-07
2005-11-02
CVE-2001-0033
http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
BUGTRAQ:20001210 KTH upgrade and FIX
https://exchange.xforce.ibmcloud.com/vulnerabilities/5738
XF:kerberos4-user-config(5738)
CVE-2001-0034
KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.
2001-05-07
2005-11-02
CVE-2001-0034
http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
BUGTRAQ:20001210 KTH upgrade and FIX
https://exchange.xforce.ibmcloud.com/vulnerabilities/5733
XF:kerberos4-arbitrary-proxy(5733)
CVE-2001-0035
Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request.
2001-05-07
2005-11-02
CVE-2001-0035
http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
BUGTRAQ:20001210 KTH upgrade and FIX
http://archives.neohapsis.com/archives/bugtraq/2001-01/0511.html
BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches
https://exchange.xforce.ibmcloud.com/vulnerabilities/5734
XF:kerberos4-auth-packet-overflow(5734)
CVE-2001-0036
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.
2001-05-07
2004-09-02
CVE-2001-0036
http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
BUGTRAQ:20001210 KTH upgrade and FIX
http://www.redhat.com/support/errata/RHSA-2001-025.html
REDHAT:RHSA-2001:025
https://exchange.xforce.ibmcloud.com/vulnerabilities/5754
XF:kerberos4-tmpfile-dos(5754)
CVE-2001-0037
Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers.
2001-02-02
2017-12-18
CVE-2001-0037
http://www.securityfocus.com/bid/2085
BID:2085
http://archives.neohapsis.com/archives/bugtraq/2000-12/0082.html
BUGTRAQ:20001207 HomeSeer Directory Traversal Vulnerability
http://www.keware.com/hsbetachanges.htm
MISC:http://www.keware.com/hsbetachanges.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/5663
XF:homeseer-directory-traversal(5663)
CVE-2001-0038
Offline Explorer 1.4 before Service Release 2 allows remote attackers to read arbitrary files by specifying the drive letter (e.g. C:) in the requested URL.
2001-02-02
2017-12-18
CVE-2001-0038
http://www.securityfocus.com/bid/2084
BID:2084
http://archives.neohapsis.com/archives/bugtraq/2000-12/0078.html
BUGTRAQ:20001207 MetaProducts Offline Explorer
https://exchange.xforce.ibmcloud.com/vulnerabilities/5728
XF:offline-explorer-reveal-files(5728)
CVE-2001-0039
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.
2001-05-07
2005-11-02
CVE-2001-0039
http://www.securityfocus.com/bid/2083
BID:2083
http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html
BUGTRAQ:20001206 DoS by SMTP AUTH command in IPSwitch IMail server
http://www.ipswitch.com/Support/IMail/news.html
CONFIRM:http://www.ipswitch.com/Support/IMail/news.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/5674
XF:imail-smtp-auth-dos(5674)
CVE-2001-0040
APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.
2001-05-07
2007-11-12
CVE-2001-0040
http://www.securityfocus.com/bid/2070
BID:2070
http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.html
BUGTRAQ:20001206 apcupsd 3.7.2 Denial of Service
http://www.linux-mandrake.com/en/security/MDKSA-2000-077.php3
MANDRAKE:MDKSA-2000:077
https://exchange.xforce.ibmcloud.com/vulnerabilities/5654
XF:apc-apcupsd-dos(5654)
CVE-2001-0041
Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts.
2001-05-07
2004-09-02
CVE-2001-0041
http://www.securityfocus.com/bid/2072
BID:2072
http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml
CISCO:20001206 Cisco Catalyst Memory Leak Vulnerability
http://www.osvdb.org/801
OSVDB:801
https://exchange.xforce.ibmcloud.com/vulnerabilities/5656
XF:cisco-catalyst-telnet-dos(5656)
CVE-2001-0042
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
2004-09-01
2004-07-22
CVE-2001-0042
http://www.securityfocus.com/bid/2060
BID:2060
http://www.securityfocus.com/archive/1/149210
BUGTRAQ:20001206 CHINANSL Security Advisory(CSA-200011)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5659
XF:apache-php-disclose-files(5659)
CVE-2001-0043
phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.
2001-05-07
2004-09-02
CVE-2001-0043
http://www.securityfocus.com/bid/2069
BID:2069
http://archives.neohapsis.com/archives/bugtraq/2000-12/0053.html
BUGTRAQ:20001206 (SRADV00006) Remote command execution vulnerabilities in phpGroupWare
http://sourceforge.net/project/shownotes.php?release_id=17604
MISC:http://sourceforge.net/project/shownotes.php?release_id=17604
http://www.osvdb.org/1682
OSVDB:1682
https://exchange.xforce.ibmcloud.com/vulnerabilities/5650
XF:phpgroupware-include-files(5650)
CVE-2001-0044
Multiple buffer overflows in Lexmark MarkVision printer driver programs allows local users to gain privileges via long arguments to the cat_network, cat_paraller, and cat_serial commands.
2001-02-02
2017-12-18
CVE-2001-0044
http://www.securityfocus.com/bid/2075
BID:2075
http://archives.neohapsis.com/archives/bugtraq/2000-12/0064.html
BUGTRAQ:20001206 (SRADV00007) Local root compromise through Lexmark MarkVision printer drivers
https://exchange.xforce.ibmcloud.com/vulnerabilities/5651
XF:markvision-printer-driver-bo(5651)
CVE-2001-0045
The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.
2001-02-02
2018-10-12
CVE-2001-0045
http://www.securityfocus.com/bid/2064
BID:2064
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-095
MS:MS00-095
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A500
OVAL:oval:org.mitre.oval:def:500
https://exchange.xforce.ibmcloud.com/vulnerabilities/5671
XF:nt-ras-reg-perms(5671)
CVE-2001-0046
The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Permissions" vulnerabilities.
2001-02-02
2018-10-12
CVE-2001-0046
http://www.securityfocus.com/bid/2066
BID:2066
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-095
MS:MS00-095
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A139
OVAL:oval:org.mitre.oval:def:139
https://exchange.xforce.ibmcloud.com/vulnerabilities/5672
XF:nt-snmp-reg-perms(5672)
CVE-2001-0047
The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges, aka one of the "Registry Permissions" vulnerabilities.
2001-02-02
2018-10-12
CVE-2001-0047
http://www.securityfocus.com/bid/2065
BID:2065
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-095
MS:MS00-095
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A140
OVAL:oval:org.mitre.oval:def:140
https://exchange.xforce.ibmcloud.com/vulnerabilities/5673
XF:nt-mts-reg-perms(5673)
CVE-2001-0048
The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
2001-02-02
2018-10-12
CVE-2001-0048
http://www.securityfocus.com/bid/2133
BID:2133
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-099
MS:MS00-099
CVE-2001-0049
WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to cause a denial of service via a large number of GET requests.
2001-02-02
2017-12-18
CVE-2001-0049
http://www.securityfocus.com/bid/2082
BID:2082
http://archives.neohapsis.com/archives/bugtraq/2000-12/0079.html
BUGTRAQ:20001207 WatchGuard SOHO v2.2.1 DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/5665
XF:watchguard-soho-get-dos(5665)
CVE-2001-0050
Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name.
2001-05-07
2004-09-02
CVE-2001-0050
http://www.securityfocus.com/bid/2087
BID:2087
http://archives.neohapsis.com/archives/bugtraq/2000-12/0081.html
BUGTRAQ:20001207 BitchX DNS Overflow Patch
http://archives.neohapsis.com/archives/bugtraq/2000-12/0086.html
BUGTRAQ:20001207 bitchx/ircd DNS overflow demonstration
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000364
CONECTIVA:CLA-2000:364
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:78.bitchx.v1.1.asc
FREEBSD:FreeBSD-SA-00:78
http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-079.php3
MANDRAKE:MDKSA-2000:079
http://www.redhat.com/support/errata/RHSA-2000-126.html
REDHAT:RHSA-2000:126
https://exchange.xforce.ibmcloud.com/vulnerabilities/5701
XF:irc-bitchx-dns-bo(5701)
CVE-2001-0051
IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database.
2001-02-02
2017-12-18
CVE-2001-0051
http://www.securityfocus.com/bid/2068
BID:2068
http://www.securityfocus.com/archive/1/149222
BUGTRAQ:20001205 IBM DB2 default account and password Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/5662
XF:ibm-db2-gain-access(5662)
CVE-2001-0052
IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query.
2001-02-02
2017-12-18
CVE-2001-0052
http://www.securityfocus.com/bid/2067
BID:2067
http://www.securityfocus.com/archive/1/149207
BUGTRAQ:20001205 IBM DB2 SQL DOS
https://exchange.xforce.ibmcloud.com/vulnerabilities/5664
XF:ibm-db2-dos(5664)
CVE-2001-0053
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.
2001-05-07
2005-11-02
CVE-2001-0053
http://www.securityfocus.com/bid/2124
BID:2124
http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html
BUGTRAQ:20001218 Trustix Security Advisory - ed, tcsh, and ftpd-BSD
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc
NETBSD:NetBSD-SA2000-018
http://www.openbsd.org/advisories/ftpd_replydirname.txt
OPENBSD:20001218
https://exchange.xforce.ibmcloud.com/vulnerabilities/5776
XF:bsd-ftpd-replydirname-bo(5776)
CVE-2001-0054
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.
2001-05-07
2004-09-02
CVE-2001-0054
http://www.securityfocus.com/bid/2052
BID:2052
http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html
BUGTRAQ:20001205 (no subject)
http://marc.info/?l=bugtraq&m=97604119024280&w=2
BUGTRAQ:20001205 Serv-U FTP directory traversal vunerability (all versions)
http://www.osvdb.org/464
OSVDB:464
https://exchange.xforce.ibmcloud.com/vulnerabilities/5639
XF:ftp-servu-homedir-travers(5639)
CVE-2001-0055
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets.
2001-05-07
2005-11-02
CVE-2001-0055
http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
CISCO:20001204 Multiple Vulnerabilities in CBOS
https://exchange.xforce.ibmcloud.com/vulnerabilities/5627
XF:cisco-cbos-syn-packets(5627)
CVE-2001-0056
The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection.
2001-05-07
2005-11-02
CVE-2001-0056
http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
CISCO:20001204 Multiple Vulnerabilities in CBOS
https://exchange.xforce.ibmcloud.com/vulnerabilities/5628
XF:cisco-cbos-invalid-login(5628)
CVE-2001-0057
Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet.
2001-05-07
2005-11-02
CVE-2001-0057
http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
CISCO:20001204 Multiple Vulnerabilities in CBOS
https://exchange.xforce.ibmcloud.com/vulnerabilities/5629
XF:cisco-cbos-icmp-echo(5629)
CVE-2001-0058
The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character.
2001-05-07
2004-09-02
CVE-2001-0058
http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
CISCO:20001204 Multiple Vulnerabilities in CBOS
http://www.osvdb.org/460
OSVDB:460
https://exchange.xforce.ibmcloud.com/vulnerabilities/5626
XF:cisco-cbos-web-access(5626)
CVE-2001-0059
patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.
2001-05-07
2005-11-02
CVE-2001-0059
http://www.securityfocus.com/bid/2127
BID:2127
http://marc.info/?l=bugtraq&m=97720205217707&w=2
BUGTRAQ:20001218 Solaris patchadd(1) (3) symlink vulnerabilty
https://exchange.xforce.ibmcloud.com/vulnerabilities/5789
XF:solaris-patchadd-symlink(5789)
CVE-2001-0060
Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username.
2001-05-07
2004-09-02
CVE-2001-0060
http://www.securityfocus.com/bid/2128
BID:2128
http://archives.neohapsis.com/archives/bugtraq/2000-12/0337.html
BUGTRAQ:20001209 Trustix Security Advisory - stunnel
http://www.securityfocus.com/archive/1/151719
BUGTRAQ:20001218 Stunnel format bug
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000363
CONECTIVA:CLA-2000:363
http://www.debian.org/security/2001/dsa-009
DEBIAN:DSA-009
FREEBSD:FreeBSD-SA-01:05
http://www.redhat.com/support/errata/RHSA-2000-129.html
REDHAT:RHSA-2000:129
https://exchange.xforce.ibmcloud.com/vulnerabilities/5807
XF:stunnel-format-logfile(5807)
CVE-2001-0061
procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space.
2001-05-07
2004-09-02
CVE-2001-0061
http://www.securityfocus.com/bid/2130
BID:2130
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
FREEBSD:FreeBSD-SA-00:77
http://www.osvdb.org/1697
OSVDB:1697
https://exchange.xforce.ibmcloud.com/vulnerabilities/6106
XF:procfs-elevate-privileges(6106)
CVE-2001-0062
procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang.
2001-05-07
2004-09-02
CVE-2001-0062
http://www.securityfocus.com/bid/2131
BID:2131
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
FREEBSD:FreeBSD-SA-00:77
http://www.osvdb.org/1698
OSVDB:1698
http://www.osvdb.org/6082
OSVDB:6082
https://exchange.xforce.ibmcloud.com/vulnerabilities/6107
XF:procfs-mmap-dos(6107)
CVE-2001-0063
procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges.
2001-05-07
2004-09-02
CVE-2001-0063
http://www.securityfocus.com/bid/2132
BID:2132
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
FREEBSD:FreeBSD-SA-00:77
http://www.osvdb.org/1691
OSVDB:1691
https://exchange.xforce.ibmcloud.com/vulnerabilities/6108
XF:procfs-access-control-bo(6108)
CVE-2001-0064
Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string.
2001-02-02
2003-05-08
CVE-2001-0064
http://www.securityfocus.com/bid/2134
BID:2134
http://archives.neohapsis.com/archives/bugtraq/2000-12/0315.html
BUGTRAQ:20001219 def-2000-03: MDaemon 3.5.0 DoS
CVE-2001-0065
Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command.
2001-02-02
2017-12-18
CVE-2001-0065
http://archives.neohapsis.com/archives/bugtraq/2000-12/0189.html
BUGTRAQ:20001213 Potential Buffer Overflow vulnerability in bftpd-1.0.13
https://exchange.xforce.ibmcloud.com/vulnerabilities/5775
XF:bftpd-site-chown-bo(5775)
CVE-2001-0066
Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer.
2001-05-07
2004-09-02
CVE-2001-0066
http://www.securityfocus.com/bid/2004
BID:2004
http://archives.neohapsis.com/archives/bugtraq/2000-11/0356.html
BUGTRAQ:20001126 [MSY] S(ecure)Locate heap corruption vulnerability
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000369
CONECTIVA:CLA-2001:369
DEBIAN:20001217a
http://www.debian.org/security/2000/20001217a
DEBIAN:DSA-005-1
http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-085.php3
MANDRAKE:MDKSA-2000:085
http://www.redhat.com/support/errata/RHSA-2000-128.html
REDHAT:RHSA-2000:128
http://www.turbolinux.com/pipermail/tl-security-announce/2001-February/000144.html
TURBO:TLSA2001002-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/5594
XF:slocate-heap-execute-code(5594)
CVE-2001-0067
The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set.
2001-02-02
2017-12-18
CVE-2001-0067
http://www.securityfocus.com/templates/archive.pike?mid=150957&end=2001-02-03&fromthread=1&start=2001-01-28&threads=0&list=1&
BUGTRAQ:20001214 J-Pilot Permissions Vulnerability
http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-081.php3
MANDRAKE:MDKSA-2000:081
https://exchange.xforce.ibmcloud.com/vulnerabilities/5762
XF:jpilot-perms(5762)
CVE-2001-0068
Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter.
2001-02-02
2017-12-18
CVE-2001-0068
http://archives.neohapsis.com/archives/bugtraq/2000-12/0241.html
BUGTRAQ:20001215 Security Hole of MRJ 2.2.3 (Mac OS Runtime for Java) - Inconsistent Use of CODEBASE and ARCHIVE Attributes -
https://exchange.xforce.ibmcloud.com/vulnerabilities/5784
XF:mrj-runtime-malicious-applets(5784)
CVE-2001-0069
dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack.
2001-05-07
2005-11-02
CVE-2001-0069
http://www.securityfocus.com/bid/2151
BID:2151
http://www.debian.org/security/2000/20001225
DEBIAN:DSA-008-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/5809
XF:dialog-symlink(5809)
CVE-2001-0070
Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long MAIL FROM command.
2001-02-02
2017-12-18
CVE-2001-0070
http://www.securityfocus.com/bid/2152
BID:2152
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0143.html
BUGTRAQ:20001226 1st Up Mail Server v4.1 Buffer Overflow Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/5808
XF:1stup-mail-server-bo(5808)
CVE-2001-0071
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
2001-05-07
2004-09-02
CVE-2001-0071
http://www.securityfocus.com/bid/2141
BID:2141
http://www.securityfocus.com/archive/1/152197
BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
CONECTIVA:CLA-2000:368
http://www.debian.org/security/2000/20001225b
DEBIAN:DSA-010-1
http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
MANDRAKE:MDKSA-2000-087
http://www.osvdb.org/1699
OSVDB:1699
http://www.redhat.com/support/errata/RHSA-2000-131.html
REDHAT:RHSA-2000:131
https://exchange.xforce.ibmcloud.com/vulnerabilities/5802
XF:gnupg-detached-sig-modify(5802)
CVE-2001-0072
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
2001-05-07
2004-09-02
CVE-2001-0072
http://www.securityfocus.com/bid/2153
BID:2153
http://www.securityfocus.com/archive/1/152197
BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
CONECTIVA:CLA-2000:368
http://www.debian.org/security/2000/20001225b
DEBIAN:DSA-010-1
http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
MANDRAKE:MDKSA-2000-087
http://www.osvdb.org/1702
OSVDB:1702
http://www.redhat.com/support/errata/RHSA-2000-131.html
REDHAT:RHSA-2000:131
https://exchange.xforce.ibmcloud.com/vulnerabilities/5803
XF:gnupg-reveal-private(5803)
CVE-2001-0073
Buffer overflow in the find_default_type function in libsecure in NSA Security-enhanced Linux, which may allow attackers to modify critical data in memory.
2001-02-02
2003-05-08
CVE-2001-0073
http://www.securityfocus.com/bid/2154
BID:2154
http://www.securityfocus.com/archive/1/153188
BUGTRAQ:20001226 buffer overflow in libsecure (NSA Security-enhanced Linux)
CVE-2001-0074
Directory traversal vulnerability in print.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the board parameter.
2001-02-02
2003-05-08
CVE-2001-0074
http://www.securityfocus.com/bid/2155
BID:2155
http://www.securityfocus.com/archive/1/153007
BUGTRAQ:20001223 Technote
CVE-2001-0075
Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter.
2001-02-02
2003-05-08
CVE-2001-0075
http://www.securityfocus.com/bid/2156
BID:2156
http://www.securityfocus.com/archive/1/153212
BUGTRAQ:20001227 [Ksecurity Advisory] main.cgi in technote
CVE-2001-0076
register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed.
2001-02-02
2017-12-18
CVE-2001-0076
http://www.securityfocus.com/bid/2157
BID:2157
http://archives.neohapsis.com/archives/bugtraq/2000-12/0483.html
BUGTRAQ:20001228 Remote vulnerability in Ikonboard upto version 2.1.7b
https://exchange.xforce.ibmcloud.com/vulnerabilities/5819
XF:http-cgi-ikonboard(5819)
CVE-2001-0077
The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations.
2001-09-18
2005-11-02
CVE-2001-0077
http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html
BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x
https://exchange.xforce.ibmcloud.com/vulnerabilities/6123
XF:clustmon-no-authentication(6123)
CVE-2001-0078
in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS.
2001-09-18
2004-09-02
CVE-2001-0078
http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html
BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x
http://www.osvdb.org/6437
OSVDB:6437
https://exchange.xforce.ibmcloud.com/vulnerabilities/6125
XF:ha-nfs-symlink(6125)
CVE-2001-0079
Support Tools Manager (STM) A.22.00 for HP-UX allows local users to overwrite arbitrary files via a symlink attack on the tool_stat.txt log file.
2001-02-02
2003-05-08
CVE-2001-0079
http://archives.neohapsis.com/archives/bugtraq/2000-12/0174.html
BUGTRAQ:20001213 STM symlink Vulnerability
CVE-2001-0080
Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error.
2001-05-07
2005-11-02
CVE-2001-0080
http://www.securityfocus.com/bid/2117
BID:2117
http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml
CISCO:20001213 Cisco Catalyst SSH Protocol Mismatch Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/5760
XF:cisco-catalyst-ssh-mismatch(5760)
CVE-2001-0081
swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys.
2001-05-07
2004-09-02
CVE-2001-0081
http://archives.neohapsis.com/archives/bugtraq/2000-12/0152.html
BUGTRAQ:20001212 nCipher Security Advisory: Operator Cards unexpectedly recoverable
http://active.ncipher.com/updates/advisory.txt
CONFIRM:http://active.ncipher.com/updates/advisory.txt
http://www.osvdb.org/4849
OSVDB:4849
https://exchange.xforce.ibmcloud.com/vulnerabilities/5999
XF:ncipher-recover-operator-cards(5999)
CVE-2001-0082
Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets.
2001-02-02
2003-05-08
CVE-2001-0082
http://archives.neohapsis.com/archives/bugtraq/2000-12/0271.html
BUGTRAQ:20001218 FireWall-1 Fastmode Vulnerability
CVE-2001-0083
Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability.
2001-05-07
2005-11-02
CVE-2001-0083
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-097
MS:MS00-097
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;Q281256
MSKB:Q281256
https://exchange.xforce.ibmcloud.com/vulnerabilities/5785
XF:mediaservices-dropped-connection-dos(5785)
CVE-2001-0084
GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.
2001-02-02
2003-03-21
CVE-2001-0084
http://www.securityfocus.com/bid/2165
BID:2165
http://archives.neohapsis.com/archives/bugtraq/2000-12/0498.html
BUGTRAQ:20010102 gtk+ security hole.
http://archives.neohapsis.com/archives/bugtraq/2001-01/0027.html
BUGTRAQ:20010103 Claimed vulnerability in GTK_MODULES
http://www.gtk.org/setuid.html
MISC:http://www.gtk.org/setuid.html
CVE-2001-0085
Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands.
2001-05-07
2009-03-01
CVE-2001-0085
http://www.securityfocus.com/bid/2170
BID:2170
http://archives.neohapsis.com/archives/hp/2000-q4/0083.html
HP:HPSBUX0012-135
https://exchange.xforce.ibmcloud.com/vulnerabilities/5793
XF:hpux-kermit-bo(5793)
CVE-2001-0086
CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a parameter.
2001-02-02
2017-12-18
CVE-2001-0086
http://www.securityfocus.com/bid/2108
BID:2108
http://archives.neohapsis.com/archives/bugtraq/2000-12/0160.html
BUGTRAQ:20001212 Security Advisory: Subscribe Me Lite 1.0 - 2.0 Unix or 1.0 - 2.0 NT and below.
https://exchange.xforce.ibmcloud.com/vulnerabilities/5735
XF:subscribemelite-gain-admin-access(5735)
CVE-2001-0087
itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.
2001-02-02
2017-12-18
CVE-2001-0087
http://www.securityfocus.com/bid/2139
BID:2139
http://archives.neohapsis.com/archives/bugtraq/2000-12/0295.html
BUGTRAQ:20001219 itetris[v1.6.2] local root exploit (system()+../ protection)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5795
XF:itetris-svgalib-path(5795)
CVE-2001-0088
common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog.
2001-02-02
2017-12-18
CVE-2001-0088
http://www.securityfocus.com/bid/2047
BID:2047
http://archives.neohapsis.com/archives/bugtraq/2000-12/0025.html
BUGTRAQ:20001202 Bypassing admin authentication in phpWebLog
https://exchange.xforce.ibmcloud.com/vulnerabilities/5625
XF:phpweblog-bypass-authentication(5625)
CVE-2001-0089
Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.
2001-05-07
2005-11-02
CVE-2001-0089
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093
MS:MS00-093
https://exchange.xforce.ibmcloud.com/vulnerabilities/5615
XF:ie-form-file-upload(5615)
CVE-2001-0090
The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability.
2001-05-07
2005-11-02
CVE-2001-0090
http://www.securityfocus.com/bid/2046
BID:2046
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093
MS:MS00-093
https://exchange.xforce.ibmcloud.com/vulnerabilities/5614
XF:ie-print-template(5614)
CVE-2001-0091
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.
2001-05-07
2004-09-02
CVE-2001-0091
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093
MS:MS00-093
http://www.osvdb.org/7820
OSVDB:7820
https://exchange.xforce.ibmcloud.com/vulnerabilities/6085
XF:ie-scriptlet-rendering-read-files(6085)
CVE-2001-0092
A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability.
2001-05-07
2004-09-02
CVE-2001-0092
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093
MS:MS00-093
http://www.osvdb.org/7817
OSVDB:7817
https://exchange.xforce.ibmcloud.com/vulnerabilities/6086
XF:ie-frame-verification-read-files(6086)
CVE-2001-0093
Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd.
2001-02-02
2003-03-21
CVE-2001-0093
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc
NETBSD:NetBSD-SA2000-017
CVE-2001-0094
Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges.
2002-03-09
2002-02-26
CVE-2001-0094
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:25.kerberosIV.asc
FREEBSD:FreeBSD-SA-01:25
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc
NETBSD:NetBSD-SA2000-017
https://exchange.xforce.ibmcloud.com/vulnerabilities/5734
XF:kerberos4-auth-packet-overflow(5734)
CVE-2001-0095
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file.
2001-09-18
2004-09-02
CVE-2001-0095
http://archives.neohapsis.com/archives/bugtraq/2000-12/0313.html
BUGTRAQ:20001218 Catman file clobbering vulnerability Solaris 2.x
http://www.osvdb.org/6024
OSVDB:6024
SUNBUG:4392144
https://exchange.xforce.ibmcloud.com/vulnerabilities/5788
XF:solaris-catman-symlink(5788)
CVE-2001-0096
FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability.
2001-05-07
2005-11-02
CVE-2001-0096
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-100
MS:MS00-100
https://exchange.xforce.ibmcloud.com/vulnerabilities/5823
XF:iis-web-form-submit(5823)
CVE-2001-0097
The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request.
2001-02-02
2017-12-18
CVE-2001-0097
http://www.securityfocus.com/bid/2140
BID:2140
http://www.securityfocus.com/archive/1/152403
BUGTRAQ:20001221 Infinite InterChange DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/5798
XF:infinite-interchange-dos(5798)
CVE-2001-0098
Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string.
2001-02-02
2017-12-18
CVE-2001-0098
http://www.securityfocus.com/bid/2138
BID:2138
http://archives.neohapsis.com/archives/bugtraq/2000-12/0331.html
BUGTRAQ:20001219 def-2000-04: Bea WebLogic Server dotdot-overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/5782
XF:weblogic-dot-bo(5782)
CVE-2001-0099
bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.
2001-05-07
2005-11-02
CVE-2001-0099
http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html
BUGTRAQ:20001221 BS Scripts Vulnerabilities
http://www.stanback.net/
MISC:http://www.stanback.net/
https://exchange.xforce.ibmcloud.com/vulnerabilities/5796
XF:bsguest-cgi-execute-commands(5796)
CVE-2001-0100
bslist.cgi mailing list script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.
2001-05-07
2005-11-02
CVE-2001-0100
http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html
BUGTRAQ:20001221 BS Scripts Vulnerabilities
http://www.stanback.net/
MISC:http://www.stanback.net/
https://exchange.xforce.ibmcloud.com/vulnerabilities/5797
XF:bslist-cgi-execute-commands(5797)
CVE-2001-0101
Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command.
2001-02-02
2017-12-18
CVE-2001-0101
http://www.redhat.com/support/errata/RHBA-2000-106.html
REDHAT:RHBA-2000:106-04
http://www.turbolinux.com/pipermail/tl-security-announce/2000-December/000027.html
TURBO:TLSA2000024-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/7455
XF:fetchmail-authenticate-gssapi(7455)
CVE-2001-0102
"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password.
2001-02-02
2017-12-18
CVE-2001-0102
http://archives.neohapsis.com/archives/bugtraq/2000-12/0497.html
BUGTRAQ:20001229 Mac OS 9 Multiple Users Control Panel Password Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/5830
XF:macos-multiple-users(5830)
CVE-2001-0103
CoffeeCup Direct and Free FTP clients uses weak encryption to store passwords in the FTPServers.ini file, which could allow attackers to easily decrypt the passwords.
2001-02-02
2017-12-18
CVE-2001-0103
http://www.securityfocus.com/bid/2107
BID:2107
https://exchange.xforce.ibmcloud.com/vulnerabilities/5744
XF:coffeecup-ftp-weak-encryption(5744)
CVE-2001-0104
MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key.
2001-02-02
2017-12-18
CVE-2001-0104
http://www.securityfocus.com/bid/2115
BID:2115
http://www.securityfocus.com/archive/1/151156
BUGTRAQ:20001214 Bypass MDaemon 3.5.1 "Lock Server" Protection
https://exchange.xforce.ibmcloud.com/vulnerabilities/5763
XF:mdaemon-lock-bypass-password(5763)
CVE-2001-0105
Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group.
2001-05-07
2009-03-01
CVE-2001-0105
http://archives.neohapsis.com/archives/hp/2000-q4/0079.html
HP:HPSBUX0012-134
https://exchange.xforce.ibmcloud.com/vulnerabilities/5773
XF:hp-top-sys-files(5773)
CVE-2001-0106
Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server.
2001-05-07
2009-03-01
CVE-2001-0106
http://archives.neohapsis.com/archives/hp/2001-q1/0009.html
HP:HPSBUX0101-136
https://exchange.xforce.ibmcloud.com/vulnerabilities/5904
XF:hp-inetd-swait-dos(5904)
CVE-2001-0107
Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang.
2001-02-14
2016-10-17
CVE-2001-0107
http://www.securityfocus.com/bid/2204
BID:2204
http://marc.info/?l=bugtraq&m=97958921407182&w=2
BUGTRAQ:20010115 Veritas BackupExec (remote DoS)
CVE-2001-0108
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
2001-09-18
2004-09-02
CVE-2001-0108
http://www.securityfocus.com/bid/2206
BID:2206
http://marc.info/?l=bugtraq&m=97957961212852
BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373
CONECTIVA:CLA-2001:373
http://www.debian.org/security/2001/dsa-020
DEBIAN:DSA-020
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
MANDRAKE:MDKSA-2001:013
http://www.redhat.com/support/errata/RHSA-2000-136.html
REDHAT:RHSA-2000:136
https://exchange.xforce.ibmcloud.com/vulnerabilities/5940
XF:php-htaccess-unauth-access(5940)
CVE-2001-0109
rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file.
2001-05-07
2005-11-02
CVE-2001-0109
http://www.securityfocus.com/bid/2207
BID:2207
http://archives.neohapsis.com/archives/bugtraq/2001-01/0226.html
BUGTRAQ:20010113 Serious security flaw in SuSE rctab
http://archives.neohapsis.com/archives/bugtraq/2001-01/0272.html
BUGTRAQ:20010117 Re: Serious security flaw in SuSE rctab
https://exchange.xforce.ibmcloud.com/vulnerabilities/5945
XF:rctab-elevate-privileges(5945)
CVE-2001-0110
Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable.
2001-05-07
2004-09-02
CVE-2001-0110
http://www.securityfocus.com/bid/2209
BID:2209
http://archives.neohapsis.com/archives/bugtraq/2001-01/0228.html
BUGTRAQ:20010114 Vulnerability in jaZip.
http://www.debian.org/security/2001/dsa-017
DEBIAN:DSA-017
https://exchange.xforce.ibmcloud.com/vulnerabilities/5942
XF:jazip-display-bo(5942)
CVE-2001-0111
Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument.
2001-05-07
2005-11-02
CVE-2001-0111
http://www.securityfocus.com/bid/2210
BID:2210
http://marc.info/?l=bugtraq&m=97958269320974&w=2
BUGTRAQ:20010114 [MSY] Multiple vulnerabilities in splitvt
http://www.debian.org/security/2001/dsa-014
DEBIAN:DSA-014-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/5948
XF:splitvt-perserc-format-string(5948)
CVE-2001-0112
Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands.
2001-02-14
2016-10-17
CVE-2001-0112
http://www.securityfocus.com/bid/2210
BID:2210
http://marc.info/?l=bugtraq&m=97958269320974&w=2
BUGTRAQ:20010114 [MSY] Multiple vulnerabilities in splitvt
http://www.debian.org/security/2001/dsa-014
DEBIAN:DSA-014
CVE-2001-0113
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script.
2001-02-14
2003-05-08
CVE-2001-0113
http://www.securityfocus.com/bid/2211
BID:2211
http://archives.neohapsis.com/archives/bugtraq/2001-01/0248.html
BUGTRAQ:20010116 Vulnerabilities in OmniHTTPd default installation
CVE-2001-0114
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter.
2001-02-14
2002-03-01
CVE-2001-0114
http://www.securityfocus.com/bid/2211
BID:2211
http://archives.neohapsis.com/archives/bugtraq/2001-01/0248.html
BUGTRAQ:20010116 Vulnerabilities in OmniHTTPd default installation
CVE-2001-0115
Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.
2001-05-07
2005-11-02
CVE-2001-0115
http://www.securityfocus.com/bid/2193
BID:2193
http://marc.info/?l=bugtraq&m=97934312727101&w=2
BUGTRAQ:20010111 Solaris Arp Vulnerability
http://marc.info/?l=bugtraq&m=97957435729702&w=2
BUGTRAQ:20010112 arp exploit
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/200&type=0&nav=sec.sba
SUN:00200
https://exchange.xforce.ibmcloud.com/vulnerabilities/5928
XF:solaris-arp-bo(5928)
CVE-2001-0116
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.
2001-05-07
2005-11-02
CVE-2001-0116
http://www.securityfocus.com/bid/2188
BID:2188
http://marc.info/?l=bugtraq&m=97916374410647&w=2
BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-006.php3
MANDRAKE:MDKSA-2001:006
https://exchange.xforce.ibmcloud.com/vulnerabilities/5917
XF:linux-gpm-symlink(5917)
CVE-2001-0117
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.
2001-05-07
2004-09-02
CVE-2001-0117
http://www.securityfocus.com/bid/2191
BID:2191
http://marc.info/?l=bugtraq&m=97916374410647&w=2
BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
http://www.kb.cert.org/vuls/id/579928
CERT-VN:VU#579928
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2000-70-028-01
IMMUNIX:IMNX-2000-70-028-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-008.php3
MANDRAKE:MDKSA-2001:008-1
http://www.redhat.com/support/errata/RHSA-2001-116.html
REDHAT:RHSA-2001:116
https://exchange.xforce.ibmcloud.com/vulnerabilities/5914
XF:linux-diffutils-sdiff-symlink(5914)
CVE-2001-0118
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.
2001-05-07
2005-11-02
CVE-2001-0118
http://www.securityfocus.com/bid/2195
BID:2195
http://marc.info/?l=bugtraq&m=97916374410647&w=2
BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-005.php3
MANDRAKE:MDKSA-2001-005
https://exchange.xforce.ibmcloud.com/vulnerabilities/5925
XF:rdist-symlink(5925)
CVE-2001-0119
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.
2001-05-07
2005-11-02
CVE-2001-0119
http://www.securityfocus.com/bid/2194
BID:2194
http://marc.info/?l=bugtraq&m=97916374410647&w=2
BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-004.php3
MANDRAKE:MDKSA-2001:004
https://exchange.xforce.ibmcloud.com/vulnerabilities/5924
XF:gettyps-symlink(5924)
CVE-2001-0120
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.
2001-05-07
2005-11-02
CVE-2001-0120
http://www.securityfocus.com/bid/2196
BID:2196
http://marc.info/?l=bugtraq&m=97916374410647&w=2
BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-007.php3
MANDRAKE:MDKSA-2001:007
https://exchange.xforce.ibmcloud.com/vulnerabilities/5927
XF:shadow-utils-useradd-symlink(5927)
CVE-2001-0121
ImageCast Control Center 4.1.0 allows remote attackers to cause a denial of service (resource exhaustion or system crash) via a long string to port 12002.
2001-09-18
2005-11-02
CVE-2001-0121
http://www.securityfocus.com/bid/2174
BID:2174
http://archives.neohapsis.com/archives/bugtraq/2001-01/0071.html
BUGTRAQ:20010108 def-2001-01: ImageCast IC3 Control Center DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/5901
XF:storagesoft-imagecast-dos(5901)
CVE-2001-0122
Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error.
2002-03-09
2002-02-26
CVE-2001-0122
http://www.securityfocus.com/bid/2175
BID:2175
http://archives.neohapsis.com/archives/bugtraq/2001-01/0079.html
BUGTRAQ:20010108 def-2001-02: IBM Websphere 3.52 Kernel Leak DoS
http://archives.neohapsis.com/archives/bugtraq/2001-03/0061.html
BUGTRAQ:20010307 def-2001-02: IBM HTTP Server Kernel Leak DoS (re-release)
http://www-4.ibm.com/software/webservers/security.html
CONFIRM:http://www-4.ibm.com/software/webservers/security.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/5900
XF:ibm-websphere-dos(5900)
CVE-2001-0123
Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter.
2001-05-07
2004-09-02
CVE-2001-0123
http://www.securityfocus.com/bid/2177
BID:2177
http://marc.info/?l=bugtraq&m=97905792214999&w=2
BUGTRAQ:20010107 Cgisecurity.com Advisory #3.1
http://www.extropia.com/hacks/bbs_security.html
CONFIRM:http://www.extropia.com/hacks/bbs_security.html
http://www.osvdb.org/3546
OSVDB:3546
https://exchange.xforce.ibmcloud.com/vulnerabilities/5906
XF:http-cgi-bbs-forum(5906)
CVE-2001-0124
Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument.
2001-05-07
2005-11-02
CVE-2001-0124
http://www.securityfocus.com/bid/2179
BID:2179
http://marc.info/?l=bugtraq&m=97908386502156&w=2
BUGTRAQ:20010109 Solaris /usr/lib/exrecover buffer overflow
SUNBUG:4161925
https://exchange.xforce.ibmcloud.com/vulnerabilities/5913
XF:solaris-exrecover-bo(5913)
CVE-2001-0125
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.
2001-05-07
2004-09-02
CVE-2001-0125
http://marc.info/?l=bugtraq&m=97846489313059&w=2
BUGTRAQ:20001231 Advisory: exmh symlink vulnerability
http://marc.info/?l=bugtraq&m=97958594330100&w=2
BUGTRAQ:20010112 exmh security vulnerability
http://www.beedub.com/exmh/symlink.html
CONFIRM:http://www.beedub.com/exmh/symlink.html
http://www.debian.org/security/2001/dsa-022
DEBIAN:DSA-022
http://archives.neohapsis.com/archives/freebsd/2001-01/0543.html
FREEBSD:FreeBSD-SA-01:17
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-015.php3
MANDRAKE:MDKSA-2001:015
https://exchange.xforce.ibmcloud.com/vulnerabilities/5829
XF:exmh-error-symlink(5829)
CVE-2001-0126
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.
2001-05-07
2005-11-02
CVE-2001-0126
http://marc.info/?l=bugtraq&m=97906670012796&w=2
BUGTRAQ:20010109 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server
http://marc.info/?l=bugtraq&m=98027700625521&w=2
BUGTRAQ:20010123 Patch for Potential Vulnerability in Oracle XSQL Servlet
https://exchange.xforce.ibmcloud.com/vulnerabilities/5905
XF:oracle-xsql-execute-code(5905)
CVE-2001-0127
Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag.
2001-02-14
2005-05-08
CVE-2001-0127
http://www.securityfocus.com/bid/2214
BID:2214
http://archives.neohapsis.com/archives/bugtraq/2001-01/0236.html
BUGTRAQ:20010115 Flash plugin write-overflow
http://www.kb.cert.org/vuls/id/451096
CERT-VN:VU#451096
CVE-2001-0128
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
2001-05-07
2004-09-02
CVE-2001-0128
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
CONECTIVA:CLA-2000:365
http://www.debian.org/security/2000/20001219
DEBIAN:DSA-006-1
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc
FREEBSD:FreeBSD-SA-01:06
http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3
MANDRAKE:MDKSA-2000-083
http://www.osvdb.org/6284
OSVDB:6284
http://www.redhat.com/support/errata/RHSA-2000-127.html
REDHAT:RHSA-2000:127
https://exchange.xforce.ibmcloud.com/vulnerabilities/5777
XF:zope-calculate-roles(5777)
CVE-2001-0129
Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request.
2001-05-07
2004-09-02
CVE-2001-0129
http://www.securityfocus.com/bid/2217
BID:2217
http://marc.info/?l=bugtraq&m=97975486527750&w=2
BUGTRAQ:20010117 [pkc] remote heap overflow in tinyproxy
http://www.debian.org/security/2001/dsa-018
DEBIAN:DSA-018
FREEBSD:FreeBSD-SA-01:15
https://exchange.xforce.ibmcloud.com/vulnerabilities/5954
XF:tinyproxy-remote-bo(5954)
CVE-2001-0130
Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier.
2001-05-07
2005-11-02
CVE-2001-0130
http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html
MISC:http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6207
XF:lotus-html-bo(6207)
CVE-2001-0131
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
2001-02-14
2017-12-18
CVE-2001-0131
http://www.securityfocus.com/bid/2182
BID:2182
http://marc.info/?l=bugtraq&m=97916374410647&w=2
BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
http://www.debian.org/security/2001/dsa-021
DEBIAN:DSA-021
https://exchange.xforce.ibmcloud.com/vulnerabilities/5926
XF:linux-apache-symlink(5926)
CVE-2001-0132
Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack.
2001-02-14
2003-05-08
CVE-2001-0132
http://www.securityfocus.com/bid/2213
BID:2213
http://archives.neohapsis.com/archives/bugtraq/2001-01/0235.html
BUGTRAQ:20010114 Trend Micro's VirusWall: Multiple vunerabilities
CVE-2001-0133
The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or other HTTP GET requests that contain base64 encoded usernames and passwords.
2001-02-14
2003-05-08
CVE-2001-0133
http://www.securityfocus.com/bid/2212
BID:2212
http://archives.neohapsis.com/archives/bugtraq/2001-01/0235.html
BUGTRAQ:20010114 Trend Micro's VirusWall: Multiple vunerabilities
CVE-2001-0134
Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.
2001-02-14
2016-10-17
CVE-2001-0134
http://www.securityfocus.com/bid/2200
BID:2200
http://marc.info/?l=bugtraq&m=97967435023835&w=2
BUGTRAQ:20010116 iXsecurity.20001120.compaq-authbo.a
http://www5.compaq.com/products/servers/management/agentsecurity.html
COMPAQ:SSRT0705
CVE-2001-0135
The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs.
2001-02-14
2016-10-17
CVE-2001-0135
http://www.securityfocus.com/bid/2197
BID:2197
http://marc.info/?l=bugtraq&m=97933458505857&w=2
BUGTRAQ:20010112 UltraBoard cgi directory permission problem
CVE-2001-0136
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
2001-09-18
2005-11-02
CVE-2001-0136
http://www.securityfocus.com/archive/1/152206
BUGTRAQ:20001220 ProFTPD 1.2.0 Memory leakage - denial of service
http://archives.neohapsis.com/archives/bugtraq/2001-01/0122.html
BUGTRAQ:20010109 Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)
http://archives.neohapsis.com/archives/bugtraq/2001-01/0132.html
BUGTRAQ:20010110 Re: Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)
http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380
CONECTIVA:CLA-2001:380
http://www.debian.org/security/2001/dsa-029
DEBIAN:DSA-029
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3
MANDRAKE:MDKSA-2001:021
https://exchange.xforce.ibmcloud.com/vulnerabilities/5801
XF:proftpd-size-memory-leak(5801)
CVE-2001-0137
Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.
2001-05-07
2005-11-02
CVE-2001-0137
http://www.securityfocus.com/bid/2203
BID:2203
http://marc.info/?l=bugtraq&m=97958100816503&w=2
BUGTRAQ:20010115 Windows Media Player 7 and IE java vulnerability - executing arbitrary programs
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-010
MS:MS01-010
https://exchange.xforce.ibmcloud.com/vulnerabilities/5937
XF:win-mediaplayer-arbitrary-code(5937)
CVE-2001-0138
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
2001-05-07
2007-05-20
CVE-2001-0138
http://www.securityfocus.com/bid/2189
BID:2189
http://marc.info/?l=bugtraq&m=97916374410647&w=2
BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
http://www.debian.org/security/2001/dsa-016
DEBIAN:DSA-016
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-001.php3
MANDRAKE:MDKSA-2001-001
https://exchange.xforce.ibmcloud.com/vulnerabilities/5915
XF:linux-wuftpd-privatepw-symlink(5915)
CVE-2001-0139
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
2001-05-07
2005-11-02
CVE-2001-0139
http://www.securityfocus.com/bid/2190
BID:2190
http://marc.info/?l=bugtraq&m=97916374410647&w=2
BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
http://www.calderasystems.com/support/security/advisories/CSSA-2001-001.0.txt
CALDERA:CSSA-2001-001.0
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-010.php3
MANDRAKE:MDKSA-2001:010
https://exchange.xforce.ibmcloud.com/vulnerabilities/5916
XF:linux-inn-symlink(5916)
CVE-2001-0140
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
2001-05-07
2005-11-02
CVE-2001-0140
http://www.securityfocus.com/bid/2183
BID:2183
http://marc.info/?l=bugtraq&m=97916374410647&w=2
BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-002.php3
MANDRAKE:MDKSA-2001:002
https://exchange.xforce.ibmcloud.com/vulnerabilities/5922
XF:tcpdump-arpwatch-symlink(5922)
CVE-2001-0141
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
2001-05-07
2004-09-02
CVE-2001-0141
http://www.securityfocus.com/bid/2187
BID:2187
http://marc.info/?l=bugtraq&m=97916374410647&w=2
BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
http://www.calderasystems.com/support/security/advisories/CSSA-2001-002.0.txt
CALDERA:CSSA-2001-002.0
http://www.debian.org/security/2001/dsa-011
DEBIAN:DSA-011
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-009.php3
MANDRAKE:MDKSA-2001:009
http://www.redhat.com/support/errata/RHSA-2001-050.html
REDHAT:RHSA-2001:050
https://exchange.xforce.ibmcloud.com/vulnerabilities/5918
XF:linux-mgetty-symlink(5918)
CVE-2001-0142
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
2001-05-07
2005-11-02
CVE-2001-0142
http://www.securityfocus.com/bid/2184
BID:2184
http://marc.info/?l=bugtraq&m=97916374410647&w=2
BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html
BUGTRAQ:20010112 Trustix Security Advisory - diffutils squid
http://www.debian.org/security/2001/dsa-019
DEBIAN:DSA-019
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-003.php3
MANDRAKE:MDKSA-2001:003
https://exchange.xforce.ibmcloud.com/vulnerabilities/5921
XF:squid-email-symlink(5921)
CVE-2001-0143
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
2001-05-07
2005-11-02
CVE-2001-0143
http://www.securityfocus.com/bid/2186
BID:2186
http://marc.info/?l=bugtraq&m=97916374410647&w=2
BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-011.php3
MANDRAKE:MDKSA-2001:011
https://exchange.xforce.ibmcloud.com/vulnerabilities/5923
XF:linuxconf-vpop3d-symlink(5923)
CVE-2001-0144
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
2001-05-07
2009-03-01
CVE-2001-0144
http://www.securityfocus.com/bid/2347
BID:2347
http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
BINDVIEW:20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector
http://marc.info/?l=bugtraq&m=98168366406903&w=2
BUGTRAQ:20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector
BUGTRAQ:20011122 Secure Computing SafeWord uses vulnerable ssh server
http://www.cert.org/advisories/CA-2001-35.html
CERT:CA-2001-35
http://www.osvdb.org/503
OSVDB:503
http://www.osvdb.org/795
OSVDB:795
https://exchange.xforce.ibmcloud.com/vulnerabilities/6083
XF:ssh-deattack-overwrite-memory(6083)
CVE-2001-0145
Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field.
2001-04-04
2018-10-12
CVE-2001-0145
http://www.atstake.com/research/advisories/2001/a022301-1.txt
ATSTAKE:A022301-1
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-012
MS:MS01-012
CVE-2001-0146
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
2001-03-09
2018-10-12
CVE-2001-0146
http://www.securityfocus.com/bid/2440
BID:2440
http://www.securityfocus.com/bid/2441
BID:2441
http://www.kb.cert.org/vuls/id/796584
CERT-VN:VU#796584
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-014
MS:MS01-014
https://exchange.xforce.ibmcloud.com/vulnerabilities/6172
XF:exchange-malformed-url-dos(6172)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6171
XF:iis-malformed-url-dos(6171)
CVE-2001-0147
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.
2001-05-07
2005-11-02
CVE-2001-0147
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-013
MS:MS01-013
CVE-2001-0148
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.
2001-05-07
2005-11-02
CVE-2001-0148
http://archives.neohapsis.com/archives/bugtraq/2001-01/0000.html
BUGTRAQ:20010101 Windows Media Player 7 and IE vulnerability - executing arbitrary programs
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015
MS:MS01-015
https://exchange.xforce.ibmcloud.com/vulnerabilities/6227
XF:media-player-execute-commands(6227)
CVE-2001-0149
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.
2001-05-07
2005-11-02
CVE-2001-0149
http://www.securityfocus.com/bid/1718
BID:1718
http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html
BUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015
MS:MS01-015
http://marc.info/?l=ntbugtraq&m=96999020527583&w=2
NTBUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files
https://exchange.xforce.ibmcloud.com/vulnerabilities/5293
XF:ie-getobject-expose-files(5293)
CVE-2001-0150
Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.
2001-05-07
2004-09-02
CVE-2001-0150
http://www.securityfocus.com/bid/2463
BID:2463
BUGTRAQ:20010313 Internet Explorer and Services for Unix 2.0 Telnet Client
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015
MS:MS01-015
http://www.osvdb.org/7816
OSVDB:7816
https://exchange.xforce.ibmcloud.com/vulnerabilities/6230
XF:ie-telnet-execute-commands(6230)
CVE-2001-0151
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.
2001-05-07
2004-09-02
CVE-2001-0151
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-016
MS:MS01-016
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A90
OVAL:oval:org.mitre.oval:def:90
https://exchange.xforce.ibmcloud.com/vulnerabilities/6205
XF:iis-webdav-dos(6205)
CVE-2001-0152
The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.
2001-05-07
2005-11-02
CVE-2001-0152
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-019
MS:MS01-019
CVE-2001-0153
Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands.
2001-05-07
2005-11-02
CVE-2001-0153
http://razor.bindview.com/publish/advisories/adv_vbtsql.html
BINDVIEW:20010327 Remote buffer overflow in DCOM VB T-SQL debugger
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-018
MS:MS01-018
CVE-2001-0154
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
2001-05-07
2004-09-02
CVE-2001-0154
http://www.securityfocus.com/bid/2524
BID:2524
http://marc.info/?l=bugtraq&m=98596775905044&w=2
BUGTRAQ:20010330 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
http://www.cert.org/advisories/CA-2001-06.html
CERT:CA-2001-06
http://www.ciac.org/ciac/bulletins/l-066.shtml
CIAC:L-066
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-020
MS:MS01-020
http://www.osvdb.org/7806
OSVDB:7806
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A141
OVAL:oval:org.mitre.oval:def:141
http://securitytracker.com/id?1001197
SECTRACK:1001197
https://exchange.xforce.ibmcloud.com/vulnerabilities/6306
XF:ie-mime-execute-code(6306)
CVE-2001-0155
Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers.
2001-09-18
2005-11-02
CVE-2001-0155
http://www.atstake.com/research/advisories/2001/a021601-1.txt
ATSTAKE:A021601-1
http://www.vandyke.com/products/vshell/security102.html
CONFIRM:http://www.vandyke.com/products/vshell/security102.html
CVE-2001-0156
VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems.
2002-03-09
2017-07-18
CVE-2001-0156
http://www.atstake.com/research/advisories/2001/a021601-1.txt
ATSTAKE:A021601-1
http://www.securityfocus.com/bid/2402
BID:2402
http://www.vandyke.com/products/vshell/security102.html
CONFIRM:http://www.vandyke.com/products/vshell/security102.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6148
XF:vshell-port-forwarding-rule(6148)
CVE-2001-0157
Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled.
2001-05-07
2005-11-02
CVE-2001-0157
http://www.atstake.com/research/advisories/2001/a030101-1.txt
ATSTAKE:A030101-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/6196
XF:palm-debug-bypass-password(6196)
CVE-2001-0158
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0158
CVE-2001-0159
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0159
CVE-2001-0160
Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector (IV) values for the Wireless Encryption Protocol (WEP) which allows remote attackers to quickly compile information that will let them decrypt messages.
2005-04-15
2021-06-15
CVE-2001-0160
http://www.cs.jhu.edu/~seny/pubs/wince802.pdf
MISC:http://www.cs.jhu.edu/~seny/pubs/wince802.pdf
CVE-2001-0161
Cisco 340-series Aironet access point using firmware 11.01 does not use 6 of the 24 available IV bits for WEP encryption, which makes it easier for remote attackers to mount brute force attacks.
2005-04-14
2021-06-15
CVE-2001-0161
http://www.cs.jhu.edu/~seny/pubs/wince802.pdf
MISC:http://www.cs.jhu.edu/~seny/pubs/wince802.pdf
CVE-2001-0162
WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
2005-04-14
2021-06-15
CVE-2001-0162
http://www.cs.jhu.edu/~seny/pubs/wince802.pdf
MISC:http://www.cs.jhu.edu/~seny/pubs/wince802.pdf
CVE-2001-0163
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
2005-04-14
2021-06-15
CVE-2001-0163
http://www.cs.jhu.edu/~seny/pubs/wince802.pdf
MISC:http://www.cs.jhu.edu/~seny/pubs/wince802.pdf
CVE-2001-0164
Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field.
2001-09-18
2005-11-02
CVE-2001-0164
http://www.atstake.com/research/advisories/2001/a030701-1.txt
ATSTAKE:A030701-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/6233
XF:netscape-directory-server-bo(6233)
CVE-2001-0165
Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument.
2001-05-07
2005-11-02
CVE-2001-0165
http://www.securityfocus.com/bid/2322
BID:2322
http://archives.neohapsis.com/archives/bugtraq/2001-01/0517.html
BUGTRAQ:20010131 [SPSadvisory#40]Solaris7/8 ximp40 shared library buffer overflow
SUNBUG:4409148
https://exchange.xforce.ibmcloud.com/vulnerabilities/6039
XF:solaris-ximp40-bo(6039)
CVE-2001-0166
Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file.
2001-05-07
2005-11-02
CVE-2001-0166
http://archives.neohapsis.com/archives/bugtraq/2000-12/0491.html
BUGTRAQ:20001229 Shockwave Flash buffer overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/5826
XF:shockwave-flash-swf-bo(5826)
CVE-2001-0167
Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string.
2001-03-09
2017-12-18
CVE-2001-0167
http://www.securityfocus.com/bid/2305
BID:2305
http://marc.info/?l=bugtraq&m=98088315825366&w=2
BUGTRAQ:20010129 [CORE SDI ADVISORY] WinVNC client buffer overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/6025
XF:winvnc-client-bo(6025)
CVE-2001-0168
Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.
2001-03-09
2017-12-18
CVE-2001-0168
http://www.securityfocus.com/bid/2306
BID:2306
http://marc.info/?l=vnc-list&m=98080763005455&w=2
BUGTRAQ:20010129 [CORE SDI ADVISORY] WinVNC server buffer overflow
http://www.kb.cert.org/vuls/id/598581
CERT-VN:VU#598581
https://exchange.xforce.ibmcloud.com/vulnerabilities/6026
XF:winvnc-server-bo(6026)
CVE-2001-0169
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
2001-05-07
2004-09-02
CVE-2001-0169
http://www.securityfocus.com/bid/2223
BID:2223
http://www.securityfocus.com/archive/1/157650
BUGTRAQ:20010121 Trustix Security Advisory - glibc
http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt
CALDERA:CSSA-2001-007
http://www.debian.org/security/2001/dsa-039
DEBIAN:DSA-039
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2
MANDRAKE:MDKSA-2001:012
http://www.redhat.com/support/errata/RHSA-2001-002.html
REDHAT:RHSA-2001:002
http://www.novell.com/linux/security/advisories/2001_001_glibc_txt.html
SUSE:SuSE-SA:2001:01
http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html
TURBO:TLSA2000021-2
https://exchange.xforce.ibmcloud.com/vulnerabilities/5971
XF:linux-glibc-preload-overwrite(5971)
CVE-2001-0170
glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
2001-05-07
2004-09-02
CVE-2001-0170
http://www.securityfocus.com/bid/2181
BID:2181
http://archives.neohapsis.com/archives/bugtraq/2001-01/0131.html
BUGTRAQ:20010110 Glibc Local Root Exploit
http://archives.neohapsis.com/archives/bugtraq/2001-01/0186.html
BUGTRAQ:20010110 [slackware-security] glibc 2.2 local vulnerability on setuid binaries
http://www.redhat.com/support/errata/RHSA-2001-001.html
REDHAT:RHSA-2001:001
https://exchange.xforce.ibmcloud.com/vulnerabilities/5907
XF:linux-glibc-read-files(5907)
CVE-2001-0171
Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long GET request.
2001-03-09
2017-12-18
CVE-2001-0171
http://www.securityfocus.com/bid/2318
BID:2318
http://archives.neohapsis.com/archives/bugtraq/2001-01/0505.html
BUGTRAQ:20010130 DOS Vulnerability in SlimServe HTTPd
https://exchange.xforce.ibmcloud.com/vulnerabilities/6028
XF:slimserve-httpd-dos(6028)
CVE-2001-0172
Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to cause a denial of service and possibly execute arbitrary commands by via a long directory name.
2001-03-09
2017-12-18
CVE-2001-0172
http://www.securityfocus.com/bid/2180
BID:2180
http://archives.neohapsis.com/archives/bugtraq/2001-01/0127.html
BUGTRAQ:20010109 major security bug in reiserfs (may affect SuSE Linux)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5910
XF:suse-reiserfs-long-filenames(5910)
CVE-2001-0173
Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header.
2001-03-09
2017-12-18
CVE-2001-0173
http://www.securityfocus.com/bid/2329
BID:2329
http://archives.neohapsis.com/archives/bugtraq/2001-01/0486.html
BUGTRAQ:20010130 Nobreak Tecnologies CrazyWWWBoard Remote Buffer Overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/6033
XF:crazywwwboard-qdecoder-bo(6033)
CVE-2001-0174
Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a large "To" address.
2001-09-18
2004-09-02
CVE-2001-0174
http://archives.neohapsis.com/archives/bugtraq/2001-01/0500.html
BUGTRAQ:20010130 Security hole in Virus Buster 2001
http://www.osvdb.org/6138
OSVDB:6138
https://exchange.xforce.ibmcloud.com/vulnerabilities/6034
XF:virusbuster-mua-bo(6034)
CVE-2001-0175
The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs.
2001-09-18
2005-11-02
CVE-2001-0175
http://www.securityfocus.com/bid/2273
BID:2273
http://marc.info/?l=bugtraq&m=98021351718874&w=2
BUGTRAQ:20010122 def-2001-05: Netscape Fasttrack Server Caching DoS
http://marc.info/?l=bugtraq&m=98035833331446&w=2
BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications
https://exchange.xforce.ibmcloud.com/vulnerabilities/5985
XF:netscape-fasttrack-cache-dos(5985)
CVE-2001-0176
The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges.
2001-09-18
2005-11-02
CVE-2001-0176
http://www.securityfocus.com/bid/2125
BID:2125
http://archives.neohapsis.com/archives/bugtraq/2000-12/0278.html
BUGTRAQ:20001218 More Sonata Conferencing software vulnerabilities.
https://exchange.xforce.ibmcloud.com/vulnerabilities/5787
XF:sonata-command-execute(5787)
CVE-2001-0177
WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a denial of service via a buddy relationship between the IRC server and a server clone.
2001-03-09
2017-12-18
CVE-2001-0177
http://www.securityfocus.com/bid/2178
BID:2178
http://www.securityfocus.com/archive/1/155388
BUGTRAQ:20010110 Vulnerable: Conference Room Professional-Developer Edititon.
https://exchange.xforce.ibmcloud.com/vulnerabilities/5909
XF:conferenceroom-developer-dos(5909)
CVE-2001-0178
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
2001-05-07
2005-11-02
CVE-2001-0178
http://www.calderasystems.com/support/security/advisories/CSSA-2001-005.0.txt
CALDERA:CSSA-2001-005.0
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-018.php3?dis=7.2
MANDRAKE:MDKSA-2001:018
http://www.novell.com/linux/security/advisories/2001_002_kdesu_txt.html
SUSE:SuSE-SA:2001:02
https://exchange.xforce.ibmcloud.com/vulnerabilities/5995
XF:kde2-kdesu-retrieve-passwords(5995)
CVE-2001-0179
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."
2001-05-07
2005-11-02
CVE-2001-0179
http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full
ALLAIRE:ASB01-02
https://exchange.xforce.ibmcloud.com/vulnerabilities/6008
XF:jrun-webinf-file-retrieval(6008)
CVE-2001-0180
Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter.
2001-03-09
2017-12-18
CVE-2001-0180
http://archives.neohapsis.com/archives/bugtraq/2001-01/0471.html
BUGTRAQ:20010129 Remote Command Execution in guestserver.cgi + exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/6027
XF:guestserver-cgi-execute-commands(6027)
CVE-2001-0181
Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands.
2001-03-09
2017-12-18
CVE-2001-0181
http://www.securityfocus.com/bid/2215
BID:2215
http://www.calderasystems.com/support/security/advisories/CSSA-2001-003.0.txt
CALDERA:CSSA-2001-003.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/5953
XF:dhcp-format-string(5953)
CVE-2001-0182
FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources.
2001-09-18
2004-09-02
CVE-2001-0182
http://www.securityfocus.com/bid/2238
BID:2238
http://archives.neohapsis.com/archives/bugtraq/2001-01/0298.html
BUGTRAQ:20010117 Licensing Firewall-1 DoS Attack
http://www.osvdb.org/1733
OSVDB:1733
https://exchange.xforce.ibmcloud.com/vulnerabilities/5966
XF:fw1-limited-license-dos(5966)
CVE-2001-0183
ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection.
2001-05-07
2004-09-02
CVE-2001-0183
http://www.securityfocus.com/bid/2293
BID:2293
http://www.security-express.com/archives/bugtraq/2001-01/0424.html
BUGTRAQ:20010125 ecepass - proof of concept code for FreeBSD ipfw bypass
http://www.ciac.org/ciac/bulletins/l-029.shtml
CIAC:L-029
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:08.ipfw.asc
FREEBSD:FreeBSD-SA-01:08
http://www.osvdb.org/1743
OSVDB:1743
https://exchange.xforce.ibmcloud.com/vulnerabilities/5998
XF:ipfw-bypass-firewall(5998)
CVE-2001-0184
eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet.
2001-03-09
2017-12-18
CVE-2001-0184
http://www.securityfocus.com/bid/2278
BID:2278
http://archives.neohapsis.com/archives/bugtraq/2001-01/0343.html
BUGTRAQ:20010121 eEye Iris the Network traffic analyser DoS
http://archives.neohapsis.com/archives/bugtraq/2001-01/0352.html
BUGTRAQ:20010122 Re: eEye Iris the Network traffic analyser DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/5981
XF:eeye-iris-dos(5981)
CVE-2001-0185
Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash.
2001-05-07
2005-11-02
CVE-2001-0185
http://www.securityfocus.com/bid/2287
BID:2287
http://www.securityfocus.com/archive/1/157952
BUGTRAQ:20010123 Make The Netopia R9100 Router To Crash
https://exchange.xforce.ibmcloud.com/vulnerabilities/6001
XF:netopia-telnet-dos(6001)
CVE-2001-0186
Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
2001-03-09
2005-11-02
CVE-2001-0186
http://archives.neohapsis.com/archives/bugtraq/2001-02/0061.html
BUGTRAQ:20010204 Vulnerability in Free Java Web Server
CVE-2001-0187
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
2001-05-07
2007-05-20
CVE-2001-0187
http://www.securityfocus.com/bid/2296
BID:2296
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000443
CONECTIVA:CLA-2001:443
ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch
CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch
http://www.debian.org/security/2001/dsa-016
DEBIAN:DSA-016
https://exchange.xforce.ibmcloud.com/vulnerabilities/6020
XF:wuftp-debug-format-string(6020)
CVE-2001-0188
GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to cause a denial of service via a flood of connections to the server, which causes it to crash.
2001-03-09
2017-12-18
CVE-2001-0188
http://www.securityfocus.com/bid/2270
BID:2270
http://archives.neohapsis.com/archives/bugtraq/2001-01/0350.html
BUGTRAQ:20010122 def-2001-03: GoodTech Systems FTP Connection DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/5984
XF:goodtech-ftp-dos(5984)
CVE-2001-0189
Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request.
2001-09-18
2005-11-02
CVE-2001-0189
http://www.securityfocus.com/bid/2268
BID:2268
http://archives.neohapsis.com/archives/bugtraq/2001-01/0346.html
BUGTRAQ:20010119 LocalWEB2000 Directory Traversal Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/5982
XF:localweb2k-directory-traversal(5982)
CVE-2001-0190
Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0).
2001-05-07
2005-11-02
CVE-2001-0190
http://marc.info/?l=bugtraq&m=97983943716311&w=2
BUGTRAQ:20010117 Solaris /usr/bin/cu Vulnerability
http://marc.info/?l=bugtraq&m=98028642319440&w=2
BUGTRAQ:20010123 Solaris /usr/bin/cu Vulnerability
SUNBUG:4406722
https://exchange.xforce.ibmcloud.com/vulnerabilities/6224
XF:cu-argv-bo(6224)
CVE-2001-0191
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.
2001-05-07
2005-11-02
CVE-2001-0191
http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html
BUGTRAQ:20010202 Remote vulnerability in gnuserv/XEmacs
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3
MANDRAKE:MDKSA-2001:019
http://www.redhat.com/support/errata/RHSA-2001-010.html
REDHAT:RHSA-2001:010
http://www.redhat.com/support/errata/RHSA-2001-011.html
REDHAT:RHSA-2001:011
https://exchange.xforce.ibmcloud.com/vulnerabilities/6056
XF:gnuserv-tcp-cookie-overflow(6056)
CVE-2001-0192
Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions.
2001-03-09
2003-05-08
CVE-2001-0192
http://archives.neohapsis.com/archives/bugtraq/2001-02/0047.html
BUGTRAQ:20010201 XMail CTRLServer remote buffer overflow vulnerability
http://xmailserver.org/XMail-Readme.txt
CONFIRM:http://xmailserver.org/XMail-Readme.txt
CVE-2001-0193
Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.
2001-05-07
2004-09-02
CVE-2001-0193
http://www.securityfocus.com/bid/2327
BID:2327
http://marc.info/?l=bugtraq&m=98096782126481&w=2
BUGTRAQ:20010131 SuSe / Debian man package format string vulnerability
http://www.debian.org/security/2001/dsa-028
DEBIAN:DSA-028
https://exchange.xforce.ibmcloud.com/vulnerabilities/6059
XF:man-i-format-string(6059)
CVE-2001-0194
Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.
2001-05-07
2004-09-02
CVE-2001-0194
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-020.php3
MANDRAKE:MDKSA-2001:020-1
http://www.osvdb.org/6064
OSVDB:6064
https://exchange.xforce.ibmcloud.com/vulnerabilities/6043
XF:cups-httpgets-dos(6043)
CVE-2001-0195
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
2001-05-07
2005-11-02
CVE-2001-0195
http://www.debian.org/security/2001/dsa-015
DEBIAN:DSA-015
https://exchange.xforce.ibmcloud.com/vulnerabilities/5994
XF:linux-sash-shadow-readable(5994)
CVE-2001-0196
inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group.
2001-05-07
2004-09-02
CVE-2001-0196
http://www.securityfocus.com/bid/2324
BID:2324
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:11.inetd.v1.1.asc
FREEBSD:FreeBSD-SA-01:11
http://www.osvdb.org/1753
OSVDB:1753
https://exchange.xforce.ibmcloud.com/vulnerabilities/6052
XF:inetd-ident-read-files(6052)
CVE-2001-0197
Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.
2001-05-07
2005-11-02
CVE-2001-0197
http://www.securityfocus.com/bid/2264
BID:2264
http://archives.neohapsis.com/archives/bugtraq/2001-01/0348.html
BUGTRAQ:20010121 [pkc] format bugs in icecast 1.3.8b2 and prior
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000374
CONECTIVA:CLA-2001:374
http://www.redhat.com/support/errata/RHSA-2001-004.html
REDHAT:RHSA-2001:004
https://exchange.xforce.ibmcloud.com/vulnerabilities/5978
XF:icecast-format-string(5978)
CVE-2001-0198
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
2001-03-09
2017-12-18
CVE-2001-0198
http://www.securityfocus.com/bid/2328
BID:2328
http://marc.info/?l=bugtraq&m=98096678523370&w=2
BUGTRAQ:20010131 [SPSadvisory#41]Apple Quick Time Plug-in Buffer Overflow
http://www.exploit-db.com/exploits/20605
EXPLOIT-DB:20605
https://exchange.xforce.ibmcloud.com/vulnerabilities/6040
XF:quicktime-embedded-tag-bo(6040)
CVE-2001-0199
Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request.
2001-03-09
2017-07-10
CVE-2001-0199
http://www.securityfocus.com/bid/2335
BID:2335
http://archives.neohapsis.com/archives/bugtraq/2001-02/0064.html
BUGTRAQ:20010204 Vulnerability in SEDUM HTTP Server
http://www.kb.cert.org/vuls/id/651994
CERT-VN:VU#651994
http://www.osvdb.org/14797
OSVDB:14797
https://exchange.xforce.ibmcloud.com/vulnerabilities/6063
XF:sedum-directory-traversal(6063)
CVE-2001-0200
HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled.
2001-03-09
2005-11-02
CVE-2001-0200
http://www.securityfocus.com/bid/2336
BID:2336
http://archives.neohapsis.com/archives/bugtraq/2001-02/0052.html
BUGTRAQ:20010204 Web root exposure in HSWeb Webserver
CVE-2001-0201
The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program.
2001-03-09
2017-12-18
CVE-2001-0201
http://www.securityfocus.com/bid/2230
BID:2230
http://archives.neohapsis.com/archives/bugtraq/2001-01/0287.html
BUGTRAQ:20010117 Postaci allows arbitrary SQL query execution
https://exchange.xforce.ibmcloud.com/vulnerabilities/5972
XF:postaci-sql-command-injection(5972)
CVE-2001-0202
Picserver web server allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTP GET request.
2001-03-09
2005-11-02
CVE-2001-0202
http://www.securityfocus.com/bid/2339
BID:2339
http://archives.neohapsis.com/archives/bugtraq/2001-02/0073.html
BUGTRAQ:20010205 Vulnerability in Picserver
CVE-2001-0203
Watchguard Firebox II firewall allows users with read-only access to gain read-write access, and administrative privileges, by accessing a file that contains hashed passphrases, and using the hashes during authentication.
2001-09-18
2005-11-02
CVE-2001-0203
http://www.securityfocus.com/bid/2284
BID:2284
http://archives.neohapsis.com/archives/bugtraq/2001-01/0342.html
BUGTRAQ:20010120 Watchguard Firewall Elevated Privilege Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/5979
XF:watchguard-firebox-obtain-passphrase(5979)
CVE-2001-0204
Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets.
2002-03-09
2002-03-01
CVE-2001-0204
http://www.securityfocus.com/bid/2369
BID:2369
http://www.securityfocus.com/archive/1/162965
BUGTRAQ:20010214 def-2001-07: Watchguard Firebox II PPTP DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6109
XF:firebox-pptp-dos(6109)
CVE-2001-0205
Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "..." into the requested pathname, a modified .. (dot dot) attack.
2001-03-09
2016-10-17
CVE-2001-0205
http://www.securityfocus.com/bid/2343
BID:2343
http://marc.info/?l=bugtraq&m=98148759123258&w=2
BUGTRAQ:20010206 Vulnerability in AOLserver
http://marc.info/?l=bugtraq&m=98168216003867&w=2
BUGTRAQ:20010208 Vulnerability in AOLserver
CVE-2001-0206
Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or ... into the requested pathname of an HTTP GET request.
2001-03-09
2003-05-08
CVE-2001-0206
http://www.securityfocus.com/bid/2346
BID:2346
http://archives.neohapsis.com/archives/bugtraq/2001-02/0137.html
BUGTRAQ:20010207 Vulnerability in Soft Lite ServerWorx
CVE-2001-0207
Buffer overflow in bing allows remote attackers to execute arbitrary commands via a long hostname, which is copied to a small buffer after a reverse DNS lookup using the gethostbyaddr function.
2001-09-18
2005-11-02
CVE-2001-0207
http://www.securityfocus.com/bid/2279
BID:2279
http://archives.neohapsis.com/archives/bugtraq/2001-01/0330.html
BUGTRAQ:20010119 Buffer overflow in bing
https://exchange.xforce.ibmcloud.com/vulnerabilities/6036
XF:linux-bing-bo(6036)
CVE-2001-0208
MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the mfaslmf directory and the nolicense file with insecure permissions, which allows local users to gain privileges by modifying files.
2001-03-09
2003-05-08
CVE-2001-0208
http://www.securityfocus.com/bid/2359
BID:2359
http://archives.neohapsis.com/archives/bugtraq/2001-02/0205.html
BUGTRAQ:20010211 Security Hole in Microfocus Cobol
CVE-2001-0209
Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) 1.7.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long description.
2001-03-09
2017-12-18
CVE-2001-0209
http://archives.neohapsis.com/archives/bugtraq/2001-01/0305.html
BUGTRAQ:20010118 Shoutcast Server Buffer Crashes Server
https://exchange.xforce.ibmcloud.com/vulnerabilities/5965
XF:shoutcast-description-bo(5965)
CVE-2001-0210
Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter.
2001-03-09
2003-05-08
CVE-2001-0210
http://www.securityfocus.com/bid/2361
BID:2361
http://www.securityfocus.com/archive/1/162259
BUGTRAQ:20010212 Commerce.cgi Directory Traversal
CVE-2001-0211
Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter.
2001-03-09
2003-03-21
CVE-2001-0211
http://www.securityfocus.com/bid/2362
BID:2362
http://archives.neohapsis.com/archives/bugtraq/2001-02/0217.html
BUGTRAQ:20010212 WebSPIRS CGI script "show files" Vulnerability.
CVE-2001-0212
Directory traversal vulnerability in HIS Auktion 1.62 allows remote attackers to read arbitrary files via a .. (dot dot) in the menue parameter, and possibly execute commands via shell metacharacters.
2001-03-09
2003-05-08
CVE-2001-0212
http://www.securityfocus.com/bid/2367
BID:2367
http://archives.neohapsis.com/archives/bugtraq/2001-02/0218.html
BUGTRAQ:20010212 HIS Auktion 1.62: "show files" vulnerability and remote command execute.
CVE-2001-0213
Buffer overflow in pi program in PlanetIntra 2.5 allows remote attackers to execute arbitrary commands.
2001-03-09
2017-12-18
CVE-2001-0213
http://archives.neohapsis.com/archives/bugtraq/2001-01/0421.html
BUGTRAQ:200101125 [SAFER] Security Bulletin 010125.EXP.1.12
https://exchange.xforce.ibmcloud.com/vulnerabilities/6002
XF:planetintra-pi-bo(6002)
CVE-2001-0214
Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte.
2001-03-09
2003-05-08
CVE-2001-0214
http://www.securityfocus.com/bid/2370
BID:2370
http://archives.neohapsis.com/archives/bugtraq/2001-02/0212.html
BUGTRAQ:20010212 Way board: "show files" Vulnerability with null bite bug
CVE-2001-0215
ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte.
2001-09-18
2005-11-02
CVE-2001-0215
http://www.securityfocus.com/bid/2371
BID:2371
http://archives.neohapsis.com/archives/bugtraq/2001-02/0213.html
BUGTRAQ:20010212 ROADS search system "show files" Vulnerability with "null bite" bug
http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html
CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6097
XF:roads-search-view-files(6097)
CVE-2001-0216
PALS Library System pals-cgi program allows remote attackers to execute arbitrary commands via shell metacharacters in the documentName parameter.
2001-03-09
2017-07-10
CVE-2001-0216
http://www.securityfocus.com/bid/2372
BID:2372
http://archives.neohapsis.com/archives/bugtraq/2001-02/0220.html
BUGTRAQ:20010212 PALS Library System "show files" Vulnerability and remote command execution
https://exchange.xforce.ibmcloud.com/vulnerabilities/6102
XF:webpals-library-cgi-url(6102)
CVE-2001-0217
Directory traversal vulnerability in PALS Library System pals-cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the documentName parameter.
2001-03-09
2017-07-10
CVE-2001-0217
http://www.securityfocus.com/bid/2372
BID:2372
http://archives.neohapsis.com/archives/bugtraq/2001-02/0220.html
BUGTRAQ:20010212 PALS Library System "show files" Vulnerability and remote command execution
https://exchange.xforce.ibmcloud.com/vulnerabilities/6102
XF:webpals-library-cgi-url(6102)
CVE-2001-0218
Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands.
2001-05-07
2005-11-02
CVE-2001-0218
http://archives.neohapsis.com/archives/bugtraq/2001-01/0456.html
BUGTRAQ:20010126 format string vulnerability in mars_nwe 0.99pl19
http://archives.neohapsis.com/archives/freebsd/2001-02/0081.html
FREEBSD:FreeBSD-SA-01:20
https://exchange.xforce.ibmcloud.com/vulnerabilities/6019
XF:mars-nwe-format-string(6019)
CVE-2001-0219
Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service.
2001-05-07
2004-09-02
CVE-2001-0219
http://www.securityfocus.com/bid/2239
BID:2239
http://archives.neohapsis.com/archives/hp/2001-q1/0016.html
HP:HPSBUX0101-137
http://www.osvdb.org/6991
OSVDB:6991
http://www.osvdb.org/7029
OSVDB:7029
http://www.osvdb.org/7030
OSVDB:7030
https://exchange.xforce.ibmcloud.com/vulnerabilities/5957
XF:hp-stm-dos(5957)
CVE-2001-0220
Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local users to gain root privileges.
2001-03-09
2003-03-21
CVE-2001-0220
http://archives.neohapsis.com/archives/freebsd/2001-02/0082.html
FREEBSD:FreeBSD-SA-01:21
CVE-2001-0221
Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges.
2001-05-07
2005-11-02
CVE-2001-0221
http://archives.neohapsis.com/archives/freebsd/2001-02/0079.html
FREEBSD:FreeBSD-SA-01:19
https://exchange.xforce.ibmcloud.com/vulnerabilities/6073
XF:ja-xklock-bo(6073)
CVE-2001-0222
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
2001-05-07
2005-11-02
CVE-2001-0222
http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt
CALDERA:CSSA-2001-004.0
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3
MANDRAKE:MDKSA-2001-016
https://exchange.xforce.ibmcloud.com/vulnerabilities/6011
XF:linux-webmin-tmpfiles(6011)
CVE-2001-0223
Buffer overflow in wwwwais allows remote attackers to execute arbitrary commands via a long QUERY_STRING (HTTP GET request).
2001-03-09
2017-12-18
CVE-2001-0223
http://marc.info/?l=bugtraq&m=97984174724339&w=2
BUGTRAQ:20010117 numerous holes
https://exchange.xforce.ibmcloud.com/vulnerabilities/5980
XF:wwwwais-cgi-dos(5980)
CVE-2001-0224
Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter.
2001-03-09
2017-07-10
CVE-2001-0224
http://www.securityfocus.com/bid/2374
BID:2374
http://archives.neohapsis.com/archives/bugtraq/2001-02/0216.html
BUGTRAQ:20010212 Vulnerability in Muscat Empower wich can print path to DB-dir.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6093
XF:muskat-empower-url-dir(6093)
CVE-2001-0225
fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
2001-03-09
2003-05-08
CVE-2001-0225
http://www.securityfocus.com/bid/2349
BID:2349
http://archives.neohapsis.com/archives/bugtraq/2001-02/0127.html
BUGTRAQ:20010207 Infobot 0.44.5.3/below remotely vulnerable (also in FreeBSD ports tree)
CVE-2001-0226
Directory traversal vulnerability in BiblioWeb web server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) or ... attack in an HTTP GET request.
2001-03-09
2017-07-11
CVE-2001-0226
http://archives.neohapsis.com/archives/bugtraq/2001-02/0075.html
BUGTRAQ:20010205 Vulnerabilities in BiblioWeb Server
CVE-2001-0227
Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.
2001-03-09
2005-11-02
CVE-2001-0227
http://archives.neohapsis.com/archives/bugtraq/2001-02/0075.html
BUGTRAQ:20010205 Vulnerabilities in BiblioWeb Server
CVE-2001-0228
Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request.
2001-03-09
2017-12-19
CVE-2001-0228
http://archives.neohapsis.com/archives/bugtraq/2001-02/0022.html
BUGTRAQ:20010202 GoAhead Web Server Directory Traversal Vulnerability
http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
CONFIRM:http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
http://osvdb.org/81099
OSVDB:81099
CVE-2001-0229
Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts.
2001-03-09
2005-11-02
CVE-2001-0229
http://archives.neohapsis.com/archives/bugtraq/2001-02/0112.html
BUGTRAQ:20010206 Security hole in ChiliSoft ASP on Linux.
CVE-2001-0230
Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges.
2001-05-07
2004-09-02
CVE-2001-0230
http://archives.neohapsis.com/archives/freebsd/2001-02/0083.html
FREEBSD:FreeBSD-SA-01:22
http://www.osvdb.org/6081
OSVDB:6081
https://exchange.xforce.ibmcloud.com/vulnerabilities/6077
XF:dc20ctrl-port-bo(6077)
CVE-2001-0231
Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via a .. in the "t" parameter.
2001-03-09
2017-12-18
CVE-2001-0231
http://www.securityfocus.com/bid/2172
BID:2172
http://archives.neohapsis.com/archives/bugtraq/2001-01/0042.html
BUGTRAQ:20010103 News Desk 1.2 CGI Vulnerbility
http://www.kb.cert.org/vuls/id/496064
CERT-VN:VU#496064
https://exchange.xforce.ibmcloud.com/vulnerabilities/5898
XF:newsdesk-cgi-read-files(5898)
CVE-2001-0232
newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via shell metacharacters.
2001-03-09
2002-03-14
CVE-2001-0232
http://archives.neohapsis.com/archives/bugtraq/2001-01/0042.html
BUGTRAQ:20010103 News Desk 1.2 CGI Vulnerbility
CVE-2001-0233
Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.
2001-05-07
2004-09-02
CVE-2001-0233
http://archives.neohapsis.com/archives/bugtraq/2001-01/0307.html
BUGTRAQ:20010118 [PkC] Advisory #003: micq-0.4.6 remote buffer overflow
http://archives.neohapsis.com/archives/bugtraq/2001-01/0395.html
BUGTRAQ:20010124 patch Re: [PkC] Advisory #003: micq-0.4.6 remote buffer overflow
http://www.debian.org/security/2001/dsa-012
DEBIAN:DSA-012
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:14.micq.asc
FREEBSD:FreeBSD-SA-01:14
http://www.redhat.com/support/errata/RHSA-2001-005.html
REDHAT:RHSA-2001:005
https://exchange.xforce.ibmcloud.com/vulnerabilities/5962
XF:micq-sprintf-remote-bo(5962)
CVE-2001-0234
NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter.
2001-05-07
2005-11-02
CVE-2001-0234
http://archives.neohapsis.com/archives/bugtraq/2001-01/0460.html
BUGTRAQ:20010126 NewsDaemon remote administrator access
http://sourceforge.net/forum/forum.php?forum_id=60570
CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=60570
https://exchange.xforce.ibmcloud.com/vulnerabilities/6010
XF:newsdaemon-gain-admin-access(6010)
CVE-2001-0235
Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.
2001-09-18
2005-11-02
CVE-2001-0235
http://www.securityfocus.com/bid/2332
BID:2332
http://www.debian.org/security/2001/dsa-024
DEBIAN:DSA-024
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:09.crontab.v1.1.asc
FREEBSD:FreeBSD-SA-01:09
https://exchange.xforce.ibmcloud.com/vulnerabilities/6225
XF:crontab-read-files(6225)
CVE-2001-0236
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.
2002-03-09
2002-02-22
CVE-2001-0236
http://www.securityfocus.com/bid/2417
BID:2417
http://marc.info/?l=bugtraq&m=98462536724454&w=2
BUGTRAQ:20010314 Solaris /usr/lib/dmi/snmpXdmid vulnerability
http://www.cert.org/advisories/CA-2001-05.html
CERT:CA-2001-05
http://www.ciac.org/ciac/bulletins/l-065.shtml
CIAC:L-065
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/207
SUN:00207
https://exchange.xforce.ibmcloud.com/vulnerabilities/6245
XF:solaris-snmpxdmid-bo(6245)
CVE-2001-0237
Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
2001-09-18
2005-11-02
CVE-2001-0237
http://www.securityfocus.com/bid/2707
BID:2707
http://marc.info/?l=bugtraq&m=98942093221908&w=2
BUGTRAQ:20010509 def-2001-24: Windows 2000 Kerberos DoS
http://ciac.llnl.gov/ciac/bulletins/l-079.shtml
CIAC:L-079
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-024
MS:MS01-024
https://exchange.xforce.ibmcloud.com/vulnerabilities/6506
XF:win2k-kerberos-dos(6506)
CVE-2001-0238
Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
2001-09-18
2005-11-02
CVE-2001-0238
http://www.ciac.org/ciac/bulletins/l-074.shtml
CIAC:L-074
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-022
MS:MS01-022
https://exchange.xforce.ibmcloud.com/vulnerabilities/6405
XF:ms-dacipp-webdav-access(6405)
CVE-2001-0239
Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
2001-09-18
2005-11-02
CVE-2001-0239
http://www.securityfocus.com/bid/2600
BID:2600
http://www.securityfocus.com/archive/1/176912
BUGTRAQ:20010416 [SX-20010320-2] - Microsoft ISA Server Denial of Service
http://www.securityfocus.com/archive/1/177160
BUGTRAQ:20010417 [SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service
http://www.securityfocus.com/archive/1/179986
BUGTRAQ:20010427 Microsoft ISA Server Vulnerability
http://www.ciac.org/ciac/bulletins/l-073.shtml
CIAC:L-073
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-021
MS:MS01-021
https://exchange.xforce.ibmcloud.com/vulnerabilities/6383
XF:isa-web-proxy-dos(6383)
CVE-2001-0240
Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
2001-09-18
2005-11-02
CVE-2001-0240
http://www.securityfocus.com/bid/2753
BID:2753
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-028
MS:MS01-028
https://exchange.xforce.ibmcloud.com/vulnerabilities/6571
XF:word-rtf-macro-execution(6571)
CVE-2001-0241
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
2001-09-18
2004-09-02
CVE-2001-0241
http://www.securityfocus.com/bid/2674
BID:2674
http://marc.info/?l=bugtraq&m=98874912915948&w=2
BUGTRAQ:20010501 Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access)
http://www.cert.org/advisories/CA-2001-10.html
CERT:CA-2001-10
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-023
MS:MS01-023
http://www.osvdb.org/3323
OSVDB:3323
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1068
OVAL:oval:org.mitre.oval:def:1068
https://exchange.xforce.ibmcloud.com/vulnerabilities/6485
XF:iis-isapi-printer-bo(6485)
CVE-2001-0242
Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090.
2001-05-24
2018-10-12
CVE-2001-0242
http://www.securityfocus.com/bid/2677
BID:2677
http://www.securityfocus.com/bid/2686
BID:2686
http://www.securityfocus.com/archive/1/181419
BUGTRAQ:20010502 Microsoft Media Player ASX Parser buffer overflow vulnerability
http://www.securityfocus.com/archive/1/183906
BUGTRAQ:20010506 Re: Microsoft Media Player ASX Parser buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/187528
CERT-VN:VU#187528
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-029
MS:MS01-029
https://exchange.xforce.ibmcloud.com/vulnerabilities/5574
XF:mediaplayer-asx-bo(5574)
CVE-2001-0243
Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files.
2001-09-18
2005-11-02
CVE-2001-0243
http://www.securityfocus.com/bid/2765
BID:2765
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-029
MS:MS01-029
https://exchange.xforce.ibmcloud.com/vulnerabilities/6584
XF:mediaplayer-html-shortcut(6584)
CVE-2001-0244
Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
2001-09-18
2005-11-02
CVE-2001-0244
http://www.securityfocus.com/bid/2709
BID:2709
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-025
MS:MS01-025
https://exchange.xforce.ibmcloud.com/vulnerabilities/6517
XF:winnt-indexserver-search-bo(6517)
CVE-2001-0245
Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
2001-09-18
2005-11-02
CVE-2001-0245
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-025
MS:MS01-025
https://exchange.xforce.ibmcloud.com/vulnerabilities/6518
XF:win-indexserver-view-files(6518)
CVE-2001-0246
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain, aka a variant of the "Frame Domain Verification" vulnerability.
2001-05-24
2018-10-12
CVE-2001-0246
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027
MS:MS01-027
CVE-2001-0247
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
2001-05-24
2017-12-18
CVE-2001-0247
http://www.securityfocus.com/bid/2548
BID:2548
http://www.cert.org/advisories/CA-2001-07.html
CERT:CA-2001-07
http://archives.neohapsis.com/archives/freebsd/2001-04/0466.html
FREEBSD:FreeBSD-SA-01:33
http://www.nai.com/research/covert/advisories/048.asp
NAI:20010409 Globbing Vulnerabilities in Multiple FTP Daemons
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc
NETBSD:NetBSD-SA2000-018
ftp://patches.sgi.com/support/free/security/advisories/20010802-01-P
SGI:20010802-01-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/6332
XF:ftp-glob-expansion(6332)
CVE-2001-0248
Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.
2001-05-24
2017-12-18
CVE-2001-0248
http://www.securityfocus.com/bid/2552
BID:2552
http://www.cert.org/advisories/CA-2001-07.html
CERT:CA-2001-07
http://www.nai.com/research/covert/advisories/048.asp
NAI:20010409 Globbing Vulnerabilities in Multiple FTP Daemons
https://exchange.xforce.ibmcloud.com/vulnerabilities/6332
XF:ftp-glob-expansion(6332)
CVE-2001-0249
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
2001-05-24
2017-12-18
CVE-2001-0249
http://www.securityfocus.com/bid/2550
BID:2550
http://www.cert.org/advisories/CA-2001-07.html
CERT:CA-2001-07
http://www.nai.com/research/covert/advisories/048.asp
NAI:20010409 Globbing Vulnerabilities in Multiple FTP Daemons
https://exchange.xforce.ibmcloud.com/vulnerabilities/6332
XF:ftp-glob-expansion(6332)
CVE-2001-0250
The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command.
2001-04-04
2017-12-18
CVE-2001-0250
http://www.securityfocus.com/bid/2285
BID:2285
http://archives.neohapsis.com/archives/bugtraq/2001-01/0396.html
BUGTRAQ:20010124 [SAFER] Security Bulletin 010124.EXP.1.11
https://exchange.xforce.ibmcloud.com/vulnerabilities/5997
XF:netscape-enterprise-list-directories(5997)
CVE-2001-0251
The Web Publishing feature in Netscape Enterprise Server 3.x allows remote attackers to cause a denial of service via the REVLOG command.
2001-04-04
2017-12-18
CVE-2001-0251
http://www.securityfocus.com/bid/2294
BID:2294
http://archives.neohapsis.com/archives/bugtraq/2001-01/0422.html
BUGTRAQ:20010125 [SAFER] Security Bulletin 010125.DOS.1.5
https://exchange.xforce.ibmcloud.com/vulnerabilities/6003
XF:netscape-enterprise-revlog-dos(6003)
CVE-2001-0252
iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote attackers to cause a denial of service via a long HTTP GET request that contains many "/../" (dot dot) sequences.
2002-03-09
2002-03-01
CVE-2001-0252
http://www.securityfocus.com/bid/2282
BID:2282
http://www.securityfocus.com/archive/1/157641
BUGTRAQ:20010122 def-2001-04: Netscape Enterprise Server Dot-DoS
http://marc.info/?l=bugtraq&m=98035833331446&w=2
BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications
https://exchange.xforce.ibmcloud.com/vulnerabilities/5983
XF:netscape-enterprise-dot-dos(5983)
CVE-2001-0253
Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter.
2001-04-04
2017-12-18
CVE-2001-0253
http://www.securityfocus.com/bid/2314
BID:2314
http://archives.neohapsis.com/archives/bugtraq/2001-01/0463.html
BUGTRAQ:20010128 Hyperseek 2000 Search Engine - "show directory & files" bug
http://www.kb.cert.org/vuls/id/146704
CERT-VN:VU#146704
https://exchange.xforce.ibmcloud.com/vulnerabilities/6012
XF:hyperseek-cgi-reveal-info(6012)
CVE-2001-0254
FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real pathname of the server via the "pwd" command.
2001-04-04
2016-10-17
CVE-2001-0254
http://marc.info/?l=bugtraq&m=98021181215325&w=2
BUGTRAQ:20010119 Multiple Vulnerabilities In FaSTream FTP++ (+ ICS Tftpserver DoS)
CVE-2001-0255
FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the "ls" command and including the drive letter name (e.g. C:) in the requested pathname.
2001-04-04
2017-12-18
CVE-2001-0255
http://www.securityfocus.com/bid/2267
BID:2267
http://marc.info/?l=bugtraq&m=98021181215325&w=2
BUGTRAQ:20010119 Multiple Vulnerabilities In FaSTream FTP++ (+ ICS Tftpserver DoS)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5977
XF:fastream-ftp-path-disclosure(5977)
CVE-2001-0256
FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long username.
2001-04-04
2017-12-18
CVE-2001-0256
http://www.securityfocus.com/bid/2261
BID:2261
http://marc.info/?l=bugtraq&m=98021181215325&w=2
BUGTRAQ:20010119 Multiple Vulnerabilities In FaSTream FTP++ (+ ICS Tftpserver DoS)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5976
XF:fastream-ftp-server-dos(5976)
CVE-2001-0257
Buffer overflow in Easycom/Safecom Print Server Web service, version 404.590 and earlier, allows remote attackers to execute arbitrary commands via (1) a long URL or (2) a long HTTP header field such as "Host:".
2001-04-04
2017-12-18
CVE-2001-0257
http://www.securityfocus.com/bid/2291
BID:2291
http://archives.neohapsis.com/archives/bugtraq/2001-01/0375.html
BUGTRAQ:20010123 def-2001-06: Easycom/Safecom 10/100 Multiple DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/5988
XF:easycom-safecom-url-bo(5988)
CVE-2001-0258
The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server allows remote attackers to cause a denial of service via a large number of connections that send null characters.
2001-04-04
2017-12-18
CVE-2001-0258
http://archives.neohapsis.com/archives/bugtraq/2001-01/0375.html
BUGTRAQ:20010123 def-2001-06: Easycom/Safecom 10/100 Multiple DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/5989
XF:easycom-safecom-printguide-dos(5989)
CVE-2001-0259
ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file.
2001-05-07
2005-11-02
CVE-2001-0259
http://www.securityfocus.com/bid/2222
BID:2222
http://archives.neohapsis.com/archives/bugtraq/2001-01/0262.html
BUGTRAQ:20010116 Bug in SSH1 secure-RPC support can expose users' private keys
http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html
CONFIRM:http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/5963
XF:ssh-rpc-private-key(5963)
CVE-2001-0260
Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long "RCPT TO" command.
2001-05-07
2004-09-02
CVE-2001-0260
http://www.securityfocus.com/bid/2283
BID:2283
http://archives.neohapsis.com/archives/bugtraq/2001-01/0360.html
BUGTRAQ:20010123 [SAFER] Security Bulletin 010123.EXP.1.10
http://www.osvdb.org/3321
OSVDB:3321
https://exchange.xforce.ibmcloud.com/vulnerabilities/5993
XF:lotus-domino-smtp-bo(5993)
CVE-2001-0261
Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
2001-04-04
2017-12-18
CVE-2001-0261
http://www.securityfocus.com/bid/2243
BID:2243
http://marc.info/?l=bugtraq&m=97992179925715&w=2
BUGTRAQ:20010119 BugTraq: EFS Win 2000 flaw
http://marc.info/?l=bugtraq&m=98027311214976&w=2
BUGTRAQ:20010123 Reply to EFS note on Bugtraq
https://exchange.xforce.ibmcloud.com/vulnerabilities/5973
XF:win2k-efs-recover-data(5973)
CVE-2001-0262
Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers (malicious web pages) to execute arbitrary commands via a long URL.
2001-05-24
2002-04-12
CVE-2001-0262
http://www.atstake.com/research/advisories/2001/a041301-1.txt
ATSTAKE:A041301-1
CVE-2001-0263
Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled.
2001-05-24
2017-12-18
CVE-2001-0263
http://www.atstake.com/research/advisories/2001/a040301-1.txt
ATSTAKE:A040301-1
http://www.securityfocus.com/bid/2537
BID:2537
https://exchange.xforce.ibmcloud.com/vulnerabilities/6330
XF:bpftp-obtain-credentials(6330)
CVE-2001-0264
Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.
2001-05-24
2003-03-21
CVE-2001-0264
http://www.atstake.com/research/advisories/2001/a040301-1.txt
ATSTAKE:A040301-1
http://www.securityfocus.com/bid/2534
BID:2534
CVE-2001-0265
ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file.
2002-03-09
2002-02-26
CVE-2001-0265
http://www.atstake.com/research/advisories/2001/a040901-1.txt
ATSTAKE:A040901-1
http://www.securityfocus.com/bid/2556
BID:2556
http://www.osvdb.org/1782
OSVDB:1782
https://exchange.xforce.ibmcloud.com/vulnerabilities/6643
XF:pgp-armor-code-execution(6643)
CVE-2001-0266
Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges.
2001-05-07
2004-09-02
CVE-2001-0266
http://archives.neohapsis.com/archives/hp/2001-q1/0069.html
HP:HPSBUX0102-143
http://www.osvdb.org/6033
OSVDB:6033
CVE-2001-0267
NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpoints, which allows local users to gain privileges.
2001-05-07
2004-09-02
CVE-2001-0267
http://archives.neohapsis.com/archives/hp/2001-q1/0050.html
HP:HPSBMP0102-008
http://www.osvdb.org/6032
OSVDB:6032
https://exchange.xforce.ibmcloud.com/vulnerabilities/6226
XF:hp-nmdebug-gain-privileges(6226)
CVE-2001-0268
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
2001-05-07
2004-09-02
CVE-2001-0268
http://www.securityfocus.com/bid/2739
BID:2739
http://archives.neohapsis.com/archives/bugtraq/2001-02/0353.html
BUGTRAQ:20010219 Re: your mail
http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0014.html
CALDERA:CSSA-2001-SCO.35
http://www.kb.cert.org/vuls/id/358960
CERT-VN:VU#358960
http://archives.neohapsis.com/archives/netbsd/2001-q1/0093.html
NETBSD:NetBSD-SA:2001-002
http://www.openbsd.org/errata.html#userldt
OPENBSD:20010302 The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory.
http://www.osvdb.org/6141
OSVDB:6141
https://exchange.xforce.ibmcloud.com/vulnerabilities/6222
XF:user-ldt-validation(6222)
CVE-2001-0269
pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password.
2002-03-09
2002-02-26
CVE-2001-0269
http://archives.neohapsis.com/archives/bugtraq/2001-02/0344.html
BUGTRAQ:20010217 Solaris 8 pam_ldap.so.1 module broken
http://www.osvdb.org/6030
OSVDB:6030
SUNBUG:4384816
https://exchange.xforce.ibmcloud.com/vulnerabilities/6440
XF:solaris-pamldap-bypass-authentication(6440)
CVE-2001-0270
Marconi ASX-1000 ASX switches allow remote attackers to cause a denial of service in the telnet and web management interfaces via a malformed packet with the SYN-FIN and More Fragments attributes set.
2001-04-04
2002-02-02
CVE-2001-0270
http://www.securityfocus.com/bid/2400
BID:2400
http://archives.neohapsis.com/archives/bugtraq/2001-02/0349.html
BUGTRAQ:20010219 Denial of Service Condition exists in Fore/Marconi ASX Switches
CVE-2001-0271
mailnews.cgi 1.3 and earlier allows remote attackers to execute arbitrary commands via a user name that contains shell metacharacters.
2001-04-04
2003-05-08
CVE-2001-0271
http://www.securityfocus.com/bid/2391
BID:2391
http://archives.neohapsis.com/archives/bugtraq/2001-02/0347.html
BUGTRAQ:20010218 mailnews.cgi
CVE-2001-0272
Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web development server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the templ parameter.
2001-04-04
2003-05-08
CVE-2001-0272
http://archives.neohapsis.com/archives/bugtraq/2001-02/0259.html
BUGTRAQ:20010212 W3.ORG sendtemp.pl
CVE-2001-0273
pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.
2001-04-04
2017-07-10
CVE-2001-0273
http://www.securityfocus.com/bid/2405
BID:2405
http://archives.neohapsis.com/archives/bugtraq/2001-02/0367.html
BUGTRAQ:20010220 [CryptNET Advisory] pgp4pine-1.75-6 - expired public keys
http://www.kb.cert.org/vuls/id/566640
CERT-VN:VU#566640
https://exchange.xforce.ibmcloud.com/vulnerabilities/6135
XF:pgp4pine-expired-keys(6135)
CVE-2001-0274
kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
2001-05-07
2005-11-02
CVE-2001-0274
http://archives.neohapsis.com/archives/bugtraq/2001-02/0276.html
BUGTRAQ:20010214 Security hole in kicq
http://archives.neohapsis.com/archives/bugtraq/2001-02/0536.html
BUGTRAQ:20010303 Re: Security hole in kicq
https://exchange.xforce.ibmcloud.com/vulnerabilities/6112
XF:kicq-execute-commands(6112)
CVE-2001-0275
Moby Netsuite Web Server 1.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request.
2001-04-04
2003-05-08
CVE-2001-0275
http://archives.neohapsis.com/archives/bugtraq/2001-02/0346.html
BUGTRAQ:20010219 NetSuite 1.02 web server vulnerabilty
CVE-2001-0276
ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path.
2002-03-09
2002-02-26
CVE-2001-0276
http://www.securityfocus.com/bid/2390
BID:2390
http://marc.info/?l=bugtraq&m=98263019502565&w=2
BUGTRAQ:20010217 BadBlue Web Server Ext.dll Vulnerabilities
http://www.badblue.com/p010219.htm
CONFIRM:http://www.badblue.com/p010219.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/6130
XF:badblue-ext-reveal-path(6130)
CVE-2001-0277
Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.
2001-04-04
2016-10-17
CVE-2001-0277
http://www.securityfocus.com/bid/2392
BID:2392
http://marc.info/?l=bugtraq&m=98263019502565&w=2
BUGTRAQ:20010217 BadBlue Web Server Ext.dll Vulnerabilities
CVE-2001-0278
Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local users to gain privileges.
2001-05-07
2005-11-02
CVE-2001-0278
http://archives.neohapsis.com/archives/hp/2001-q1/0050.html
HP:HPSBMP0102-009
https://exchange.xforce.ibmcloud.com/vulnerabilities/6223
XF:hp-linkeditor-gain-privileges(6223)
CVE-2001-0279
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.
2001-05-07
2004-09-02
CVE-2001-0279
http://archives.neohapsis.com/archives/bugtraq/2001-02/0414.html
BUGTRAQ:20010222 Sudo version 1.6.3p6 now available (fwd)
http://archives.neohapsis.com/archives/bugtraq/2001-02/0437.html
BUGTRAQ:20010225 [slackware-security] buffer overflow in sudo fixed
http://archives.neohapsis.com/archives/bugtraq/2001-02/0427.html
BUGTRAQ:20010226 Trustix Security Advisory - sudo
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000381
CONECTIVA:CLA-2001:381
http://www.debian.org/security/2001/dsa-031
DEBIAN:DSA-031
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-024.php3
MANDRAKE:MDKSA-2001:024
http://www.redhat.com/support/errata/RHSA-2001-018.html
REDHAT:RHSA-2001:018
http://www.redhat.com/support/errata/RHSA-2001-019.html
REDHAT:RHSA-2001:019
CVE-2001-0280
Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command.
2002-03-09
2002-02-26
CVE-2001-0280
http://archives.neohapsis.com/archives/bugtraq/2001-02/0413.html
BUGTRAQ:20010223 Mercur Mailserver 3.3 buffer overflow with EXPN
http://www.osvdb.org/6027
OSVDB:6027
https://exchange.xforce.ibmcloud.com/vulnerabilities/6149
XF:mercur-expn-bo(6149)
CVE-2001-0281
Format string vulnerability in DbgPrint function, used in debug messages for some Windows NT drivers (possibly when called through DebugMessage), may allow local users to gain privileges.
2001-04-04
2003-05-08
CVE-2001-0281
http://archives.neohapsis.com/archives/bugtraq/2001-02/0379.html
BUGTRAQ:20010221 NT drivers are potentially vulnerable to format string bug
CVE-2001-0282
SEDUM 2.1 HTTP server allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
2001-04-04
2003-05-08
CVE-2001-0282
http://archives.neohapsis.com/archives/bugtraq/2001-02/0419.html
BUGTRAQ:20010223 SEDUM v2.1 HTTPd - Denial of Service
CVE-2001-0283
Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT.
2001-04-04
2003-05-08
CVE-2001-0283
http://archives.neohapsis.com/archives/bugtraq/2001-02/0523.html
BUGTRAQ:20010302 Sunftp build9(1) - ftp server Vulnerability
CVE-2001-0284
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.
2001-05-07
2004-09-02
CVE-2001-0284
http://www.openbsd.org/errata.html#ipsec_ah
OPENBSD:20010302 Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel.
http://www.osvdb.org/6026
OSVDB:6026
CVE-2001-0285
Buffer overflow in A1 HTTP server 1.0a allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
2001-04-04
2003-05-08
CVE-2001-0285
http://archives.neohapsis.com/archives/bugtraq/2001-02/0457.html
BUGTRAQ:20010226 A1 Server v1.0a HTTPd (DoS & Dir Traversal)
CVE-2001-0286
Directory traversal vulnerability in A1 HTTP server 1.0a allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
2001-04-04
2003-05-08
CVE-2001-0286
http://archives.neohapsis.com/archives/bugtraq/2001-02/0457.html
BUGTRAQ:20010226 A1 Server v1.0a HTTPd (DoS & Dir Traversal)
CVE-2001-0287
VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command.
2001-05-07
2004-09-02
CVE-2001-0287
http://archives.neohapsis.com/archives/bugtraq/2001-02/0528.html
BUGTRAQ:20010302 Option to VERITAS Cluster Server (VCS) lltstat command will panic system.
http://seer.support.veritas.com/docs/234326.htm
CONFIRM:http://seer.support.veritas.com/docs/234326.htm
http://www.osvdb.org/6025
OSVDB:6025
CVE-2001-0288
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
2001-05-07
2005-11-02
CVE-2001-0288
http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml
CISCO:20010228 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
CVE-2001-0289
Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.
2001-05-07
2005-11-02
CVE-2001-0289
http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.html
BUGTRAQ:20010228 Joe's Own Editor File Handling Error
http://www.debian.org/security/2001/dsa-041
DEBIAN:DSA-041
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3
MANDRAKE:MDKSA-2001:026
http://www.redhat.com/support/errata/RHSA-2001-024.html
REDHAT:RHSA-2001:024
CVE-2001-0290
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
2001-05-07
2005-11-02
CVE-2001-0290
http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html
BUGTRAQ:20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)
CVE-2001-0291
Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters.
2001-04-04
2003-05-08
CVE-2001-0291
http://archives.neohapsis.com/archives/bugtraq/2001-03/0003.html
BUGTRAQ:20010305 Remote buffer overflow condition in post-query (CGI).
CVE-2001-0292
PHP-Nuke 4.4.1a allows remote attackers to modify a user's email address and obtain the password by guessing the user id (UID) and calling user.php with the saveuser operator.
2001-04-04
2003-05-08
CVE-2001-0292
http://archives.neohapsis.com/archives/bugtraq/2001-02/0525.html
BUGTRAQ:20010302 PHPNUKE4.4.1a Advisory
CVE-2001-0293
Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows remote attackers to read arbitrary files via a .. (dot dot) in the GET command.
2001-04-04
2002-03-14
CVE-2001-0293
http://www.securityfocus.com/bid/2426
BID:2426
http://archives.neohapsis.com/archives/bugtraq/2001-02/0508.html
BUGTRAQ:20010228 Vulnerability in FtpXQ Server
CVE-2001-0294
Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in a GET command, or (2) a ... in a CWD command.
2001-04-04
2002-06-05
CVE-2001-0294
http://archives.neohapsis.com/archives/bugtraq/2001-02/0511.html
BUGTRAQ:20010228 Vulnerability in TYPSoft FTP Server
CVE-2001-0295
Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command.
2001-05-07
2004-09-02
CVE-2001-0295
http://www.securityfocus.com/bid/2444
BID:2444
http://marc.info/?l=bugtraq&m=98390925726814&w=2
BUGTRAQ:20010306 Warftp 1.67b04 Directory Traversal
http://support.jgaa.com/?cmd=ShowArticle&ID=31
CONFIRM:http://support.jgaa.com/?cmd=ShowArticle&ID=31
http://www.osvdb.org/874
OSVDB:874
CVE-2001-0296
Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.
2001-04-04
2003-03-21
CVE-2001-0296
http://archives.neohapsis.com/archives/bugtraq/2001-02/0531.html
BUGTRAQ:20010303 WFTPD Pro 3.00 R1 Buffer Overflow
CVE-2001-0297
Directory traversal vulnerability in Simple Server HTTPd 1.0 (originally Free Java Server) allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
2001-04-04
2003-05-08
CVE-2001-0297
http://www.securityfocus.com/bid/2415
BID:2415
http://www.securityfocus.com/archive/1/165523
BUGTRAQ:20010224 The Simple Server HTTPd Directory Traversal
CVE-2001-0298
Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request.
2001-04-04
2003-05-08
CVE-2001-0298
http://www.securityfocus.com/bid/2425
BID:2425
http://www.securityfocus.com/archive/1/165671
BUGTRAQ:20010227 WebReflex 1.55 HTTPd DoS
CVE-2001-0299
Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
2001-05-07
2004-09-02
CVE-2001-0299
http://www.securityfocus.com/bid/2054
BID:2054
http://marc.info/?l=bugtraq&m=97535202912588&w=2
BUGTRAQ:20001127 Nokia firewalls
http://marc.info/?l=bugtraq&m=97603879517777&w=2
BUGTRAQ:20001205 Nokia firewalls - Response from Nokia
http://www.osvdb.org/6020
OSVDB:6020
https://exchange.xforce.ibmcloud.com/vulnerabilities/5640
XF:nokia-ip440-bo(5640)
CVE-2001-0300
oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.
2001-04-04
2017-07-10
CVE-2001-0300
http://archives.neohapsis.com/archives/bugtraq/2000-12/0434.html
BUGTRAQ:20001222 vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7
http://www.kb.cert.org/vuls/id/610904
CERT-VN:VU#610904
https://exchange.xforce.ibmcloud.com/vulnerabilities/5804
XF:oracle-oidldap-write-permission(5804)
CVE-2001-0301
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.
2001-05-07
2004-09-02
CVE-2001-0301
http://www.securityfocus.com/bid/2377
BID:2377
http://archives.neohapsis.com/archives/bugtraq/2001-02/0264.html
BUGTRAQ:20010213 Security advisory for analog
http://www.analog.cx/security2.html
CONFIRM:http://www.analog.cx/security2.html
http://www.debian.org/security/2001/dsa-033
DEBIAN:DSA-033
http://www.osvdb.org/1762
OSVDB:1762
http://archives.neohapsis.com/archives/linux/redhat/2001-q1/0056.html
REDHAT:RHSA-2001:017
https://exchange.xforce.ibmcloud.com/vulnerabilities/6105
XF:analog-alias-bo(6105)
CVE-2001-0302
Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
2001-04-04
2002-05-17
CVE-2001-0302
http://www.securityfocus.com/bid/2381
BID:2381
http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html
BUGTRAQ:20010215 Vulnerabilities in Pi3Web Server
CVE-2001-0303
tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file.
2001-04-04
2002-05-17
CVE-2001-0303
http://www.securityfocus.com/bid/2381
BID:2381
http://archives.neohapsis.com/archives/bugtraq/2001-02/0316.html
BUGTRAQ:20010215 Vulnerabilities in Pi3Web Server
CVE-2001-0304
Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a "\.." (dot dot) in a URL request.
2001-04-04
2016-10-17
CVE-2001-0304
http://www.securityfocus.com/bid/2384
BID:2384
http://marc.info/?l=bugtraq&m=98229372610440&w=2
BUGTRAQ:20010216 Vulnerability in Resin Webserver
CVE-2001-0305
Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter.
2001-04-04
2003-05-08
CVE-2001-0305
http://www.securityfocus.com/bid/2385
BID:2385
http://archives.neohapsis.com/archives/bugtraq/2001-02/0324.html
BUGTRAQ:20010216 Thinking Arts Store.cgi Directory Traversal
CVE-2001-0306
Directory traversal vulnerability in ITAfrica WEBactive HTTP Server 1.00 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
2001-04-04
2003-05-08
CVE-2001-0306
http://www.securityfocus.com/bid/2386
BID:2386
http://archives.neohapsis.com/archives/bugtraq/2001-02/0332.html
BUGTRAQ:20010216 WEBactive HTTP Server 1.0 Directory Traversal
CVE-2001-0307
Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.
2001-04-04
2003-05-08
CVE-2001-0307
http://archives.neohapsis.com/archives/bugtraq/2001-02/0314.html
BUGTRAQ:20010216 Vulnerabilities in Bajie Http JServer
http://www.geocities.com/gzhangx/websrv/docs/security.html
CONFIRM:http://www.geocities.com/gzhangx/websrv/docs/security.html
CVE-2001-0308
UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program.
2001-04-04
2003-05-08
CVE-2001-0308
http://www.securityfocus.com/bid/2388
BID:2388
http://archives.neohapsis.com/archives/bugtraq/2001-02/0314.html
BUGTRAQ:20010216 Vulnerabilities in Bajie Http JServer
http://www.geocities.com/gzhangx/websrv/docs/security.html
CONFIRM:http://www.geocities.com/gzhangx/websrv/docs/security.html
CVE-2001-0309
inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services.
2001-05-07
2005-11-02
CVE-2001-0309
http://www.redhat.com/support/errata/RHSA-2001-006.html
REDHAT:RHSA-2001:006
https://exchange.xforce.ibmcloud.com/vulnerabilities/6380
XF:inetd-internal-socket-dos(6380)
CVE-2001-0310
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.
2001-05-07
2005-11-02
CVE-2001-0310
http://www.securityfocus.com/bid/3960
BID:3960
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:13.sort.asc
FREEBSD:FreeBSD-SA-01:13
https://exchange.xforce.ibmcloud.com/vulnerabilities/6038
XF:sort-temp-file-abort(6038)
CVE-2001-0311
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
2001-05-07
2005-11-02
CVE-2001-0311
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0102-142
HP:HPSBUX0102-142
http://archives.neohapsis.com/archives/hp/2001-q1/0022.html
HPBUG:PHSS_22914
http://archives.neohapsis.com/archives/hp/2001-q1/0023.html
HPBUG:PHSS_22915
https://exchange.xforce.ibmcloud.com/vulnerabilities/6434
XF:omniback-unauthorized-access(6434)
CVE-2001-0312
IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing.
2001-04-04
2003-05-08
CVE-2001-0312
http://archives.neohapsis.com/archives/bugtraq/2001-01/0446.html
BUGTRAQ:20010125 Yet Another IBM WebSphere Showcode Vulerability
CVE-2001-0313
Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network.
2001-04-04
2017-12-18
CVE-2001-0313
http://marc.info/?l=bugtraq&m=98053139231392&w=2
BUGTRAQ:20010126 Borderware v6.1.2 ping DoS vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6004
XF:borderware-ping-dos(6004)
CVE-2001-0314
Buffer overflow in www.tol module in America Online (AOL) 5.0 may allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL in a link.
2001-04-04
2017-12-18
CVE-2001-0314
http://marc.info/?l=bugtraq&m=98053366805491&w=2
BUGTRAQ:20010125 America Online 5.0 contains a buffer overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/6009
XF:aol-malformed-url-dos(6009)
CVE-2001-0315
The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key.
2001-04-04
2017-12-18
CVE-2001-0315
http://marc.info/?l=bugtraq&m=98053777917287&w=2
BUGTRAQ:20010125 mIRC allows password protection to be bypassed
https://exchange.xforce.ibmcloud.com/vulnerabilities/6013
XF:mirc-bypass-password(6013)
CVE-2001-0316
Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call.
2001-05-07
2004-09-02
CVE-2001-0316
http://www.securityfocus.com/bid/2364
BID:2364
http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt
CALDERA:CSSA-2001-009
http://www.osvdb.org/6017
OSVDB:6017
http://www.redhat.com/support/errata/RHSA-2001-013.html
REDHAT:RHSA-2001:013
https://exchange.xforce.ibmcloud.com/vulnerabilities/6079
XF:linux-sysctl-read-memory(6079)
CVE-2001-0317
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.
2001-05-07
2005-11-02
CVE-2001-0317
http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt
CALDERA:CSSA-2001-009
http://www.redhat.com/support/errata/RHSA-2001-013.html
REDHAT:RHSA-2001:013
https://exchange.xforce.ibmcloud.com/vulnerabilities/6080
XF:linux-ptrace-modify-process(6080)
CVE-2001-0318
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
2001-05-07
2005-11-02
CVE-2001-0318
http://marc.info/?l=bugtraq&m=97916525715657&w=2
BUGTRAQ:20010110 proftpd 1.2.0rc2 -- example of bad coding
http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html
BUGTRAQ:20010206 Response to ProFTPD issues
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380
CONECTIVA:CLA-2001:380
http://www.debian.org/security/2001/dsa-029
DEBIAN:DSA-029
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3
MANDRAKE:MDKSA-2001:021
https://exchange.xforce.ibmcloud.com/vulnerabilities/6433
XF:proftpd-format-string(6433)
CVE-2001-0319
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
2001-05-07
2005-11-02
CVE-2001-0319
http://www.securityfocus.com/bid/2350
BID:2350
http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html
BUGTRAQ:20010205 IBM NetCommerce Security
http://www-4.ibm.com/software/webservers/commerce/netcomletter.html
CONFIRM:http://www-4.ibm.com/software/webservers/commerce/netcomletter.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6067
XF:ibm-netcommerce-reveal-information(6067)
CVE-2001-0320
bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument.
2001-04-04
2003-03-21
CVE-2001-0320
http://archives.neohapsis.com/archives/bugtraq/2001-02/0425.html
BUGTRAQ:20010223 Yet another hole in PHP-Nuke
CVE-2001-0321
opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.
2002-03-09
2002-02-26
CVE-2001-0321
http://archives.neohapsis.com/archives/bugtraq/2001-02/0214.html
BUGTRAQ:20010212 Fwd: Re: phpnuke, security problem...
https://exchange.xforce.ibmcloud.com/vulnerabilities/6512
XF:phpnuke-opendir-read-files(6512)
CVE-2001-0322
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.
2001-04-04
2017-12-18
CVE-2001-0322
http://www.securityfocus.com/bid/2202
BID:2202
http://marc.info/?l=bugtraq&m=97958685100219&w=2
BUGTRAQ:20010115 Stack Overflow in MSHTML.DLL
https://exchange.xforce.ibmcloud.com/vulnerabilities/5938
XF:ie-mshtml-dos(5938)
CVE-2001-0323
The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don't Fragment (DF) set" packets between two target hosts, which could cause one host to lower its MTU when transmitting to the other host.
2001-04-04
2017-12-18
CVE-2001-0323
http://marc.info/?l=bugtraq&m=97958349623450&w=2
BUGTRAQ:20010115 ICMP fragmentation required but DF set problems.
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
MANDRIVA:MDVSA-2013:150
https://exchange.xforce.ibmcloud.com/vulnerabilities/5975
XF:icmp-pmtu-dos(5975)
CVE-2001-0324
Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.
2001-04-04
2003-05-08
CVE-2001-0324
http://www.securityfocus.com/bid/2340
BID:2340
http://archives.neohapsis.com/archives/win2ksecadvice/2001-q1/0060.html
BUGTRAQ:20010206 Windows client UDP exhaustion denial of service
CVE-2001-0325
Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large number of arguments to the stat command.
2001-04-04
2003-05-08
CVE-2001-0325
http://www.securityfocus.com/bid/2342
BID:2342
http://archives.neohapsis.com/archives/bugtraq/2001-02/0031.html
BUGTRAQ:20010202 QNX RTP ftpd stack overflow
CVE-2001-0326
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.
2001-05-07
2004-09-02
CVE-2001-0326
http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html
BUGTRAQ:20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine
http://www.osvdb.org/5706
OSVDB:5706
https://exchange.xforce.ibmcloud.com/vulnerabilities/6438
XF:oracle-jvm-file-permissions(6438)
CVE-2001-0327
iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server.
2002-03-09
2002-02-26
CVE-2001-0327
http://www.atstake.com/research/advisories/2001/a041601-1.txt
ATSTAKE:A041601-1
http://www.kb.cert.org/vuls/id/276767
CERT-VN:VU#276767
http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html
CONFIRM:http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html
http://www.osvdb.org/5704
OSVDB:5704
CVE-2001-0328
TCP implementations that use random increments for initial sequence numbers (ISN) can allow remote attackers to perform session hijacking or disruption by injecting a flood of packets with a range of ISN values, one of which may match the expected ISN.
2001-05-24
2019-11-07
CVE-2001-0328
http://www.securityfocus.com/bid/2682
BID:2682
http://www.cert.org/advisories/CA-2001-09.html
CERT:CA-2001-09
https://support.f5.com/csp/article/K19063943?utm_source=f5support&utm_medium=RSS
CONFIRM:https://support.f5.com/csp/article/K19063943?utm_source=f5support&utm_medium=RSS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4922
OVAL:oval:org.mitre.oval:def:4922
http://www.securitytracker.com/id/1033181
SECTRACK:1033181
http://secunia.com/advisories/8044
SECUNIA:8044
ftp://patches.sgi.com/support/free/security/advisories/20030201-01-P
SGI:20030201-01-P
http://securityreason.com/securityalert/57
SREASON:57
CVE-2001-0329
Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi.
2001-05-24
2001-12-05
CVE-2001-0329
http://www.atstake.com/research/advisories/2001/a043001-1.txt
ATSTAKE:A043001-1
http://www.securityfocus.com/bid/1199
BID:1199
http://www.mozilla.org/projects/bugzilla/security2_12.html
CONFIRM:http://www.mozilla.org/projects/bugzilla/security2_12.html
CVE-2001-0330
Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed.
2001-09-18
2005-11-02
CVE-2001-0330
http://www.atstake.com/research/advisories/2001/a043001-1.txt
ATSTAKE:A043001-1
http://www.securityfocus.com/bid/2671
BID:2671
https://exchange.xforce.ibmcloud.com/vulnerabilities/6489
XF:bugzilla-gobalpl-gain-information(6489)
CVE-2001-0331
Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands.
2001-09-18
2005-11-02
CVE-2001-0331
http://www.securityfocus.com/bid/2714
BID:2714
http://www.kb.cert.org/vuls/id/258632
CERT-VN:VU#258632
http://xforce.iss.net/alerts/advise76.php
ISS:20010509 Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure
http://xforce.iss.net/alerts/advise76.php
ISS:20010509 Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure
http://www.osvdb.org/1822
OSVDB:1822
ftp://patches.sgi.com/support/free/security/advisories/20010501-01-P
SGI:20010501-01-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/6502
XF:irix-espd-bo(6502)
CVE-2001-0332
Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability.
2001-05-24
2018-10-12
CVE-2001-0332
http://marc.info/?l=bugtraq&m=98609031517525&w=2
BUGTRAQ:20010330 Security bug in Internet Explorer - MSScriptControl.ScriptControl
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027
MS:MS01-027
CVE-2001-0333
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
2001-09-18
2004-09-02
CVE-2001-0333
http://www.securityfocus.com/bid/2708
BID:2708
http://marc.info/?l=bugtraq&m=98992056521300&w=2
BUGTRAQ:20010515 NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability
http://www.cert.org/advisories/CA-2001-12.html
CERT:CA-2001-12
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026
MS:MS01-026
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1018
OVAL:oval:org.mitre.oval:def:1018
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1051
OVAL:oval:org.mitre.oval:def:1051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A37
OVAL:oval:org.mitre.oval:def:37
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A78
OVAL:oval:org.mitre.oval:def:78
https://exchange.xforce.ibmcloud.com/vulnerabilities/6534
XF:iis-url-decoding(6534)
CVE-2001-0334
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
2001-09-18
2005-11-02
CVE-2001-0334
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026
MS:MS01-026
https://exchange.xforce.ibmcloud.com/vulnerabilities/6535
XF:iis-ftp-wildcard-dos(6535)
CVE-2001-0335
FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.
2001-09-18
2005-11-02
CVE-2001-0335
http://www.securityfocus.com/bid/2719
BID:2719
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026
MS:MS01-026
https://exchange.xforce.ibmcloud.com/vulnerabilities/6545
XF:iis-ftp-domain-authentication(6545)
CVE-2001-0336
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.
2001-09-18
2004-09-02
CVE-2001-0336
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026
MS:MS01-026
http://www.osvdb.org/5693
OSVDB:5693
https://exchange.xforce.ibmcloud.com/vulnerabilities/6858
XF:iis-crosssitescripting-patch-dos(6858)
CVE-2001-0337
The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier introduce a memory leak which allows attackers to cause a denial of service via a series of requests.
2001-05-24
2018-10-12
CVE-2001-0337
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026
MS:MS01-026
CVE-2001-0338
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."
2001-09-18
2005-11-02
CVE-2001-0338
http://www.securityfocus.com/bid/2735
BID:2735
http://www.ciac.org/ciac/bulletins/l-087.shtml
CIAC:L-087
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027
MS:MS01-027
https://exchange.xforce.ibmcloud.com/vulnerabilities/6555
XF:ie-crl-certificate-spoofing(6555)
CVE-2001-0339
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."
2001-09-18
2004-09-02
CVE-2001-0339
http://www.securityfocus.com/bid/2737
BID:2737
http://www.ciac.org/ciac/bulletins/l-087.shtml
CIAC:L-087
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027
MS:MS01-027
http://www.osvdb.org/5694
OSVDB:5694
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1096
OVAL:oval:org.mitre.oval:def:1096
https://exchange.xforce.ibmcloud.com/vulnerabilities/6556
XF:ie-html-url-spoofing(6556)
CVE-2001-0340
An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
2001-09-18
2005-11-02
CVE-2001-0340
http://www.ciac.org/ciac/bulletins/l-091.shtml
CIAC:L-091
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-030
MS:MS01-030
https://exchange.xforce.ibmcloud.com/vulnerabilities/6652
XF:exchange-owa-script-execution(6652)
CVE-2001-0341
Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.
2001-09-18
2004-09-02
CVE-2001-0341
http://www.securityfocus.com/bid/2906
BID:2906
http://marc.info/?l=bugtraq&m=99348216322147&w=2
BUGTRAQ:20010625 NSFOCUS SA2001-03 : Microsoft FrontPage 2000 Server Extensions Buffer Overflow Vulnerability
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-035
MS:MS01-035
http://www.osvdb.org/577
OSVDB:577
https://exchange.xforce.ibmcloud.com/vulnerabilities/6730
XF:frontpage-ext-rad-bo(6730)
CVE-2001-0342
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0342
CVE-2001-0343
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0343
CVE-2001-0344
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
2001-09-18
2004-09-02
CVE-2001-0344
http://www.ciac.org/ciac/bulletins/l-095.shtml
CIAC:L-095
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-032
MS:MS01-032
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A71
OVAL:oval:org.mitre.oval:def:71
https://exchange.xforce.ibmcloud.com/vulnerabilities/6684
XF:mssql-cached-connection-access(6684)
CVE-2001-0345
Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
2001-09-18
2005-11-02
CVE-2001-0345
http://www.securityfocus.com/bid/2843
BID:2843
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031
MS:MS01-031
https://exchange.xforce.ibmcloud.com/vulnerabilities/6667
XF:win2k-telnet-idle-sessions-dos(6667)
CVE-2001-0346
Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
2001-09-18
2005-11-02
CVE-2001-0346
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031
MS:MS01-031
https://exchange.xforce.ibmcloud.com/vulnerabilities/6668
XF:win2k-telnet-handle-leak-dos(6668)
CVE-2001-0347
Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
2001-09-18
2004-09-02
CVE-2001-0347
http://www.securityfocus.com/bid/2847
BID:2847
http://www.ciac.org/ciac/bulletins/l-092.shtml
CIAC:L-092
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031
MS:MS01-031
http://www.osvdb.org/5686
OSVDB:5686
https://exchange.xforce.ibmcloud.com/vulnerabilities/6665
XF:win2k-telnet-domain-authentication(6665)
CVE-2001-0348
Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
2001-09-18
2005-11-02
CVE-2001-0348
http://www.securityfocus.com/bid/2838
BID:2838
http://razor.bindview.com/publish/advisories/adv_mstelnet.html
BINDVIEW:20010608 Range checking fault condition in Microsoft Windows 2000 Telnet server
BUGTRAQ:20050511 Microsoft Windows 2000 Telnet server vulnerability
http://www.ciac.org/ciac/bulletins/l-092.shtml
CIAC:L-092
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031
MS:MS01-031
https://exchange.xforce.ibmcloud.com/vulnerabilities/6666
XF:win2k-telnet-username-dos(6666)
CVE-2001-0349
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
2001-07-27
2018-10-12
CVE-2001-0349
http://www.securityfocus.com/bid/2849
BID:2849
http://www.kb.cert.org/vuls/id/587587
CERT-VN:VU#587587
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031
MS:MS01-031
https://exchange.xforce.ibmcloud.com/vulnerabilities/6664
XF:win2k-telnet-pipe-privileges(6664)
CVE-2001-0350
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
2001-07-27
2018-10-12
CVE-2001-0350
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031
MS:MS01-031
https://exchange.xforce.ibmcloud.com/vulnerabilities/6664
XF:win2k-telnet-pipe-privileges(6664)
CVE-2001-0351
Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
2001-09-18
2005-11-02
CVE-2001-0351
http://www.securityfocus.com/bid/2846
BID:2846
http://www.ciac.org/ciac/bulletins/l-092.shtml
CIAC:L-092
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031
MS:MS01-031
https://exchange.xforce.ibmcloud.com/vulnerabilities/6669
XF:win2k-telnet-system-call-dos(6669)
CVE-2001-0352
SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point allow remote attackers to obtain the WEP encryption key by reading it from a MIB when the value should be write-only, via (1) dot11WEPDefaultKeyValue in the dot11WEPDefaultKeysTable of the IEEE 802.11b MIB, or (2) ap128bWepKeyValue in the ap128bWEPKeyTable in the Symbol MIB.
2001-07-27
2022-08-17
CVE-2001-0352
ISS:20010620 Wired-side SNMP WEP key exposure in 802.11b Access Points
https://exchange.xforce.ibmcloud.com/vulnerabilities/6232
MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/6232
CVE-2001-0353
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.
2001-09-18
2005-11-02
CVE-2001-0353
http://www.securityfocus.com/bid/2894
BID:2894
http://www.cert.org/advisories/CA-2001-15.html
CERT:CA-2001-15
http://xforce.iss.net/alerts/advise80.php
ISS:20010619 Remote Buffer Overflow Vulnerability in Solaris Print Protocol Daemon
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/206
SUN:00206
https://exchange.xforce.ibmcloud.com/vulnerabilities/6718
XF:solaris-lpd-bo(6718)
CVE-2001-0354
TheNet CheckBO 1.56 allows remote attackers to cause a denial of service via a flood of characters to the TCP ports which it is listening on.
2001-05-24
2003-05-08
CVE-2001-0354
http://www.securityfocus.com/bid/2634
BID:2634
http://www.securityfocus.com/archive/1/178061
BUGTRAQ:20010420 CheckBO Win9x memo overflow
CVE-2001-0355
Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access arbitrary files via an implementation error in Groupwise system policies.
2001-05-24
2016-10-17
CVE-2001-0355
http://marc.info/?l=bugtraq&m=98185226715517&w=2
BUGTRAQ:20010210 Novell Groupwise Client Vulnerability
CVE-2001-0357
FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.
2001-07-27
2017-12-18
CVE-2001-0357
http://marc.info/?l=bugtraq&m=98433523520344&w=2
BUGTRAQ:20010310 CORRECTION to CODE: FormMail.pl can be used to send anonymous email
https://exchange.xforce.ibmcloud.com/vulnerabilities/6242
XF:formmail-anonymous-flooding(6242)
CVE-2001-0358
Buffer overflows in Sierra Half-Life build 1573 and earlier allow remote attackers to execute arbitrary code via (1) a long map command, (2) a long exec command, or (3) long input in a configuration file.
2001-05-24
2017-12-18
CVE-2001-0358
http://archives.neohapsis.com/archives/bugtraq/2001-03/0111.html
BUGTRAQ:20010309 Advisory: Half-life server buffer overflows and formatting vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/6221
XF:halflife-config-file-bo(6221)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6218
XF:halflife-map-bo(6218)
CVE-2001-0359
Format string vulnerability in Sierra Half-Life build 1573 and earlier allows a remote attacker to execute arbitrary code via the map command.
2001-05-24
2017-12-18
CVE-2001-0359
http://archives.neohapsis.com/archives/bugtraq/2001-03/0111.html
BUGTRAQ:20010309 Advisory: Half-life server buffer overflows and formatting vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/6220
XF:halflife-map-format-string(6220)
CVE-2001-0360
Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and earlier allows a remote attacker to read arbitrary files via a .. (dot dot) attack in the helpon parameter.
2001-05-24
2017-12-18
CVE-2001-0360
http://www.securityfocus.com/bid/2471
BID:2471
http://archives.neohapsis.com/archives/bugtraq/2001-03/0124.html
BUGTRAQ:20010311 Ikonboard v2.1.7b "show files" vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6216
XF:ikonboard-cgi-read-files(6216)
CVE-2001-0361
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
2001-09-18
2009-03-01
CVE-2001-0361
http://www.securityfocus.com/bid/2344
BID:2344
http://marc.info/?l=bugtraq&m=98158450021686&w=2
BUGTRAQ:20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability
http://www.ciac.org/ciac/bulletins/l-047.shtml
CIAC:L-047
CISCO:20010627 Multiple SSH Vulnerabilities
http://www.debian.org/security/2001/dsa-023
DEBIAN:DSA-023
http://www.debian.org/security/2001/dsa-027
DEBIAN:DSA-027
http://www.debian.org/security/2001/dsa-086
DEBIAN:DSA-086
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc
FREEBSD:FreeBSD-SA-01:24
http://www.osvdb.org/2116
OSVDB:2116
http://www.novell.com/linux/security/advisories/adv004_ssh.html
SUSE:SuSE-SA:2001:04
https://exchange.xforce.ibmcloud.com/vulnerabilities/6082
XF:ssh-session-key-recovery(6082)
CVE-2001-0364
SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections.
2002-03-09
2002-02-26
CVE-2001-0364
http://www.securityfocus.com/bid/2477
BID:2477
http://marc.info/?l=bugtraq&m=98467799732241&w=2
BUGTRAQ:20010315 Remote DoS attack against SSH Secure Shell for Windows Servers
https://exchange.xforce.ibmcloud.com/vulnerabilities/6241
XF:ssh-ssheloop-dos(6241)
CVE-2001-0365
Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags.
2002-03-09
2002-02-26
CVE-2001-0365
http://www.securityfocus.com/bid/2490
BID:2490
http://marc.info/?l=bugtraq&m=98503741910995&w=2
BUGTRAQ:20010318 feeble.you!dora.exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/6262
XF:eudora-html-execute-code(6262)
CVE-2001-0366
saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program.
2002-03-09
2002-02-26
CVE-2001-0366
http://www.securityfocus.com/bid/2662
BID:2662
http://www.securityfocus.com/archive/1/180498
BUGTRAQ:20010429 SAP R/3 Web Application Server Demo for Linux: root exploit
ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol
CONFIRM:ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol
https://exchange.xforce.ibmcloud.com/vulnerabilities/6487
XF:linux-sap-execute-code(6487)
CVE-2001-0367
Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote attacker to create a denial of service via HTTP URL requests containing a large number of % characters.
2001-05-24
2016-10-17
CVE-2001-0367
http://www.securityfocus.com/bid/2664
BID:2664
http://marc.info/?l=bugtraq&m=98847544303438&w=2
BUGTRAQ:20010428 Mirabilis ICQ WebFront Plug-in Denial of Service
CVE-2001-0368
Directory traversal vulnerability in BearShare 2.2.2 and earlier allows a remote attacker to read certain files via a URL containing a series of . characters, a variation of the .. (dot dot) attack.
2001-09-18
2004-09-02
CVE-2001-0368
http://www.securityfocus.com/bid/2672
BID:2672
http://www.securityfocus.com/archive/1/180644
BUGTRAQ:20010430 A Serious Security Vulnerability Found in BearShare (Directory Traversal)
http://www.osvdb.org/1810
OSVDB:1810
https://exchange.xforce.ibmcloud.com/vulnerabilities/6481
XF:bearshare-dot-download-files(6481)
CVE-2001-0369
Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a local attacker to obtain root access via a long command line argument (non-existent printer name).
2001-05-24
2017-12-18
CVE-2001-0369
http://marc.info/?l=bugtraq&m=98511407131984&w=2
BUGTRAQ:20010319 DGUX lpsched buffer overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/6258
XF:dgux-lpsched-bo(6258)
CVE-2001-0370
fcheck prior to 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters.
2001-05-24
2017-12-18
CVE-2001-0370
http://marc.info/?l=bugtraq&m=98521301510554&w=2
BUGTRAQ:20010320 fcheck prior to 2.07.59 - vulnerability - improper use of perl 'magic open'
https://exchange.xforce.ibmcloud.com/vulnerabilities/6256
XF:fcheck-open-execute-commands(6256)
CVE-2001-0371
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.
2002-03-09
2002-02-26
CVE-2001-0371
http://archives.neohapsis.com/archives/freebsd/2001-03/0403.html
FREEBSD:FreeBSD-SA-01:30
http://www.osvdb.org/5682
OSVDB:5682
https://exchange.xforce.ibmcloud.com/vulnerabilities/6268
XF:ufs-ext2fs-data-disclosure(6268)
CVE-2001-0372
Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores (1) barry, (2) basic, or (3) construct.
2001-05-24
2017-12-18
CVE-2001-0372
http://www.securityfocus.com/bid/2499
BID:2499
http://archives.neohapsis.com/archives/bugtraq/2001-03/0337.html
BUGTRAQ:20010323 FW: Akopia Interchange E-commerce Package Demo Files Vulnerability
http://lists.akopia.com/pipermail/interchange-announce/2001/000009.html
CONFIRM:http://lists.akopia.com/pipermail/interchange-announce/2001/000009.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6273
XF:akopia-interchange-gain-access(6273)
CVE-2001-0373
The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.
2002-03-09
2002-03-01
CVE-2001-0373
http://www.securityfocus.com/bid/2501
BID:2501
http://archives.neohapsis.com/archives/bugtraq/2001-03/0336.html
BUGTRAQ:20010323 NT crash dump files insecure by default
http://www.osvdb.org/5683
OSVDB:5683
https://exchange.xforce.ibmcloud.com/vulnerabilities/6275
XF:win-userdmp-insecure-permission(6275)
CVE-2001-0374
The HTTP server in Compaq web-enabled management software for (1) Foundation Agents, (2) Survey, (3) Power Manager, (4) Availability Agents, (5) Intelligent Cluster Administrator, and (6) Insight Manager can be used as a generic proxy server, which allows remote attackers to bypass access restrictions via the management port, 2301.
2001-05-24
2017-12-18
CVE-2001-0374
http://archives.neohapsis.com/archives/vuln-dev/2001-q1/0779.html
BUGTRAQ:20010322 Compaq Insight Manager Proxy Vuln
http://www.compaq.com/products/servers/management/mgtsw-advisory.html
COMPAQ:SSRT0715
https://exchange.xforce.ibmcloud.com/vulnerabilities/6264
XF:compaq-wbm-bypass-proxy(6264)
CVE-2001-0375
Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests.
2004-09-01
2004-07-22
CVE-2001-0375
http://www.securityfocus.com/bid/2551
BID:2551
http://marc.info/?l=bugtraq&m=98658271707833&w=2
BUGTRAQ:20010406 PIX Firewall 5.1 DoS Vulnerability
http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml
CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6353
XF:cisco-pix-tacacs-dos(6353)
CVE-2001-0376
SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC with IKE pre-shared keys do not allow for the use of full 128 byte IKE pre-shared keys, which is the intended design of the IKE pre-shared key, and only support 48 byte keys. This allows a remote attacker to brute force attack the pre-shared keys with significantly less resources than if the full 128 byte IKE pre-shared keys were used.
2001-05-24
2017-12-18
CVE-2001-0376
http://archives.neohapsis.com/archives/bugtraq/2001-03/0403.html
BUGTRAQ:20010327 SonicWall IKE pre-shared key length bug and security concern
https://exchange.xforce.ibmcloud.com/vulnerabilities/6304
XF:sonicwall-ike-shared-keys(6304)
CVE-2001-0377
Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string.
2001-09-18
2004-09-02
CVE-2001-0377
http://archives.neohapsis.com/archives/bugtraq/2001-03/0428.html
BUGTRAQ:20010328 Inframail Denial of Service Vulnerability
http://www.osvdb.org/5685
OSVDB:5685
https://exchange.xforce.ibmcloud.com/vulnerabilities/6297
XF:inframail-post-dos(6297)
CVE-2001-0378
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
2001-09-18
2004-09-02
CVE-2001-0378
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch
CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch
http://www.osvdb.org/5680
OSVDB:5680
https://exchange.xforce.ibmcloud.com/vulnerabilities/6586
XF:bsd-readline-permissions(6586)
CVE-2001-0379
Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.
2001-09-18
2009-03-01
CVE-2001-0379
http://www.kb.cert.org/vuls/id/249224
CERT-VN:VU#249224
http://archives.neohapsis.com/archives/hp/2001-q1/0101.html
HP:HPSBUX0103-147
http://www.osvdb.org/5681
OSVDB:5681
https://exchange.xforce.ibmcloud.com/vulnerabilities/6282
XF:hp-newgrp-additional-privileges(6282)
CVE-2001-0380
Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'.
2001-05-24
2017-10-18
CVE-2001-0380
http://archives.neohapsis.com/archives/bugtraq/2001-03/0364.html
BUGTRAQ:200103 ILMI community in olicom/crosscomm routers
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5718
OVAL:oval:org.mitre.oval:def:5718
CVE-2001-0381
The OpenPGP PGP standard allows an attacker to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key.
2001-05-24
2017-07-10
CVE-2001-0381
http://www.securityfocus.com/bid/2673
BID:2673
http://archives.neohapsis.com/archives/bugtraq/2001-03/0252.html
BUGTRAQ:20010319 Have they found a serious PGP vulnerability?!
http://archives.neohapsis.com/archives/bugtraq/2001-03/0274.html
BUGTRAQ:20010320 Yes, they have found a serious PGP vulnerability...sort of
http://archives.neohapsis.com/archives/bugtraq/2001-03/0311.html
BUGTRAQ:20010322 Re: Yes, they have found a serious PGP vulnerability...sort of
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-017.0.txt
CALDERA:CSSA-2001-017.0
http://www.osvdb.org/11966
OSVDB:11966
http://www.redhat.com/support/errata/RHSA-2001-063.html
REDHAT:RHSA-2001:063
https://exchange.xforce.ibmcloud.com/vulnerabilities/6558
XF:openpgp-private-key-disclosure(6558)
CVE-2001-0382
Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application.
2001-05-24
2003-05-08
CVE-2001-0382
http://archives.neohapsis.com/archives/ntbugtraq/2001-q2/0001.html
NTBUGTRAQ:20010327 CA CCC\Harvest exploit
CVE-2001-0383
banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.
2001-09-18
2005-11-02
CVE-2001-0383
http://www.securityfocus.com/bid/2544
BID:2544
http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html
BUGTRAQ:20010401 Php-nuke exploit...
http://phpnuke.org/download.php?dcategory=Fixes
CONFIRM:http://phpnuke.org/download.php?dcategory=Fixes
https://exchange.xforce.ibmcloud.com/vulnerabilities/6342
XF:php-nuke-url-redirect(6342)
CVE-2001-0384
ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file.
2001-05-24
2003-05-08
CVE-2001-0384
http://www.securityfocus.com/bid/2606
BID:2606
http://www.securityfocus.com/archive/1/176709
BUGTRAQ:20010414 Re: Reliant Unix 5.43 / 5.44 ICMP port unreachable problem
CVE-2001-0385
GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.
2001-05-24
2017-12-19
CVE-2001-0385
http://www.securityfocus.com/bid/2607
BID:2607
http://archives.neohapsis.com/archives/bugtraq/2001-04/0281.html
BUGTRAQ:20010417 Advisory for GoAhead Webserver v2.1
http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
CONFIRM:http://freecode.com/projects/embedthis-goahead-webserver/releases/343539
http://www.osvdb.org/6664
OSVDB:6664
http://osvdb.org/81099
OSVDB:81099
https://exchange.xforce.ibmcloud.com/vulnerabilities/6400
XF:goahead-aux-dos(6400)
CVE-2001-0386
AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.
2002-03-09
2002-02-26
CVE-2001-0386
http://www.securityfocus.com/bid/2608
BID:2608
http://www.securityfocus.com/archive/1/177156
BUGTRAQ:20010417 Advisory for SimpleServer:WWW (analogX)
http://www.osvdb.org/3781
OSVDB:3781
https://exchange.xforce.ibmcloud.com/vulnerabilities/6395
XF:analogx-simpleserver-aux-dos(6395)
CVE-2001-0387
Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.
2001-09-18
2004-09-02
CVE-2001-0387
http://www.securityfocus.com/bid/2574
BID:2574
http://www.securityfocus.com/archive/1/175963
BUGTRAQ:20010412 HylaFAX vulnerability
http://archives.neohapsis.com/archives/bugtraq/2001-04/0236.html
BUGTRAQ:20010415 **SECURITY ADVISORY** - HylaFAX format string vulnerability
http://archives.neohapsis.com/archives/freebsd/2001-04/0606.html
FREEBSD:FreeBSD-SA-01:34
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-041.php3
MANDRAKE:MDKSA-2001:041
http://www.osvdb.org/5679
OSVDB:5679
http://lists.suse.com/archives/suse-security-announce/2001-Apr/0005.html
SUSE:SuSE-SA:2001:15
https://exchange.xforce.ibmcloud.com/vulnerabilities/6377
XF:hylafax-hfaxd-format-string(6377)
CVE-2001-0388
time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
2001-09-18
2005-11-02
CVE-2001-0388
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc
FREEBSD:FreeBSD-SA-01:28
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-034.php3
MANDRAKE:MDKSA-2001:034
http://www.novell.com/linux/security/advisories/2001_007_nkitserv.html
SUSE:SuSE-SA:2001:07
https://exchange.xforce.ibmcloud.com/vulnerabilities/6228
XF:timed-remote-dos(6228)
CVE-2001-0389
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.
2001-05-24
2003-05-08
CVE-2001-0389
http://www.securityfocus.com/bid/2587
BID:2587
http://www.securityfocus.com/archive/1/176100
BUGTRAQ:20010413 [LoWNOISE] IBM Websphere/NetCommerce3 DoS and one more.
CVE-2001-0390
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters.
2001-05-24
2003-05-08
CVE-2001-0390
http://www.securityfocus.com/bid/2588
BID:2588
http://www.securityfocus.com/archive/1/176100
BUGTRAQ:20010413 [LoWNOISE] IBM Websphere/NetCommerce3 DoS and one more.
CVE-2001-0391
Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.
2001-05-24
2002-04-12
CVE-2001-0391
http://archives.neohapsis.com/archives/bugtraq/2001-04/0277.html
BUGTRAQ:20010417 Advisory for Xitami 2.4d7, 2.5d4
CVE-2001-0392
Navision Financials Server 2.60 and earlier allows remote attackers to cause a denial of service by sending a null character and a long string to the server port (2407), which causes the server to crash.
2001-05-24
2016-10-17
CVE-2001-0392
http://www.securityfocus.com/bid/2539
BID:2539
http://marc.info/?l=bugtraq&m=98633100728473&w=2
BUGTRAQ:20010403 def-2001-17: Navision Financials Server DoS
CVE-2001-0393
Navision Financials Server 2.0 allows remote attackers to cause a denial of service via a series of connections to the server without providing a username/password combination, which consumes the license limits.
2001-05-24
2016-10-17
CVE-2001-0393
http://marc.info/?l=bugtraq&m=98637870623514&w=2
BUGTRAQ:20010404 Re: def-2001-17: Navision Financials Server DoS
CVE-2001-0394
Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.
2002-03-09
2002-02-26
CVE-2001-0394
http://archives.neohapsis.com/archives/bugtraq/2001-03/0425.html
BUGTRAQ:20010328 def-2001-15: Website Pro Remote Manager DoS
http://www.osvdb.org/5669
OSVDB:5669
https://exchange.xforce.ibmcloud.com/vulnerabilities/6295
XF:website-pro-remote-dos(6295)
CVE-2001-0395
Lightwave ConsoleServer 3200 does not disconnect users after unsuccessful login attempts, which could allow remote attackers to conduct brute force password guessing.
2001-05-24
2003-05-08
CVE-2001-0395
http://www.securityfocus.com/bid/2578
BID:2578
http://archives.neohapsis.com/archives/bugtraq/2001-04/0170.html
BUGTRAQ:20010410 Console 3200 telnetd problem.
CVE-2001-0396
The pre-login mode in the System Administrator interface of Lightwave ConsoleServer 3200 allows remote attackers to obtain sensitive information such as system status, configuration, and users.
2001-05-24
2003-05-08
CVE-2001-0396
http://www.securityfocus.com/bid/2578
BID:2578
http://archives.neohapsis.com/archives/bugtraq/2001-04/0170.html
BUGTRAQ:20010410 Console 3200 telnetd problem.
CVE-2001-0397
Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long SMTP HELO command.
2001-05-24
2003-05-08
CVE-2001-0397
http://archives.neohapsis.com/archives/bugtraq/2001-03/0454.html
BUGTRAQ:20010329 Silent Runner Collector - HELO buffer overflow vulnerability
CVE-2001-0398
The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon.
2001-05-24
2003-03-21
CVE-2001-0398
http://www.securityfocus.com/bid/2530
BID:2530
http://archives.neohapsis.com/archives/bugtraq/2001-04/0013.html
BUGTRAQ:20010402 ~..~!guano
CVE-2001-0399
Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request.
2001-05-24
2016-10-17
CVE-2001-0399
http://www.securityfocus.com/bid/2533
BID:2533
http://marc.info/?l=bugtraq&m=98633597813833&w=2
BUGTRAQ:20010403 CHINANSL Security Advisory(CSA-200111)
CVE-2001-0400
nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address.
2001-05-24
2003-05-08
CVE-2001-0400
http://www.securityfocus.com/bid/2563
BID:2563
http://www.securityfocus.com/archive/1/175506
BUGTRAQ:20010410 CGI - nph-maillist.pl vulnerability...
CVE-2001-0401
Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
2001-05-24
2017-12-18
CVE-2001-0401
http://www.securityfocus.com/bid/2475
BID:2475
http://archives.neohapsis.com/archives/bugtraq/2001-03/0394.html
BUGTRAQ:20010327 Solaris /usr/bin/tip Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6284
XF:solaris-tip-bo(6284)
CVE-2001-0402
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.
2001-09-18
2005-11-02
CVE-2001-0402
http://marc.info/?l=bugtraq&m=98679734015538&w=2
BUGTRAQ:20010408 A fragmentation attack against IP Filter
http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html
FREEBSD:FreeBSD-SA-01:32
https://exchange.xforce.ibmcloud.com/vulnerabilities/6331
XF:ipfilter-access-ports(6331)
CVE-2001-0403
/opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI.
2001-05-24
2017-12-18
CVE-2001-0403
http://archives.neohapsis.com/archives/bugtraq/2001-03/0326.html
BUGTRAQ:20010323 [ Hackerslab bug_paper ] SunOS application perfmon vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6267
XF:solaris-perfmon-create-files(6267)
CVE-2001-0404
Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory.
2001-05-24
2016-10-17
CVE-2001-0404
http://marc.info/?l=bugtraq&m=98583089425166&w=2
BUGTRAQ:20010328 CHINANSL Security Advisory(CSA-200106)
CVE-2001-0405
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.
2001-09-18
2004-09-02
CVE-2001-0405
http://www.securityfocus.com/bid/2602
BID:2602
http://archives.neohapsis.com/archives/bugtraq/2001-04/0271.html
BUGTRAQ:20010416 Tempest Security Techonologies -- Adivsory #01/2001 -- Linux IPTables
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-071.php3
MANDRAKE:MDKSA-2001:071
http://www.redhat.com/support/errata/RHSA-2001-052.html
REDHAT:RHSA-2001:052
http://www.redhat.com/support/errata/RHSA-2001-084.html
REDHAT:RHSA-2001:084
https://exchange.xforce.ibmcloud.com/vulnerabilities/6390
XF:linux-netfilter-iptables(6390)
CVE-2001-0406
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
2001-05-24
2005-05-08
CVE-2001-0406
http://www.securityfocus.com/bid/2617
BID:2617
http://archives.neohapsis.com/archives/bugtraq/2001-04/0305.html
BUGTRAQ:20010417 Samba 2.0.8 security fix
http://archives.neohapsis.com/archives/bugtraq/2001-04/0326.html
BUGTRAQ:20010418 PROGENY-SA-2001-05: Samba /tmp vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2001-04/0319.html
BUGTRAQ:20010418 TSLSA-#2001-0005 - samba
http://www.caldera.com/support/security/advisories/CSSA-2001-015.0.txt
CALDERA:CSSA-2001-015.0
http://www.kb.cert.org/vuls/id/670568
CERT-VN:VU#670568
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000395
CONECTIVA:CLA-2001:395
http://www.debian.org/security/2001/dsa-048
DEBIAN:DSA-048
http://archives.neohapsis.com/archives/freebsd/2001-04/0608.html
FREEBSD:FreeBSD-SA-01:36
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-040.php3
MANDRAKE:MDKSA-2001:040
CVE-2001-0407
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
2002-03-09
2002-02-26
CVE-2001-0407
http://www.securityfocus.com/bid/2522
BID:2522
http://archives.neohapsis.com/archives/bugtraq/2001-03/0237.html
BUGTRAQ:20010318 potential vulnerability of mysqld running with root privileges (can be used as good DoS or r00t expoloit)
http://archives.neohapsis.com/archives/bugtraq/2001-03/0396.html
BUGTRAQ:20010327 MySQL 3.23.36 is relased (fwd)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6617
XF:mysql-dot-directory-traversal(6617)
CVE-2001-0408
vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.
2001-09-18
2005-11-02
CVE-2001-0408
http://www.securityfocus.com/bid/2510
BID:2510
http://marc.info/?l=bugtraq&m=98593106111968&w=2
BUGTRAQ:20010329 Immunix OS Security update for vim
http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt
CALDERA:CSSA-2001-014.0
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-035.php3
MANDRAKE:MDKSA-2001:035
http://www.redhat.com/support/errata/RHSA-2001-008.html
REDHAT:RHSA-2001:008
http://www.novell.com/linux/security/advisories/2001_012_vim.html
SUSE:SuSE-SA:2001:12
https://exchange.xforce.ibmcloud.com/vulnerabilities/6259
XF:vim-elevate-privileges(6259)
CVE-2001-0409
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
2001-09-18
2005-11-02
CVE-2001-0409
http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt
CALDERA:CSSA-2001-014.0
http://www.novell.com/linux/security/advisories/2001_012_vim.html
SUSE:SuSE-SA:2001:12
https://exchange.xforce.ibmcloud.com/vulnerabilities/6628
XF:vim-tmp-symlink(6628)
CVE-2001-0410
Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long "From" header.
2001-05-24
2016-10-17
CVE-2001-0410
http://marc.info/?l=bugtraq&m=98593642520755&w=2
BUGTRAQ:20010330 Virus Buster 2001(ver8.02) Buffer Overflow
CVE-2001-0411
Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet.
2001-05-24
2016-10-17
CVE-2001-0411
http://marc.info/?l=bugtraq&m=98658209505849&w=2
BUGTRAQ:20010406 Reliant Unix 5.43 / 5.44 ICMP port unreachable problem
CVE-2001-0412
Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
2001-09-18
2004-09-02
CVE-2001-0412
http://www.securityfocus.com/bid/2559
BID:2559
http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml
CISCO:20010404 Cisco Content Services Switch User Account Vulnerability
http://www.osvdb.org/1784
OSVDB:1784
https://exchange.xforce.ibmcloud.com/vulnerabilities/6322
XF:cisco-css-elevate-privileges(6322)
CVE-2001-0413
BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang.
2001-09-18
2005-11-02
CVE-2001-0413
http://marc.info/?l=bugtraq&m=98644414226344&w=2
BUGTRAQ:20010404 BinTec X4000 Access Router DoS Vulnerability
http://marc.info/?l=bugtraq&m=98659862317070&w=2
BUGTRAQ:20010406 X4000 DoS: Details and workaround
http://marc.info/?l=bugtraq&m=98697054804197&w=2
BUGTRAQ:20010409 BINTEC X1200
http://archives.neohapsis.com/archives/bugtraq/2001-04/0145.html
BUGTRAQ:20010410 BinTec Router DoS: Workaround and Details
https://exchange.xforce.ibmcloud.com/vulnerabilities/6323
XF:bintec-x4000-nmap-dos(6323)
CVE-2001-0414
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
2001-09-18
2009-03-01
CVE-2001-0414
http://www.securityfocus.com/bid/2540
BID:2540
http://marc.info/?l=bugtraq&m=98642418618512&w=2
BUGTRAQ:20010404 ntpd =< 4.0.99k remote buffer overflow
http://marc.info/?l=bugtraq&m=98654963328381&w=2
BUGTRAQ:20010405 Re: ntpd =< 4.0.99k remote buffer overflow]
http://marc.info/?l=bugtraq&m=98659782815613&w=2
BUGTRAQ:20010406 Immunix OS Security update for ntp and xntp3
http://marc.info/?l=bugtraq&m=98679815917014&w=2
BUGTRAQ:20010408 [slackware-security] buffer overflow fix for NTP
http://marc.info/?l=bugtraq&m=98684202610470&w=2
BUGTRAQ:20010409 PROGENY-SA-2001-02: ntpd remote buffer overflow
http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html
BUGTRAQ:20010409 [ESA-20010409-01] xntp buffer overflow
http://marc.info/?l=bugtraq&m=98683952401753&w=2
BUGTRAQ:20010409 ntp-4.99k23.tar.gz is available
http://marc.info/?l=bugtraq&m=98684532921941&w=2
BUGTRAQ:20010409 ntpd - new Debian 2.2 (potato) version is also vulnerable
http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html
BUGTRAQ:20010413 PROGENY-SA-2001-02A: [UPDATE] ntpd remote buffer overflow
http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html
BUGTRAQ:20010418 IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp
http://www.calderasystems.com/support/security/advisories/CSSA-2001-013.0.txt
CALDERA:CSSA-2001-013
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000392
CONECTIVA:CLA-2001:392
https://www.debian.org/security/2001/dsa-045
DEBIAN:DSA-045
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:31.ntpd.asc
FREEBSD:FreeBSD-SA-01:31
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-036.php3
MANDRAKE:MDKSA-2001:036
ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-004.txt.asc
NETBSD:NetBSD-SA2001-004
http://www.osvdb.org/805
OSVDB:805
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3831
OVAL:oval:org.mitre.oval:def:3831
http://www.redhat.com/support/errata/RHSA-2001-045.html
REDHAT:RHSA-2001:045
ftp://ftp.sco.com/SSE/sse073.ltr
SCO:SSE073
ftp://ftp.sco.com/SSE/sse074.ltr
SCO:SSE074
http://lists.suse.com/archives/suse-security-announce/2001-Apr/0000.html
SUSE:SuSE-SA:2001:10
https://exchange.xforce.ibmcloud.com/vulnerabilities/6321
XF:ntpd-remote-bo(6321)
CVE-2001-0415
REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts.
2001-05-24
2017-12-18
CVE-2001-0415
http://www.securityfocus.com/bid/2495
BID:2495
http://archives.neohapsis.com/archives/bugtraq/2001-03/0275.html
BUGTRAQ:20010320 Password stored in clear text vulnerability in real time stock trading program
https://exchange.xforce.ibmcloud.com/vulnerabilities/6276
XF:rediplus-weak-security(6276)
CVE-2001-0416
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
2002-03-09
2002-02-26
CVE-2001-0416
http://www.securityfocus.com/bid/2506
BID:2506
http://www.securityfocus.com/bid/2683
BID:2683
http://marc.info/?l=bugtraq&m=98477491130367&w=2
BUGTRAQ:20010316 Immunix OS Security update for sgml-tools
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000390
CONECTIVA:CLA-2001:390
http://www.debian.org/security/2001/dsa-038
DEBIAN:DSA-038
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-030.php3
MANDRAKE:MDKSA-2001:030
http://www.redhat.com/support/errata/RHSA-2001-027.html
REDHAT:RHSA-2001:027
http://www.novell.com/linux/security/advisories/2001_016_sgmltool_txt.html
SUSE:SuSE-SA:2001:16
https://exchange.xforce.ibmcloud.com/vulnerabilities/6201
XF:sgmltools-symlink(6201)
CVE-2001-0417
Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.
2001-05-24
2002-04-27
CVE-2001-0417
http://archives.neohapsis.com/archives/bugtraq/2001-03/0078.html
BUGTRAQ:20010307 Security advisory: Unsafe temporary file handling in krb4
http://www.redhat.com/support/errata/RHSA-2001-025.html
REDHAT:RHSA-2001:025
CVE-2001-0418
content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter.
2001-05-24
2003-05-08
CVE-2001-0418
http://www.securityfocus.com/bid/2584
BID:2584
http://archives.neohapsis.com/archives/bugtraq/2001-04/0223.html
BUGTRAQ:20010413 Exploitable NCM.at - Content Management System
CVE-2001-0419
Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.
2001-05-24
2016-10-17
CVE-2001-0419
http://www.securityfocus.com/bid/2569
BID:2569
http://marc.info/?l=bugtraq&m=98692227816141&w=2
BUGTRAQ:20010410 Oracle Application Server shared library buffer overflow
CVE-2001-0420
Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter.
2001-05-24
2003-03-21
CVE-2001-0420
http://www.securityfocus.com/bid/2547
BID:2547
http://archives.neohapsis.com/archives/bugtraq/2001-04/0128.html
BUGTRAQ:20010409 talkback.cgi vulnerability may allow users to read any file
CVE-2001-0421
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.
2001-05-24
2002-02-11
CVE-2001-0421
http://www.securityfocus.com/bid/2601
BID:2601
http://www.securityfocus.com/archive/1/177200
BUGTRAQ:20010417 Re: SUN SOLARIS 5.6/5.7 FTP Globbing Exploit !
CVE-2001-0422
Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
2002-03-09
2002-02-22
CVE-2001-0422
http://www.securityfocus.com/bid/2561
BID:2561
http://archives.neohapsis.com/archives/bugtraq/2001-04/0158.html
BUGTRAQ:20010410 Solaris Xsun buffer overflow vulnerability
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A555
OVAL:oval:org.mitre.oval:def:555
SUNBUG:4356377
SUNBUG:4425845
SUNBUG:4440161
https://exchange.xforce.ibmcloud.com/vulnerabilities/6343
XF:solaris-xsun-home-bo(6343)
CVE-2001-0423
Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093.
2004-09-01
2004-07-22
CVE-2001-0423
http://www.securityfocus.com/bid/2581
BID:2581
http://archives.neohapsis.com/archives/bugtraq/2001-04/0217.html
BUGTRAQ:20010412 Solaris ipcs vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6369
XF:solaris-ipcs-bo(6369)
CVE-2001-0424
BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.
2001-05-24
2016-10-17
CVE-2001-0424
http://www.securityfocus.com/bid/2609
BID:2609
http://marc.info/?l=bugtraq&m=98744422105430&w=2
BUGTRAQ:20010415 BubbleMon 1.31
CVE-2001-0425
AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information.
2001-05-24
2003-05-08
CVE-2001-0425
http://www.securityfocus.com/bid/2393
BID:2393
http://www.securityfocus.com/archive/1/163942
BUGTRAQ:20010219 Adcycle 0.78b Authentication
CVE-2001-0426
Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable.
2001-05-24
2002-02-11
CVE-2001-0426
http://archives.neohapsis.com/archives/bugtraq/2001-04/0203.html
BUGTRAQ:20010411 [LSD] Solaris kcsSUNWIOsolf.so and dtsession vulnerabilities
CVE-2001-0427
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.
2001-09-18
2004-09-02
CVE-2001-0427
http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml
CISCO:20010328 VPN3000 Concentrator TELNET Vulnerability
http://www.osvdb.org/5643
OSVDB:5643
https://exchange.xforce.ibmcloud.com/vulnerabilities/6298
XF:cisco-vpn-telnet-dos(6298)
CVE-2001-0428
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option.
2001-09-18
2004-09-02
CVE-2001-0428
http://www.securityfocus.com/bid/2573
BID:2573
http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml
CISCO:20010412 VPN 3000 Concentrator IP Options Vulnerability
http://www.osvdb.org/1786
OSVDB:1786
https://exchange.xforce.ibmcloud.com/vulnerabilities/6360
XF:cisco-vpn-ip-dos(6360)
CVE-2001-0429
Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.
2001-09-18
2005-11-02
CVE-2001-0429
http://www.securityfocus.com/bid/2604
BID:2604
http://www.ciac.org/ciac/bulletins/l-072.shtml
CIAC:L-072
http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml
CISCO:20010416 Catalyst 5000 Series 802.1x Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6379
XF:cisco-catalyst-8021x-dos(6379)
CVE-2001-0430
Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.
2001-09-18
2004-09-02
CVE-2001-0430
https://www.debian.org/security/2001/dsa-046
DEBIAN:DSA-046
http://www.osvdb.org/5642
OSVDB:5642
https://exchange.xforce.ibmcloud.com/vulnerabilities/6388
XF:exuberant-ctags-symlink(6388)
CVE-2001-0431
Vulnerability in iPlanet Web Server Enterprise Edition 4.x.
2001-05-24
2003-03-21
CVE-2001-0431
http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html
BUGTRAQ:20010417 iPlanet Web Server 4.x Product Alert
http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html
CONFIRM:http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html
CVE-2001-0432
Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands.
2001-05-24
2003-05-08
CVE-2001-0432
http://www.securityfocus.com/bid/2579
BID:2579
http://archives.neohapsis.com/archives/bugtraq/2001-04/0218.html
BUGTRAQ:20010413 Trend Micro Interscan VirusWall 3.01 vulnerability
CVE-2001-0433
Buffer overflow in Savant 3.0 web server allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Host HTTP header.
2001-05-24
2016-10-17
CVE-2001-0433
http://marc.info/?l=bugtraq&m=98655083231635&w=2
BUGTRAQ:20010405 Savant 3.0 Denial Of Service
CVE-2001-0434
The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service.
2001-09-18
2005-11-02
CVE-2001-0434
http://ftp.support.compaq.com/patches/.new/html/SSRT0716-01.shtml
COMPAQ:SSRT0716
https://exchange.xforce.ibmcloud.com/vulnerabilities/6355
XF:compaq-activex-dos(6355)
CVE-2001-0435
The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate.
2001-05-24
2016-10-17
CVE-2001-0435
http://marc.info/?l=bugtraq&m=98691775527457&w=2
BUGTRAQ:20010410 [wsir-01/02-03] PGP 7.0 Split Key/Cached Passphrase Vulnerability
CVE-2001-0436
dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.
2001-05-24
2017-12-18
CVE-2001-0436
http://www.securityfocus.com/bid/2611
BID:2611
http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html
BUGTRAQ:20010416 qDefense Advisory: DCForum allows remote read/write/execute
http://www.dcscripts.com/FAQ/sec_2001_03_31.html
CONFIRM:http://www.dcscripts.com/FAQ/sec_2001_03_31.html
http://www.osvdb.org/3862
OSVDB:3862
https://exchange.xforce.ibmcloud.com/vulnerabilities/6392
XF:dcforum-az-expr(6392)
CVE-2001-0437
upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file.
2001-05-24
2017-12-18
CVE-2001-0437
http://www.securityfocus.com/bid/2611
BID:2611
http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html
BUGTRAQ:20010416 qDefense Advisory: DCForum allows remote read/write/execute
http://www.dcscripts.com/FAQ/sec_2001_03_31.html
CONFIRM:http://www.dcscripts.com/FAQ/sec_2001_03_31.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6393
XF:dcforum-az-file-upload(6393)
CVE-2001-0438
Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu.
2001-05-24
2003-05-08
CVE-2001-0438
http://archives.neohapsis.com/archives/bugtraq/2001-04/0337.html
BUGTRAQ:20010418 Hole in Netopia's Mac OS X Timbuktu
CVE-2001-0439
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
2001-09-18
2004-09-02
CVE-2001-0439
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389
CONECTIVA:CLA-2001:389
http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html
FREEBSD:FreeBSD-SA-01:35
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3
MANDRAKE:MDKSA-2001:032
http://www.osvdb.org/5641
OSVDB:5641
http://www.redhat.com/support/errata/RHSA-2001-022.html
REDHAT:RHSA-2001:022
http://www.redhat.com/support/errata/RHSA-2001-023.html
REDHAT:RHSA-2001:023
https://exchange.xforce.ibmcloud.com/vulnerabilities/6261
XF:licq-url-execute-commands(6261)
CVE-2001-0440
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
2001-09-18
2004-09-02
CVE-2001-0440
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389
CONECTIVA:CLA-2001:389
http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html
FREEBSD:FreeBSD-SA-01:35
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3
MANDRAKE:MDKSA-2001:032
http://www.osvdb.org/5601
OSVDB:5601
http://www.redhat.com/support/errata/RHSA-2001-022.html
REDHAT:RHSA-2001:022
http://www.redhat.com/support/errata/RHSA-2001-023.html
REDHAT:RHSA-2001:023
https://exchange.xforce.ibmcloud.com/vulnerabilities/6645
XF:licq-logging-bo(6645)
CVE-2001-0441
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
2001-05-24
2017-12-18
CVE-2001-0441
http://www.securityfocus.com/bid/2493
BID:2493
http://marc.info/?l=bugtraq&m=98471253131191&w=2
BUGTRAQ:20010316 Immunix OS Security update for slrn
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000383
CONECTIVA:CLA-2001:383
http://www.debian.org/security/2001/dsa-040
DEBIAN:DSA-040
http://archives.neohapsis.com/archives/freebsd/2001-04/0610.html
FREEBSD:FreeBSD-SA-01:37
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-028.php3
MANDRAKE:MDKSA-2001:028
http://www.redhat.com/support/errata/RHSA-2001-028.html
REDHAT:RHSA-2001:028
https://exchange.xforce.ibmcloud.com/vulnerabilities/6213
XF:slrn-wrapping-bo(6213)
CVE-2001-0442
Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command.
2002-03-09
2002-02-26
CVE-2001-0442
http://www.securityfocus.com/bid/2641
BID:2641
http://archives.neohapsis.com/archives/bugtraq/2001-04/0378.html
BUGTRAQ:20010421 Mercury for NetWare POP3 server vulnerable to remote buffer overflow
http://online.securityfocus.com/archive/1/179217
BUGTRAQ:20010424 Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow
http://www.iss.net/security_center/static/6444.php
XF:mercury-mta-bo(6444)
CVE-2001-0443
Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via (1) a long username, or (2) a long password.
2001-05-24
2003-05-08
CVE-2001-0443
http://archives.neohapsis.com/archives/bugtraq/2001-04/0227.html
BUGTRAQ:20010413 QPC POPd Buffer Overflow Vulnerability
CVE-2001-0444
Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
2002-03-09
2002-03-01
CVE-2001-0444
http://www.securityfocus.com/bid/2635
BID:2635
http://archives.neohapsis.com/archives/bugtraq/2001-04/0380.html
BUGTRAQ:20010420 Bug in Cisco CBOS v2.3.0.053
http://www.osvdb.org/1796
OSVDB:1796
https://exchange.xforce.ibmcloud.com/vulnerabilities/6453
XF:cisco-cbos-gain-information(6453)
CVE-2001-0446
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
2001-05-24
2016-10-17
CVE-2001-0446
http://marc.info/?l=bugtraq&m=98583082225053&w=2
BUGTRAQ:20010328 CHINANSL Security Advisory(CSA-200107)
CVE-2001-0447
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters.
2001-05-24
2003-03-21
CVE-2001-0447
http://www.securityfocus.com/bid/2514
BID:2514
http://www.securityfocus.com/archive/1/171418
BUGTRAQ:20010326 602Pro Lansuite Denial Of Service 1.0.34
CVE-2001-0448
Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service via an HTTP GET HTTP request to the aux directory, and possibly other directories with legacy DOS device names.
2001-05-24
2003-03-21
CVE-2001-0448
http://www.securityfocus.com/archive/1/171418
BUGTRAQ:20010326 602Pro Lansuite Denial Of Service 1.0.34
CVE-2001-0449
Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option.
2002-03-09
2002-03-01
CVE-2001-0449
http://www.securityfocus.com/archive/1/166211
BUGTRAQ:20010302 def-2001-09: Winzip32 zipandemail Buffer Overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/6191
XF:winzip-zipandemail-bo(6191)
CVE-2001-0450
Directory traversal vulnerability in Transsoft FTP Broker before 5.5 allows attackers to (1) delete arbitrary files via DELETE, or (2) list arbitrary directories via LIST, via a .. (dot dot) in the file name.
2001-05-24
2017-12-18
CVE-2001-0450
http://archives.neohapsis.com/archives/bugtraq/2001-02/0533.html
BUGTRAQ:20010303 Broker Ftp Server 5.0 Vulnerability
http://www.ftp-broker.com/cgibin/Pageexe.exe?H=4143&P=0&C=0
CONFIRM:http://www.ftp-broker.com/cgibin/Pageexe.exe?H=4143&P=0&C=0
https://exchange.xforce.ibmcloud.com/vulnerabilities/6190
XF:broker-ftp-delete-files(6190)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6189
XF:broker-ftp-list-directories(6189)
CVE-2001-0451
INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1.
2001-05-24
2017-12-18
CVE-2001-0451
http://www.securityfocus.com/archive/1/167172
BUGTRAQ:20010307 INDEXU Authentication By-Pass
https://exchange.xforce.ibmcloud.com/vulnerabilities/6202
XF:indexu-gain-access(6202)
CVE-2001-0452
BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.
2001-05-24
2003-03-21
CVE-2001-0452
http://www.securityfocus.com/bid/2676
BID:2676
http://www.securityfocus.com/archive/1/180506
BUGTRAQ:20010428 Vulnerabilities in BRS WebWeaver
http://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.html
CONFIRM:http://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.html
CVE-2001-0453
Directory traversal vulnerability in BRS WebWeaver HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack in the (1) syshelp, (2) sysimages, or (3) scripts directories.
2001-05-24
2003-05-08
CVE-2001-0453
http://www.securityfocus.com/bid/2675
BID:2675
http://archives.neohapsis.com/archives/bugtraq/2001-04/0519.html
BUGTRAQ:20010428 Vulnerabilities in BRS WebWeaver
http://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.html
CONFIRM:http://members.nbci.com/_XMCM/BSoutham/WebWeaver/WebWeaverHistory.html
CVE-2001-0454
Directory traversal vulnerability in SlimServe HTTPd 1.1a allows remote attackers to read arbitrary files via a ... (modified dot dot) in the HTTP request.
2001-05-24
2017-12-18
CVE-2001-0454
http://archives.neohapsis.com/archives/bugtraq/2001-02/0532.html
BUGTRAQ:20010303 SlimServe HTTPd ver. 1.1a Directory Traversal
https://exchange.xforce.ibmcloud.com/vulnerabilities/6186
XF:slimserve-httpd-directory-traversal(6186)
CVE-2001-0455
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.
2001-09-18
2004-09-02
CVE-2001-0455
http://www.cisco.com/warp/public/707/Aironet340-pub.shtml
CISCO:20010307 Access to the Cisco Aironet 340 Series Wireless Bridge via Web Interface
http://www.osvdb.org/5597
OSVDB:5597
https://exchange.xforce.ibmcloud.com/vulnerabilities/6200
XF:cisco-aironet-web-access(6200)
CVE-2001-0456
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
2001-09-18
2005-11-02
CVE-2001-0456
http://www.debian.org/security/2001/dsa-032
DEBIAN:DSA-032
https://exchange.xforce.ibmcloud.com/vulnerabilities/6208
XF:proftpd-postinst-root(6208)
CVE-2001-0457
man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).
2001-09-18
2004-09-02
CVE-2001-0457
http://www.debian.org/security/2001/dsa-035
DEBIAN:DSA-035
http://www.osvdb.org/5631
OSVDB:5631
https://exchange.xforce.ibmcloud.com/vulnerabilities/6211
XF:man2html-remote-dos(6211)
CVE-2001-0458
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
2001-05-24
2017-12-18
CVE-2001-0458
http://www.securityfocus.com/bid/2464
BID:2464
http://www.debian.org/security/2001/dsa-034
DEBIAN:DSA-034
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-027.php3
MANDRAKE:MDKSA-2001:027
http://www.novell.com/linux/security/advisories/2001_008_eperl.html
SUSE:SuSE-SA:2001:08
https://exchange.xforce.ibmcloud.com/vulnerabilities/6198
XF:linux-eperl-bo(6198)
CVE-2001-0459
Buffer overflows in ascdc Afterstep while running setuid allows local users to gain root privileges via a long (1) -d option, (2) -m option, or (3) -f option.
2001-05-24
2017-12-18
CVE-2001-0459
http://marc.info/?l=bugtraq&m=98408897106411&w=2
BUGTRAQ:20010308 ascdc Buffer Overflow Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6204
XF:ascdc-afterstep-bo(6204)
CVE-2001-0460
Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header.
2001-05-24
2017-12-18
CVE-2001-0460
http://www.securityfocus.com/archive/1/167406
BUGTRAQ:20010308 def-2001-10: Websweeper Infinite HTTP Request DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6214
XF:websweeper-http-dos(6214)
CVE-2001-0461
template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi.
2002-03-09
2002-02-26
CVE-2001-0461
http://archives.neohapsis.com/archives/bugtraq/2001-03/0109.html
BUGTRAQ:20010309 Cgisecurity.com advisory #4 The Free On-line Dictionary of Computing
http://wombat.doc.ic.ac.uk/foldoc/index.html
CONFIRM:http://wombat.doc.ic.ac.uk/foldoc/index.html
http://www.osvdb.org/5591
OSVDB:5591
https://exchange.xforce.ibmcloud.com/vulnerabilities/6217
XF:foldoc-cgi-execute-commands(6217)
CVE-2001-0462
Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
2001-09-18
2005-11-02
CVE-2001-0462
http://www.securityfocus.com/bid/2648
BID:2648
http://archives.neohapsis.com/archives/bugtraq/2001-04/0426.html
BUGTRAQ:20010424 Advisory for perl webserver
https://exchange.xforce.ibmcloud.com/vulnerabilities/6451
XF:perl-webserver-directory-traversal(6451)
CVE-2001-0463
Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter.
2002-03-09
2002-02-26
CVE-2001-0463
http://www.securityfocus.com/bid/2663
BID:2663
http://archives.neohapsis.com/archives/bugtraq/2001-04/0506.html
BUGTRAQ:20010427 PerlCal (CGI) show files vulnerability
http://www.perlcal.com/calendar/docs/bugs.txt
CONFIRM:http://www.perlcal.com/calendar/docs/bugs.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/6480
XF:perlcal-calmake-directory-traversal(6480)
CVE-2001-0464
Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.
2001-05-24
2016-10-17
CVE-2001-0464
http://www.securityfocus.com/bid/2628
BID:2628
http://marc.info/?l=bugtraq&m=98761402029302&w=2
BUGTRAQ:20010417 Cyberscheduler remote root compromise
CVE-2001-0465
TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information.
2001-09-18
2005-11-02
CVE-2001-0465
http://marc.info/?l=bugtraq&m=98653594732053&w=2
BUGTRAQ:20010405
http://www.turbotax.com/atr/update/
CONFIRM:http://www.turbotax.com/atr/update/
https://exchange.xforce.ibmcloud.com/vulnerabilities/6622
XF:turbotax-save-passwords(6622)
CVE-2001-0466
Directory traversal vulnerability in ustorekeeper 1.61 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
2001-05-24
2016-10-17
CVE-2001-0466
http://marc.info/?l=bugtraq&m=98633176230748&w=2
BUGTRAQ:20010403 new advisory
CVE-2001-0467
Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request.
2001-09-18
2005-11-02
CVE-2001-0467
http://www.securityfocus.com/bid/2643
BID:2643
http://www.securityfocus.com/archive/1/178935
BUGTRAQ:20010423 Vulnerability in Viking Web Server
http://www.robtex.com/files/viking/beta/chglog.txt
CONFIRM:http://www.robtex.com/files/viking/beta/chglog.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/6450
XF:viking-dot-directory-traversal(6450)
CVE-2001-0468
Buffer overflow in FTPFS allows local users to gain root privileges via a long user name.
2001-05-24
2017-12-18
CVE-2001-0468
http://archives.neohapsis.com/archives/bugtraq/2001-03/0163.html
BUGTRAQ:20010313 Buffer oveflow in FTPFS (linux kernel module)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6234
XF:ftpfs-bo(6234)
CVE-2001-0469
rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.
2001-09-18
2005-11-02
CVE-2001-0469
http://www.securityfocus.com/bid/2473
BID:2473
http://archives.neohapsis.com/archives/freebsd/2001-03/0163.html
FREEBSD:FreeBSD-SA-01:29
https://exchange.xforce.ibmcloud.com/vulnerabilities/6229
XF:rwhod-remote-dos(6229)
CVE-2001-0470
Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name.
2001-05-24
2017-12-18
CVE-2001-0470
http://archives.neohapsis.com/archives/bugtraq/2001-03/0160.html
BUGTRAQ:20010313 Solaris 5.8 snmpd Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2001-03/0181.html
BUGTRAQ:20010315 Re: Solaris 5.8 snmpd Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6239
XF:snmpd-argv-bo(6239)
CVE-2001-0471
SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not log repeated login attempts, which could allow remote attackers to compromise accounts without detection via a brute force attack.
2001-05-24
2003-05-08
CVE-2001-0471
http://www.securityfocus.com/bid/2345
BID:2345
http://www.securityfocus.com/archive/1/160648
BUGTRAQ:20010205 SSHD-1 Logging Vulnerability
CVE-2001-0472
Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request.
2001-05-24
2017-12-18
CVE-2001-0472
http://archives.neohapsis.com/archives/bugtraq/2001-03/0243.html
BUGTRAQ:20010320 def-2001-12: Hursley Software Laboratories Consumer Transaction Framework DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6250
XF:hslctf-http-dos(6250)
CVE-2001-0473
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
2001-09-18
2004-09-02
CVE-2001-0473
http://marc.info/?l=bugtraq&m=98473109630421&w=2
BUGTRAQ:20010315 Immunix OS Security update for mutt
http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html
BUGTRAQ:20010320 Trustix Security Advisory - mutt
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385
CONECTIVA:CLA-2001:385
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3
MANDRAKE:MDKSA-2001-031
http://www.osvdb.org/5615
OSVDB:5615
http://www.redhat.com/support/errata/RHSA-2001-029.html
REDHAT:RHSA-2001:029
https://exchange.xforce.ibmcloud.com/vulnerabilities/6235
XF:mutt-imap-format-string(6235)
CVE-2001-0474
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.
2001-09-18
2005-11-02
CVE-2001-0474
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-029.php3
MANDRAKE:MDKSA-2001:029
https://exchange.xforce.ibmcloud.com/vulnerabilities/6231
XF:mesa-utahglx-symlink(6231)
CVE-2001-0475
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.
2001-09-18
2005-11-02
CVE-2001-0475
http://www.securityfocus.com/bid/2474
BID:2474
http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html
BUGTRAQ:20010315 vBulletin allows arbitrary code execution
http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3&threadid=10839
CONFIRM:http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3&threadid=10839
https://exchange.xforce.ibmcloud.com/vulnerabilities/6237
XF:vbulletin-php-elevate-privileges(6237)
CVE-2001-0476
Multiple buffer overflows in s.cgi program in Aspseek search engine 1.03 and earlier allow remote attackers to execute arbitrary commands via (1) a long HTTP query string, or (2) a long tmpl parameter.
2001-05-24
2017-12-18
CVE-2001-0476
http://www.securityfocus.com/bid/2492
BID:2492
http://archives.neohapsis.com/archives/bugtraq/2001-03/0233.html
BUGTRAQ:20010318 Aspseek Buffer Overflow
http://www.aspseek.org/changes.html
CONFIRM:http://www.aspseek.org/changes.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6248
XF:aspseek-scgi-bo(6248)
CVE-2001-0477
Vulnerability in WebCalendar 0.9.26 allows remote command execution.
2001-05-24
2001-11-28
CVE-2001-0477
http://www.securityfocus.com/bid/2639
BID:2639
http://archives.neohapsis.com/archives/bugtraq/2001-04/0392.html
BUGTRAQ:20010423 (SRPRE00004) WebCalendar 0.9.26
CVE-2001-0478
Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
2001-05-24
2002-01-18
CVE-2001-0478
http://www.securityfocus.com/bid/2642
BID:2642
http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html
BUGTRAQ:20010423 (SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1
CVE-2001-0479
Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier versions allows remote attackers to execute arbitrary code via a .. (dot dot) in an argument to the sql.php script.
2001-05-24
2003-05-08
CVE-2001-0479
http://www.securityfocus.com/bid/2640
BID:2640
http://archives.neohapsis.com/archives/bugtraq/2001-04/0396.html
BUGTRAQ:20010423 (SRPRE00001) phpMyAdmin 2.1.0 and phpPgAdmin 2.2.1
http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13
CONFIRM:http://www.greatbridge.org/project/phppgadmin/cvs/checkout.php/phpPgAdmin/ChangeLog?r=1.13
CVE-2001-0480
Directory traversal vulnerability in Alex's FTP Server 0.7 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the (1) GET or (2) CD commands.
2001-05-24
2003-05-08
CVE-2001-0480
http://www.securityfocus.com/bid/2668
BID:2668
http://archives.neohapsis.com/archives/bugtraq/2001-04/0523.html
BUGTRAQ:20010428 Vulnerabilities in Alex's FTP Server
CVE-2001-0481
Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.
2001-09-18
2004-09-02
CVE-2001-0481
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-043.php3
MANDRAKE:MDKSA-2001:043
http://www.osvdb.org/5612
OSVDB:5612
https://exchange.xforce.ibmcloud.com/vulnerabilities/6494
XF:linux-rpmdrake-temp-file(6494)
CVE-2001-0482
Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl.
2001-09-18
2005-11-02
CVE-2001-0482
http://archives.neohapsis.com/archives/bugtraq/2001-03/0475.html
BUGTRAQ:20010330 Serious Pitbull LX Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6623
XF:pitbull-lx-modify-kernel(6623)
CVE-2001-0483
Configuration error in Axent Raptor Firewall 6.5 allows remote attackers to use the firewall as a proxy to access internal web resources when the http.noproxy Rule is not set.
2001-05-24
2003-05-08
CVE-2001-0483
http://www.securityfocus.com/bid/2517
BID:2517
http://archives.neohapsis.com/archives/bugtraq/2001-03/0359.html
BUGTRAQ:20010324 Raptor 6.5 http vulnerability
http://www.securityfocus.com/archive/1/171953
BUGTRAQ:20010327 RE: Raptor 6.5 http vulnerability
CVE-2001-0484
Tektronix PhaserLink 850 does not require authentication for access to configuration pages such as _ncl_subjects.shtml and _ncl_items.shtml, which allows remote attackers to modify configuration information and cause a denial of service by accessing the pages.
2001-05-24
2017-12-18
CVE-2001-0484
http://archives.neohapsis.com/archives/bugtraq/2001-04/0482.html
BUGTRAQ:20010425 Tektronix (Xerox) PhaserLink 850 Webserver Vulnerability (NEW)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6482
XF:tektronix-phaserlink-webserver-backdoor(6482)
CVE-2001-0485
Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option.
2004-09-01
2004-07-22
CVE-2001-0485
http://www.securityfocus.com/bid/2656
BID:2656
http://archives.neohapsis.com/archives/bugtraq/2001-04/0475.html
BUGTRAQ:20010426 IRIX /usr/lib/print/netprint local root symbols exploit.
http://archives.neohapsis.com/archives/bugtraq/2001-04/0502.html
BUGTRAQ:20010427 Re: IRIX /usr/lib/print/netprint local root symbols exploit.
http://www.osvdb.org/8571
OSVDB:8571
ftp://patches.sgi.com/support/free/security/advisories/20010701-01-P
SGI:20010701-01-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/6473
XF:irix-netprint-shared-library(6473)
CVE-2001-0486
Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353.
2001-09-18
2005-11-02
CVE-2001-0486
http://www.securityfocus.com/bid/2623
BID:2623
http://marc.info/?l=bugtraq&m=98779821207867&w=2
BUGTRAQ:20010420 Novell BorderManager 3.5 VPN Denial of Service
http://marc.info/?l=bugtraq&m=98865027328391&w=2
BUGTRAQ:20010429 Proof of concept DoS against novell border manager enterprise
http://archives.neohapsis.com/archives/bugtraq/2001-05/0000.html
BUGTRAQ:20010501 Re: Proof of concept DoS against novell border manager enterprise edition 3.5
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2959062.htm
CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2959062.htm
http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0020.html
VULN-DEV:20010402 (no subject)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6429
XF:bordermanager-vpn-syn-dos(6429)
CVE-2001-0487
AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection.
2002-03-09
2002-02-26
CVE-2001-0487
http://www-1.ibm.com/support/search.wss?rs=0&q=IY17630&apar=only
AIXAPAR:IY17630
http://www.osvdb.org/5611
OSVDB:5611
http://www.iss.net/security_center/static/6996.php
XF:aix-snmpd-rst-dos(6996)
CVE-2001-0488
pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.
2001-09-18
2004-09-02
CVE-2001-0488
http://www.securityfocus.com/bid/2646
BID:2646
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0104-149
HP:HPSBUX0104-149
http://www.osvdb.org/2188
OSVDB:2188
https://exchange.xforce.ibmcloud.com/vulnerabilities/6447
XF:hp-pcltotiff-insecure-permissions(6447)
CVE-2001-0489
Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands.
2001-09-18
2004-09-02
CVE-2001-0489
http://www.securityfocus.com/bid/2657
BID:2657
http://www.debian.org/security/2001/dsa-057
DEBIAN:DSA-057
MANDRAKE:MDKSA-2001-044
http://www.osvdb.org/1805
OSVDB:1805
http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0043.html
REDHAT:RHSA-2001:053
http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0231.html
VULN-DEV:20010417 gftp exploitable?
https://exchange.xforce.ibmcloud.com/vulnerabilities/6478
XF:gftp-format-string(6478)
CVE-2001-0490
Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.
2001-05-24
2003-05-08
CVE-2001-0490
http://archives.neohapsis.com/archives/bugtraq/2001-04/0518.html
BUGTRAQ:20010429 Winamp 2.6x / 2.7x buffer overflow
CVE-2001-0491
Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST.
2001-05-24
2017-12-18
CVE-2001-0491
http://archives.neohapsis.com/archives/bugtraq/2001-04/0465.html
BUGTRAQ:20010425 Vulnerabilities in RaidenFTPD Server
https://exchange.xforce.ibmcloud.com/vulnerabilities/6455
XF:raidenftpd-dot-directory-traversal(6455)
CVE-2001-0492
Netcruiser Web server version 0.1.2.8 and earlier allows remote attackers to determine the physical path of the server via a URL containing (1) con, (2) com2, or (3) com3.
2001-05-24
2017-12-18
CVE-2001-0492
http://www.securityfocus.com/bid/2650
BID:2650
http://archives.neohapsis.com/archives/bugtraq/2001-04/0427.html
BUGTRAQ:20010424 Advisory for Netcruiser
https://exchange.xforce.ibmcloud.com/vulnerabilities/6468
XF:netcruiser-server-path-disclosure(6468)
CVE-2001-0493
Small HTTP server 2.03 allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name such as aux.
2002-03-09
2002-02-26
CVE-2001-0493
http://www.securityfocus.com/bid/2649
BID:2649
http://archives.neohapsis.com/archives/bugtraq/2001-04/0428.html
BUGTRAQ:20010424 Advisory for Small HTTP Server
http://home.lanck.net/mf/srv/index.htm
CONFIRM:http://home.lanck.net/mf/srv/index.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/6446
XF:small-http-aux-dos(6446)
CVE-2001-0494
Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header.
2001-09-18
2004-09-02
CVE-2001-0494
http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html
BUGTRAQ:20010424 IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability
http://ipswitch.com/Support/IMail/news.html
CONFIRM:http://ipswitch.com/Support/IMail/news.html
http://www.osvdb.org/5610
OSVDB:5610
https://exchange.xforce.ibmcloud.com/vulnerabilities/6445
XF:ipswitch-imail-smtp-bo(6445)
CVE-2001-0495
Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. (dot dot) attack.
2001-09-18
2004-09-02
CVE-2001-0495
http://www.securityfocus.com/bid/2660
BID:2660
http://archives.neohapsis.com/archives/bugtraq/2001-04/0490.html
BUGTRAQ:20010426 Vulnerability in WebXQ Server
http://www.osvdb.org/1799
OSVDB:1799
https://exchange.xforce.ibmcloud.com/vulnerabilities/6466
XF:webxq-dot-directory-traversal(6466)
CVE-2001-0496
kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.
2001-05-24
2017-12-18
CVE-2001-0496
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-046.php3
MANDRAKE:MDKSA-2001:046
http://www.redhat.com/support/errata/RHSA-2001-059.html
REDHAT:RHSA-2001:059
https://exchange.xforce.ibmcloud.com/vulnerabilities/6856
XF:kdelibs-kdesu-insecure-tmpfile(6856)
CVE-2001-0497
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
2002-03-09
2002-02-26
CVE-2001-0497
http://xforce.iss.net/alerts/advise78.php
ISS:20010611 BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys
http://www.osvdb.org/5609
OSVDB:5609
https://exchange.xforce.ibmcloud.com/vulnerabilities/6694
XF:bind-local-key-exposure(6694)
CVE-2001-0498
Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension.
2001-07-27
2002-04-18
CVE-2001-0498
http://www.nai.com/research/covert/advisories/049.asp
NAI:20010627 Oracle 8i SQLNet Header Vulnerability
CVE-2001-0499
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
2001-07-27
2017-07-10
CVE-2001-0499
http://www.securityfocus.com/bid/2941
BID:2941
http://www.cert.org/advisories/CA-2001-16.html
CERT:CA-2001-16
http://www.kb.cert.org/vuls/id/620495
CERT-VN:VU#620495
http://www.nai.com/research/covert/advisories/050.asp
NAI:20010627 Vulnerability in Oracle 8i TNS Listener
https://exchange.xforce.ibmcloud.com/vulnerabilities/6758
XF:oracle-tns-listener-bo(6758)
CVE-2001-0500
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
2002-03-09
2002-02-22
CVE-2001-0500
http://www.securityfocus.com/bid/2880
BID:2880
http://www.securityfocus.com/archive/1/191873
BUGTRAQ:20010618 All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)
http://www.cert.org/advisories/CA-2001-13.html
CERT:CA-2001-13
http://www.ciac.org/ciac/bulletins/l-098.shtml
CIAC:L-098
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-033
MS:MS01-033
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A197
OVAL:oval:org.mitre.oval:def:197
http://www.iss.net/security_center/static/6705.php
XF:iis-isapi-idq-bo(6705)
CVE-2001-0501
Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
2002-03-09
2002-02-26
CVE-2001-0501
http://www.securityfocus.com/bid/2876
BID:2876
http://marc.info/?l=bugtraq&m=99325144322224&w=2
BUGTRAQ:20010622 Fwd: Microsoft Word macro vulnerability advisory MS01-034
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-034
MS:MS01-034
https://exchange.xforce.ibmcloud.com/vulnerabilities/6732
XF:msword-macro-bypass-security(6732)
CVE-2001-0502
Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.
2002-03-09
2002-02-26
CVE-2001-0502
http://www.securityfocus.com/bid/2929
BID:2929
http://www.ciac.org/ciac/bulletins/l-101.shtml
CIAC:L-101
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-036
MS:MS01-036
https://exchange.xforce.ibmcloud.com/vulnerabilities/6745
XF:win2k-ldap-change-passwords(6745)
CVE-2001-0503
Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability.
2002-03-09
2002-02-26
CVE-2001-0503
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-077
MS:MS00-077
http://www.osvdb.org/5608
OSVDB:5608
http://www.iss.net/security_center/static/5368.php
XF:netmeeting-desktop-sharing-dos(5368)
CVE-2001-0504
Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying.
2002-03-09
2016-09-15
CVE-2001-0504
http://www.securityfocus.com/bid/2988
BID:2988
http://www.kb.cert.org/vuls/id/435963
CERT-VN:VU#435963
http://www.ciac.org/ciac/bulletins/l-107.shtml
CIAC:L-107
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-037
MS:MS01-037
https://exchange.xforce.ibmcloud.com/vulnerabilities/6803
XF:win2k-smtp-mail-relay(6803)
CVE-2001-0505
Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
2001-10-12
2018-10-12
CVE-2001-0505
http://www.securityfocus.com/bid/3089
BID:3089
http://www.kb.cert.org/vuls/id/581603
CERT-VN:VU#581603
http://www.kb.cert.org/vuls/id/994851
CERT-VN:VU#994851
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-039
MS:MS01-039
MSKB:Q294380
MSKB:Q301514
https://exchange.xforce.ibmcloud.com/vulnerabilities/6882
XF:sfu-nfs-dos(6882)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6883
XF:sfu-telnet-dos(6883)
CVE-2001-0506
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.
2002-03-09
2002-02-22
CVE-2001-0506
http://www.securityfocus.com/bid/3190
BID:3190
http://marc.info/?l=bugtraq&m=99802093532233&w=2
BUGTRAQ:20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability
http://online.securityfocus.com/archive/1/242541
BUGTRAQ:20011127 IIS Server Side Include Buffer overflow exploit code
http://www.ciac.org/ciac/bulletins/l-132.shtml
CIAC:L-132
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044
MS:MS01-044
https://exchange.xforce.ibmcloud.com/vulnerabilities/6984
XF:iis-ssi-directive-bo(6984)
CVE-2001-0507
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.
2002-03-09
2002-02-22
CVE-2001-0507
http://online.securityfocus.com/archive/1/205069
BUGTRAQ:20010816 ENTERCEPT SECURITY ALERT: Privilege Escalation Vulnerability in Microsoft IIS
http://www.ciac.org/ciac/bulletins/l-132.shtml
CIAC:L-132
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044
MS:MS01-044
http://www.osvdb.org/5607
OSVDB:5607
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A909
OVAL:oval:org.mitre.oval:def:909
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A912
OVAL:oval:org.mitre.oval:def:912
https://exchange.xforce.ibmcloud.com/vulnerabilities/6985
XF:iis-relative-path-privilege-elevation(6985)
CVE-2001-0508
Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.
2002-06-25
2002-06-15
CVE-2001-0508
http://www.securityfocus.com/bid/2690
BID:2690
http://online.securityfocus.com/archive/1/182579
BUGTRAQ:20010506 IIS 5.0 PROPFIND DOS #2
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044
MS:MS01-044
http://www.osvdb.org/5606
OSVDB:5606
http://www.osvdb.org/5633
OSVDB:5633
http://www.iss.net/security_center/static/6982.php
XF:iis-webdav-long-request-dos(6982)
CVE-2001-0509
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
2001-08-29
2018-10-12
CVE-2001-0509
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-041
MS:MS01-041
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A82
OVAL:oval:org.mitre.oval:def:82
CVE-2001-0513
Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.
2002-03-09
2002-02-26
CVE-2001-0513
http://www.kb.cert.org/vuls/id/105259
CERT-VN:VU#105259
http://xforce.iss.net/alerts/advise81.php
ISS:20010619 Oracle Redirect Denial of Service
http://www.osvdb.org/5600
OSVDB:5600
https://exchange.xforce.ibmcloud.com/vulnerabilities/6717
XF:oracle-listener-redirect-dos(6717)
CVE-2001-0514
SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network.
2002-03-09
2002-02-26
CVE-2001-0514
http://www.securityfocus.com/bid/2896
BID:2896
http://xforce.iss.net/alerts/advise83.php
ISS:20010620 Multiple Vendor 802.11b Access Point SNMP authentication flaw
https://exchange.xforce.ibmcloud.com/vulnerabilities/6576
XF:atmel-vnetb-ap-snmp-security(6576)
CVE-2001-0515
Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.
2001-07-27
2002-02-26
CVE-2001-0515
http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf
http://xforce.iss.net/alerts/advise82.php
ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities
CVE-2001-0516
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.
2001-07-27
2002-02-26
CVE-2001-0516
http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf
http://xforce.iss.net/alerts/advise82.php
ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities
CVE-2001-0517
Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0.
2002-03-09
2002-02-26
CVE-2001-0517
http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf
http://xforce.iss.net/alerts/advise82.php
ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities
http://www.osvdb.org/5590
OSVDB:5590
https://exchange.xforce.ibmcloud.com/vulnerabilities/6715
XF:oracle-listener-data-transport-dos(6715)
CVE-2001-0518
Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang.
2002-03-09
2002-02-26
CVE-2001-0518
http://otn.oracle.com/deploy/security/alerts.htm
CONFIRM:http://otn.oracle.com/deploy/security/alerts.htm
http://xforce.iss.net/alerts/advise82.php
ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/6716
XF:oracle-listener-fragmentation-dos(6716)
CVE-2001-0519
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags.
2001-07-27
2017-12-18
CVE-2001-0519
http://archives.neohapsis.com/archives/bugtraq/2001-05/0282.html
BUGTRAQ:20010529 Aladdin eSafe Gateway Filter Bypass - Updated Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/6580
XF:esafe-gateway-bypass-filtering(6580)
CVE-2001-0520
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.
2001-07-27
2017-12-18
CVE-2001-0520
http://archives.neohapsis.com/archives/bugtraq/2001-05/0284.html
BUGTRAQ:20010529 Aladdin eSafe Gateway Script-filtering Bypass through HTML tags
https://exchange.xforce.ibmcloud.com/vulnerabilities/6580
XF:esafe-gateway-bypass-filtering(6580)
CVE-2001-0521
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document.
2001-07-27
2017-12-18
CVE-2001-0521
http://archives.neohapsis.com/archives/bugtraq/2001-05/0285.html
BUGTRAQ:20010529 Aladdin eSafe Gateway Script-filtering Bypass through Unicode Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6580
XF:esafe-gateway-bypass-filtering(6580)
CVE-2001-0522
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
2002-03-09
2002-02-22
CVE-2001-0522
http://www.securityfocus.com/bid/2797
BID:2797
BUGTRAQ:20010529 [synnergy] - GnuPG remote format string vulnerability
http://online.securityfocus.com/archive/1/188218
BUGTRAQ:20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)
http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt
CALDERA:CSSA-2001-020.0
http://www.kb.cert.org/vuls/id/403051
CERT-VN:VU#403051
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000399
CONECTIVA:CLA-2001:399
http://www.gnupg.org/whatsnew.html#rn20010529
CONFIRM:http://www.gnupg.org/whatsnew.html#rn20010529
http://www.debian.org/security/2001/dsa-061
DEBIAN:DSA-061
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01
IMMUNIX:IMNX-2001-70-023-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3
MANDRAKE:MDKSA-2001:053
http://www.osvdb.org/1845
OSVDB:1845
http://www.redhat.com/support/errata/RHSA-2001-073.html
REDHAT:RHSA-2001:073
http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html
SUSE:SuSE-SA:2001:020
http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html
TURBO:TLSA2001028
https://exchange.xforce.ibmcloud.com/vulnerabilities/6642
XF:gnupg-tty-format-string(6642)
CVE-2001-0523
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.
2001-07-27
2017-12-18
CVE-2001-0523
http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html
BUGTRAQ:20010518 ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS
http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html
BUGTRAQ:20010519 RE: ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6563
XF:eeye-secureiis-bypass-detection(6563)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6564
XF:eeye-secureiis-directory-traversal(6564)
CVE-2001-0524
eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.
2001-07-27
2017-12-18
CVE-2001-0524
http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html
BUGTRAQ:20010518 ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS
http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html
BUGTRAQ:20010519 RE: ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6574
XF:eeye-secureiis-http-header-bo(6574)
CVE-2001-0525
Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain privileges via a long first command line argument.
2002-03-09
2002-02-26
CVE-2001-0525
http://www.securityfocus.com/bid/2749
BID:2749
http://archives.neohapsis.com/archives/bugtraq/2001-05/0195.html
BUGTRAQ:20010519 Re: dqs 3.2.7 local root exploit.
http://archives.neohapsis.com/archives/bugtraq/2001-05/0193.html
BUGTRAQ:20010519 dqs 3.2.7 local root exploit.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6577
XF:dqs-dsh-bo(6577)
CVE-2001-0526
Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable.
2002-03-09
2002-02-25
CVE-2001-0526
http://archives.neohapsis.com/archives/bugtraq/2001-05/0258.html
BUGTRAQ:20010528 [synnergy] - Solaris mailtool(1) buffer overflow vulnerability
SUNBUG:4458476
https://exchange.xforce.ibmcloud.com/vulnerabilities/6626
XF:solaris-mailtool-openwinhome-bo(6626)
CVE-2001-0527
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
2002-03-09
2002-02-26
CVE-2001-0527
http://www.securityfocus.com/bid/2728
BID:2728
http://archives.neohapsis.com/archives/bugtraq/2001-05/0122.html
BUGTRAQ:20010515 DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)
http://www.dcscripts.com/dcforum/dcfNews/167.html
CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/167.html
http://www.osvdb.org/480
OSVDB:480
https://exchange.xforce.ibmcloud.com/vulnerabilities/6538
XF:dcforum-cgi-admin-access(6538)
CVE-2001-0528
Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges.
2002-03-09
2002-03-01
CVE-2001-0528
http://www.securityfocus.com/bid/2694
BID:2694
http://archives.neohapsis.com/archives/bugtraq/2001-05/0044.html
BUGTRAQ:20010507 Oracle's ADI 7.1.1.10.1 Major security hole
http://archives.neohapsis.com/archives/bugtraq/2001-05/0223.html
BUGTRAQ:20010522 Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator
https://exchange.xforce.ibmcloud.com/vulnerabilities/6501
XF:oracle-adi-plaintext-passwords(6501)
CVE-2001-0529
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
2002-03-09
2002-02-26
CVE-2001-0529
http://www.securityfocus.com/bid/2825
BID:2825
http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html
BUGTRAQ:20010604 Re: SSH allows deletion of other users files...
http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html
BUGTRAQ:20010604 SSH allows deletion of other users files...
http://online.securityfocus.com/archive/1/188737
BUGTRAQ:20010605 OpenSSH_2.5.2p2 RH7.0 <- version info
http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt
CALDERA:CSSA-2001-023.0
http://www.kb.cert.org/vuls/id/655259
CERT-VN:VU#655259
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431
CONECTIVA:CLA-2001:431
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01
IMMUNIX:IMNX-2001-70-034-01
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc
NETBSD:NetBSD-SA2001-010
http://www.openbsd.org/errata29.html
OPENBSD:20010612
http://www.osvdb.org/1853
OSVDB:1853
https://exchange.xforce.ibmcloud.com/vulnerabilities/6676
XF:openssh-symlink-file-deletion(6676)
CVE-2001-0530
Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters.
2002-03-09
2002-02-26
CVE-2001-0530
http://www.securityfocus.com/bid/2798
BID:2798
http://archives.neohapsis.com/archives/bugtraq/2001-05/0256.html
BUGTRAQ:20010528 Vulnerability discovered in SpearHead NetGap
http://archives.neohapsis.com/archives/bugtraq/2001-06/0047.html
BUGTRAQ:20010607 SpearHead Security NetGAP
https://exchange.xforce.ibmcloud.com/vulnerabilities/6625
XF:netgap-unicode-bypass-filter(6625)
CVE-2001-0531
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0531
CVE-2001-0532
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0532
CVE-2001-0533
Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable.
2002-03-09
2002-02-26
CVE-2001-0533
http://www.ciac.org/ciac/bulletins/l-123.shtml
CIAC:L-123
http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/85256A3400529A8685256A8D00804A37/$file/oar271.txt
IBM:MSS-OAR-E01-2001:271.1
http://www.osvdb.org/5585
OSVDB:5585
https://exchange.xforce.ibmcloud.com/vulnerabilities/6863
XF:aix-libi18n-lang-bo(6863)
CVE-2001-0534
Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands.
2001-07-27
2008-03-03
CVE-2001-0534
http://www.securityfocus.com/bid/2989
BID:2989
http://www.kb.cert.org/vuls/id/898931
CERT-VN:VU#898931
http://xforce.iss.net/alerts/alerts.php
ISS:20010705 Remote Buffer Overflow in Multiple RADIUS Implementations
CVE-2001-0535
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.
2001-10-12
2002-04-12
CVE-2001-0535
http://www.allaire.com/Handlers/index.cfm?ID=21700
ALLAIRE:MPSB01-08
http://xforce.iss.net/alerts/advise92.php
ISS:20010807 Remote Vulnerabilities in Macromedia ColdFusion Example Applications
CVE-2001-0537
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
2002-03-09
2009-03-01
CVE-2001-0537
http://www.securityfocus.com/bid/2936
BID:2936
http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com
BUGTRAQ:20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability
http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org
BUGTRAQ:20010702 Cisco IOS HTTP Configuration Exploit
http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu
BUGTRAQ:20010702 Cisco device HTTP exploit...
http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com
BUGTRAQ:20010702 ios-http-auth.sh
http://www.cert.org/advisories/CA-2001-14.html
CERT:CA-2001-14
http://www.ciac.org/ciac/bulletins/l-106.shtml
CIAC:L-106
http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
CISCO:20010627 IOS HTTP authorization vulnerability
http://www.osvdb.org/578
OSVDB:578
https://exchange.xforce.ibmcloud.com/vulnerabilities/6749
XF:cisco-ios-admin-access(6749)
CVE-2001-0538
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
2002-03-09
2002-02-26
CVE-2001-0538
http://www.securityfocus.com/bid/3025
BID:3025
http://marc.info/?l=bugtraq&m=99496431214078&w=2
BUGTRAQ:20010712 MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are
http://www.kb.cert.org/vuls/id/131569
CERT-VN:VU#131569
http://www.ciac.org/ciac/bulletins/l-113.shtml
CIAC:L-113
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-038
MS:MS01-038
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=862
NTBUGTRAQ:20010712 Vulnerability in IE/Outlook ActiveX control
https://exchange.xforce.ibmcloud.com/vulnerabilities/6831
XF:outlook-activex-view-control(6831)
CVE-2001-0539
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0539
CVE-2001-0540
Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389.
2002-03-09
2002-03-05
CVE-2001-0540
http://www.securityfocus.com/bid/3099
BID:3099
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-040
MS:MS01-040
https://exchange.xforce.ibmcloud.com/vulnerabilities/6912
XF:win-terminal-rdp-dos(6912)
CVE-2001-0541
Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file.
2002-03-09
2002-02-22
CVE-2001-0541
http://www.securityfocus.com/bid/3105
BID:3105
http://www.securityfocus.com/archive/1/187001
BUGTRAQ:20010527 Microsoft Windows Media Player Buffer Overflow Vulnerability
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-042
MS:MS01-042
https://exchange.xforce.ibmcloud.com/vulnerabilities/6907
XF:mediaplayer-nsc-bo(6907)
CVE-2001-0542
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
2002-02-18
2018-10-12
CVE-2001-0542
http://www.atstake.com/research/advisories/2001/a122001-1.txt
ATSTAKE:A122001-1
http://www.securityfocus.com/bid/3733
BID:3733
http://marc.info/?l=bugtraq&m=100891252317406&w=2
BUGTRAQ:20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server
http://www.kb.cert.org/vuls/id/700575
CERT-VN:VU#700575
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060
MS:MS01-060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A83
OVAL:oval:org.mitre.oval:def:83
https://exchange.xforce.ibmcloud.com/vulnerabilities/7724
XF:mssql-text-message-bo(7724)
CVE-2001-0543
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.
2002-03-09
2002-02-22
CVE-2001-0543
http://www.securityfocus.com/bid/3183
BID:3183
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-043
MS:MS01-043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A334
OVAL:oval:org.mitre.oval:def:334
https://exchange.xforce.ibmcloud.com/vulnerabilities/6977
XF:win-nntp-dos(6977)
CVE-2001-0544
IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.
2002-03-09
2002-02-26
CVE-2001-0544
http://www.securityfocus.com/bid/3195
BID:3195
http://www.ciac.org/ciac/bulletins/l-132.shtml
CIAC:L-132
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044
MS:MS01-044
https://exchange.xforce.ibmcloud.com/vulnerabilities/6983
XF:iis-invalid-mime-header-dos(6983)
CVE-2001-0545
IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length.
2002-03-09
2002-02-26
CVE-2001-0545
http://www.ciac.org/ciac/bulletins/l-132.shtml
CIAC:L-132
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044
MS:MS01-044
http://www.osvdb.org/5736
OSVDB:5736
https://exchange.xforce.ibmcloud.com/vulnerabilities/6981
XF:iis-url-redirection-dos(6981)
CVE-2001-0546
Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
2002-03-09
2002-02-22
CVE-2001-0546
http://www.securityfocus.com/bid/3196
BID:3196
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-045
MS:MS01-045
https://exchange.xforce.ibmcloud.com/vulnerabilities/6989
XF:isa-h323-gatekeeper-dos(6989)
CVE-2001-0547
Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
2002-03-09
2002-02-22
CVE-2001-0547
http://www.securityfocus.com/bid/3197
BID:3197
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-045
MS:MS01-045
https://exchange.xforce.ibmcloud.com/vulnerabilities/6990
XF:isa-proxy-memory-leak-dos(6990)
CVE-2001-0548
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.
2004-09-01
2002-02-22
CVE-2001-0548
http://www.securityfocus.com/bid/3081
BID:3081
http://marc.info/?l=bugtraq&m=99598918914068&w=2
BUGTRAQ:20010724 NSFOCUS SA2001-04 : Solaris dtmail Buffer Overflow Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6879
XF:solaris-dtmail-bo(6879)
CVE-2001-0549
Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords.
2002-03-09
2002-02-26
CVE-2001-0549
http://www.kb.cert.org/vuls/id/814187
CERT-VN:VU#814187
http://www.sarc.com/avcenter/security/Content/2001_07_20.html
CONFIRM:http://www.sarc.com/avcenter/security/Content/2001_07_20.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7013
XF:liveupdate-obtain-proxy-password(7013)
CVE-2001-0550
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
2002-06-25
2002-06-15
CVE-2001-0550
http://www.securityfocus.com/bid/3581
BID:3581
http://marc.info/?l=bugtraq&m=100700363414799&w=2
BUGTRAQ:20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability
http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt
CALDERA:CSSA-2001-041.0
CALDERA:CSSA-2001-SCO.36
CALDERA:CSSA-2002-SCO.1
http://www.cert.org/advisories/CA-2001-33.html
CERT:CA-2001-33
http://www.kb.cert.org/vuls/id/886083
CERT-VN:VU#886083
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000442
CONECTIVA:CLA-2001:442
http://www.debian.org/security/2001/dsa-087
DEBIAN:DSA-087
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162
HP:HPSBUX0107-162
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01
IMMUNIX:IMNX-2001-70-036-01
ISS:20011129 WU-FTPD Heap Corruption Vulnerability
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3
MANDRAKE:MDKSA-2001:090
http://www.redhat.com/support/errata/RHSA-2001-157.html
REDHAT:RHSA-2001:157
http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html
SUSE:SuSE-SA:2001:043
http://www.securityfocus.com/archive/82/180823
VULN-DEV:20010430 some ftpd implementations mishandle CWD ~{
https://exchange.xforce.ibmcloud.com/vulnerabilities/7611
XF:wuftp-glob-heap-corruption(7611)
CVE-2001-0551
Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window.
2002-02-18
2017-10-18
CVE-2001-0551
AIXAPAR:IY20917
AIXAPAR:IY21539
http://www.kb.cert.org/vuls/id/860296
CERT-VN:VU#860296
http://archives.neohapsis.com/archives/hp/2001-q2/0044.html
HP:HPSBUX0105-151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5958
OVAL:oval:org.mitre.oval:def:5958
CVE-2001-0552
ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message.
2001-08-29
2016-10-17
CVE-2001-0552
http://www.securityfocus.com/bid/2845
BID:2845
http://marc.info/?l=bugtraq&m=99201278704545&w=2
BUGTRAQ:20010608 HP Openview NNM6.1 ovactiond bin exploit
http://www.cert.org/advisories/CA-2001-24.html
CERT:CA-2001-24
http://www.kb.cert.org/vuls/id/952171
CERT-VN:VU#952171
HP:HPSBUX0106-154
CVE-2001-0553
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.
2002-06-25
2002-06-15
CVE-2001-0553
http://www.securityfocus.com/bid/3078
BID:3078
http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html
BUGTRAQ:20010720 URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
http://www.kb.cert.org/vuls/id/737451
CERT-VN:VU#737451
http://www.ciac.org/ciac/bulletins/l-121.shtml
CIAC:L-121
http://www.ssh.com/products/ssh/exploit.cfm
CONFIRM:http://www.ssh.com/products/ssh/exploit.cfm
http://www.osvdb.org/586
OSVDB:586
https://exchange.xforce.ibmcloud.com/vulnerabilities/6868
XF:ssh-password-length-unauth-access(6868)
CVE-2001-0554
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
2002-03-09
2009-03-01
CVE-2001-0554
http://www.securityfocus.com/bid/3064
BID:3064
http://www.securityfocus.com/archive/1/197804
BUGTRAQ:20010718 multiple vendor telnet daemon vulnerability
http://online.securityfocus.com/archive/1/199541
BUGTRAQ:20010725 SCO - Telnetd AYT overflow ?
http://online.securityfocus.com/archive/1/199496
BUGTRAQ:20010725 Telnetd AYT overflow scanner
http://online.securityfocus.com/archive/1/203000
BUGTRAQ:20010810 ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow
http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt
CALDERA:CSSA-2001-030.0
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt
CALDERA:CSSA-2001-SCO.10
http://www.cert.org/advisories/CA-2001-21.html
CERT:CA-2001-21
http://www.ciac.org/ciac/bulletins/l-131.shtml
CIAC:L-131
http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml
CISCO:20020129 Cisco CatOS Telnet Buffer Vulnerability
http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml
COMPAQ:SSRT0745U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000413
CONECTIVA:CLA-2001:413
http://www.debian.org/security/2001/dsa-070
DEBIAN:DSA-070
http://www.debian.org/security/2001/dsa-075
DEBIAN:DSA-075
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc
FREEBSD:FreeBSD-SA-01:49
http://archives.neohapsis.com/archives/hp/2001-q4/0014.html
HP:HPSBUX0110-172
http://online.securityfocus.com/advisories/3476
IBM:MSS-OAR-E01-2001:298
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3
MANDRAKE:MDKSA-2001:068
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc
NETBSD:NetBSD-SA2001-012
http://www.osvdb.org/809
OSVDB:809
http://www.redhat.com/support/errata/RHSA-2001-099.html
REDHAT:RHSA-2001:099
http://www.redhat.com/support/errata/RHSA-2001-100.html
REDHAT:RHSA-2001:100
ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P
SGI:20010801-01-P
http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html
SUSE:SuSE-SA:2001:029
https://exchange.xforce.ibmcloud.com/vulnerabilities/6875
XF:telnetd-option-telrcv-bo(6875)
CVE-2001-0555
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
2001-07-27
2017-07-10
CVE-2001-0555
http://www.securityfocus.com/bid/2869
BID:2869
http://archives.neohapsis.com/archives/bugtraq/2001-06/0165.html
BUGTRAQ:20010613 ScreamingMedia SITEWare arbitrary file retrieval vulnerability
http://archives.neohapsis.com/archives/bugtraq/2001-06/0166.html
BUGTRAQ:20010613 ScreamingMedia SITEWare source code disclosure vulnerability
http://www.kb.cert.org/vuls/id/795707
CERT-VN:VU#795707
http://www01.screamingmedia.com/en/security/sms1001.php
CONFIRM:http://www01.screamingmedia.com/en/security/sms1001.php
http://www.osvdb.org/13887
OSVDB:13887
https://exchange.xforce.ibmcloud.com/vulnerabilities/6689
XF:siteware-dot-file-retrieval(6689)
CVE-2001-0556
The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.
2001-07-27
2002-02-02
CVE-2001-0556
http://www.securityfocus.com/bid/2667
BID:2667
http://www.securityfocus.com/archive/1/180237
BUGTRAQ:20010428 More nedit problems ? (was Re: PROGENY-SA-2001-10...)
http://www.nedit.org/archives/develop/2001-Feb/0391.html
CONFIRM:http://www.nedit.org/archives/develop/2001-Feb/0391.html
http://www.debian.org/security/2001/dsa-053
DEBIAN:DSA-053
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-042.php3
MANDRAKE:MDKSA-2001:042
http://www.redhat.com/support/errata/RHSA-2001-061.html
REDHAT:RHSA-2001:061
http://www.novell.com/linux/security/advisories/2001_014_nedit.html
SUSE:SuSE-SA:2001:14
CVE-2001-0557
T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e).
2001-07-27
2017-12-18
CVE-2001-0557
http://www.securityfocus.com/bid/2703
BID:2703
http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html
BUGTRAQ:20010507 Advisory for Jana server
http://www.kb.cert.org/vuls/id/132099
CERT-VN:VU#132099
https://exchange.xforce.ibmcloud.com/vulnerabilities/6513
XF:jana-server-directory-traversal(6513)
CVE-2001-0558
T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).
2002-03-09
2002-03-01
CVE-2001-0558
http://www.securityfocus.com/bid/2704
BID:2704
http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html
BUGTRAQ:20010507 Advisory for Jana server
http://www.osvdb.org/1817
OSVDB:1817
https://exchange.xforce.ibmcloud.com/vulnerabilities/6521
XF:jana-server-device-dos(6521)
CVE-2001-0559
crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.
2002-03-09
2002-02-26
CVE-2001-0559
http://www.securityfocus.com/bid/2687
BID:2687
http://www.securityfocus.com/archive/1/183029
BUGTRAQ:20010507 Vixie cron vulnerability
http://www.debian.org/security/2001/dsa-054
DEBIAN:DSA-054
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3
MANDRAKE:MDKSA-2001:050
http://www.novell.com/linux/security/advisories/2001_017_cron_txt.html
SUSE:SuSE-SA:2001:17
https://exchange.xforce.ibmcloud.com/vulnerabilities/6508
XF:vixie-cron-gain-privileges(6508)
CVE-2001-0560
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
2002-03-09
2002-03-01
CVE-2001-0560
http://www-1.ibm.com/support/search.wss?rs=0&q=IY17048&apar=only
AIXAPAR:IY17048
http://www-1.ibm.com/support/search.wss?rs=0&q=IY17261&apar=only
AIXAPAR:IY17261
http://archives.neohapsis.com/archives/bugtraq/2001-02/0197.html
BUGTRAQ:20010210 vixie cron possible local root compromise
http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0066.html
BUGTRAQ:20010220 Immunix OS Security update for vixie-cron
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-022.php3
MANDRAKE:MDKSA-2001:022
http://www.osvdb.org/5583
OSVDB:5583
http://www.redhat.com/support/errata/RHSA-2001-014.html
REDHAT:RHSA-2001:014
https://exchange.xforce.ibmcloud.com/vulnerabilities/6098
XF:vixie-crontab-bo(6098)
CVE-2001-0561
Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.
2001-07-27
2017-12-18
CVE-2001-0561
http://www.securityfocus.com/bid/2705
BID:2705
http://archives.neohapsis.com/archives/bugtraq/2001-05/0047.html
BUGTRAQ:20010507 Advisory for A1Stats
http://www.kb.cert.org/vuls/id/471691
CERT-VN:VU#471691
https://exchange.xforce.ibmcloud.com/vulnerabilities/6503
XF:a1stats-dot-directory-traversal(6503)
CVE-2001-0562
a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters.
2001-07-27
2017-12-18
CVE-2001-0562
http://www.securityfocus.com/bid/2705
BID:2705
http://archives.neohapsis.com/archives/bugtraq/2001-05/0047.html
BUGTRAQ:20010507 Advisory for A1Stats
https://exchange.xforce.ibmcloud.com/vulnerabilities/6505
XF:a1stats-a1admin-dos(6505)
CVE-2001-0563
ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large (> 160000 character) strings sent to port 23.
2002-03-09
2002-03-01
CVE-2001-0563
http://www.securityfocus.com/bid/2706
BID:2706
http://archives.neohapsis.com/archives/bugtraq/2001-05/0049.html
BUGTRAQ:20010507 Advisory for Electrocomm 2.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/6514
XF:electrocomm-telnet-dos(6514)
CVE-2001-0564
APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card.
2002-03-09
2002-03-01
CVE-2001-0564
http://www.securityfocus.com/bid/2430
BID:2430
http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html
BUGTRAQ:20010225 APC web/snmp/telnet management card dos
ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt
MISC:ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/6199
XF:apc-telnet-dos(6199)
CVE-2001-0565
Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.
2002-03-09
2002-02-25
CVE-2001-0565
http://www.securityfocus.com/bid/2610
BID:2610
http://archives.neohapsis.com/archives/bugtraq/2001-05/0016.html
BUGTRAQ:20010502 Solaris mailx Vulnerability
http://online.securityfocus.com/archive/1/184210
BUGTRAQ:20010511 Solaris /usr/bin/mailx exploit (SPARC)
http://www.kb.cert.org/vuls/id/446864
CERT-VN:VU#446864
SUNBUG:4452732
https://exchange.xforce.ibmcloud.com/vulnerabilities/8246
XF:solaris-mailx-f-bo(8246)
CVE-2001-0566
Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.
2001-07-27
2017-12-18
CVE-2001-0566
http://archives.neohapsis.com/archives/bugtraq/2001-05/0040.html
BUGTRAQ:20010503 Cisco Catalyst 2900XL crashes with empty UDP packet when SNMP is disabled.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6515
XF:cisco-catalyst-udp-dos(6515)
CVE-2001-0567
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
2002-03-09
2002-03-01
CVE-2001-0567
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000407
CONECTIVA:CLA-2001:407
http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert
CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert
http://www.debian.org/security/2001/dsa-055
DEBIAN:DSA-055
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3
MANDRAKE:MDKSA-2001:049
http://www.redhat.com/support/errata/RHSA-2001-065.html
REDHAT:RHSA-2001:065
https://exchange.xforce.ibmcloud.com/vulnerabilities/6958
XF:zope-zclass-gain-privileges(6958)
CVE-2001-0568
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
2001-07-27
2003-03-21
CVE-2001-0568
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382
CONECTIVA:CLA-2001:382
http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23
CONFIRM:http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23
http://www.debian.org/security/2001/dsa-043
DEBIAN:DSA-043
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3
MANDRAKE:MDKSA-2001:025
http://www.redhat.com/support/errata/RHSA-2001-021.html
REDHAT:RHSA-2001:021
CVE-2001-0569
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
2001-07-27
2003-03-21
CVE-2001-0569
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382
CONECTIVA:CLA-2001:382
http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23
CONFIRM:http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23
http://www.debian.org/security/2001/dsa-043
DEBIAN:DSA-043
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3
MANDRAKE:MDKSA-2001:025
http://www.redhat.com/support/errata/RHSA-2001-021.html
REDHAT:RHSA-2001:021
CVE-2001-0570
minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks.
2001-07-27
2017-12-18
CVE-2001-0570
http://www.securityfocus.com/archive/1/181922
BUGTRAQ:20010503 minicom exploit
http://marc.info/?l=bugtraq&m=99014300904714&w=2
BUGTRAQ:20010517 Immunix OS Security update for minicom
http://www.calderasystems.com/support/security/advisories/CSSA-2001-016.0.txt
CALDERA:CSSA-2001-016.0
http://www.redhat.com/support/errata/RHSA-2001-067.html
REDHAT:RHSA-2001:067
https://exchange.xforce.ibmcloud.com/vulnerabilities/6498
XF:minicom-xmodem-format-string(6498)
CVE-2001-0571
Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL.
2001-07-27
2016-10-17
CVE-2001-0571
http://www.securityfocus.com/bid/2519
BID:2519
http://www.securityfocus.com/bid/2520
BID:2520
http://marc.info/?l=bugtraq&m=98538867727489&w=2
BUGTRAQ:20010323 Elron IM Products Vulnerability
http://marc.info/?l=bugtraq&m=98567864203963&w=2
BUGTRAQ:20010326 http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html
http://archives.neohapsis.com/archives/bugtraq/2001-03/0382.html
BUGTRAQ:20010406 http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html
CVE-2001-0572
The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths or ranges of lengths, which simplifies brute force password guessing, (2) whether RSA or DSA authentication is being used, (3) the number of authorized_keys in RSA authentication, or (4) the lengths of shell commands.
2001-07-27
2002-02-20
CVE-2001-0572
http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html
BUGTRAQ:20010318 Passive Analysis of SSH (Secure Shell) Traffic
http://www.kb.cert.org/vuls/id/596827
CERT-VN:VU#596827
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000391
CONECTIVA:CLA-2001:391
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-033.php3
MANDRAKE:MDKSA-2001:033
http://www.redhat.com/support/errata/RHSA-2001-033.html
REDHAT:RHSA-2001:033
CVE-2001-0573
lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory.
2002-03-09
2002-03-01
CVE-2001-0573
http://archives.neohapsis.com/archives/aix/2001-q2/0000.html
AIXAPAR:IY16909
http://www.kb.cert.org/vuls/id/123651
CERT-VN:VU#123651
http://www.osvdb.org/5582
OSVDB:5582
https://exchange.xforce.ibmcloud.com/vulnerabilities/7007
XF:aix-lsfs-path(7007)
CVE-2001-0574
Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows a remote attacker to download arbitrary files via a '..' (dot dot) in the URL.
2002-03-09
2002-03-01
CVE-2001-0574
http://www.securityfocus.com/bid/2699
BID:2699
http://archives.neohapsis.com/archives/bugtraq/2001-05/0046.html
BUGTRAQ:20010507 Advisory for MP3Mystic
http://mp3mystic.com/mp3mystic/news.phtml
CONFIRM:http://mp3mystic.com/mp3mystic/news.phtml
http://www.osvdb.org/1815
OSVDB:1815
https://exchange.xforce.ibmcloud.com/vulnerabilities/6504
XF:mp3mystic-dot-directory-traversal(6504)
CVE-2001-0575
Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut.
2001-07-27
2017-12-18
CVE-2001-0575
http://archives.neohapsis.com/archives/bugtraq/2001-03/0404.html
BUGTRAQ:20010327 SCO 5.0.6 issues (lpshut)
http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html
BUGTRAQ:20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes
https://exchange.xforce.ibmcloud.com/vulnerabilities/6290
XF:sco-openserver-lpshut-bo(6290)
CVE-2001-0576
lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter.
2001-07-27
2017-12-18
CVE-2001-0576
http://archives.neohapsis.com/archives/bugtraq/2001-03/0407.html
BUGTRAQ:20010327 SCO 5.0.6 issues (lpusers)
http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html
BUGTRAQ:20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes
https://exchange.xforce.ibmcloud.com/vulnerabilities/6292
XF:sco-openserver-lpusers-bo(6292)
CVE-2001-0577
recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument.
2001-07-27
2017-12-18
CVE-2001-0577
http://archives.neohapsis.com/archives/bugtraq/2001-03/0410.html
BUGTRAQ:20010327 SCO 5.0.6 issues (recon)
http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html
BUGTRAQ:20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes
https://exchange.xforce.ibmcloud.com/vulnerabilities/6289
XF:sco-openserver-recon-bo(6289)
CVE-2001-0578
Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command.
2001-07-27
2017-12-18
CVE-2001-0578
http://archives.neohapsis.com/archives/bugtraq/2001-03/0416.html
BUGTRAQ:20010327 SCO 5.0.6 issues (lpforms)
http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html
BUGTRAQ:20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes
https://exchange.xforce.ibmcloud.com/vulnerabilities/6293
XF:sco-openserver-lpforms-bo(6293)
CVE-2001-0579
lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command.
2001-07-27
2017-12-18
CVE-2001-0579
http://archives.neohapsis.com/archives/bugtraq/2001-03/0421.html
BUGTRAQ:20010327 SCO 5.0.6 issues (lpadmin)
http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html
BUGTRAQ:20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes
https://exchange.xforce.ibmcloud.com/vulnerabilities/6291
XF:sco-openserver-lpadmin-bo(6291)
CVE-2001-0580
Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection.
2001-07-27
2003-03-21
CVE-2001-0580
http://archives.neohapsis.com/archives/bugtraq/2001-05/0050.html
BUGTRAQ:200105007 Advisory for Vdns
CVE-2001-0581
Spytech Spynet Chat Server 6.5 allows a remote attacker to create a denial of service (crash) via a large number of connections to port 6387.
2001-07-27
2017-12-18
CVE-2001-0581
http://www.securityfocus.com/bid/2701
BID:2701
http://archives.neohapsis.com/archives/bugtraq/2001-05/0051.html
BUGTRAQ:20010507 Advisory for Spynet Chat
https://exchange.xforce.ibmcloud.com/vulnerabilities/6509
XF:spynet-connection-dos(6509)
CVE-2001-0582
Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR.
2001-07-27
2017-12-18
CVE-2001-0582
http://archives.neohapsis.com/archives/bugtraq/2001-05/0036.html
BUGTRAQ:20010503 Vulnerabilities in CrushFTP Server
http://www.kb.cert.org/vuls/id/110803
CERT-VN:VU#110803
https://exchange.xforce.ibmcloud.com/vulnerabilities/6495
XF:crushftp-directory-traversal(6495)
CVE-2001-0583
Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001.
2001-07-27
2017-12-18
CVE-2001-0583
http://archives.neohapsis.com/archives/bugtraq/2001-03/0188.html
BUGTRAQ:20010315 def-2001-11: MDaemon 3.5.4 Dos-Device DoS
http://ftp1.deerfield.com/pub/mdaemon/Archive/3.5.6/
CONFIRM:http://ftp1.deerfield.com/pub/mdaemon/Archive/3.5.6/
https://exchange.xforce.ibmcloud.com/vulnerabilities/6240
XF:mdaemon-webservices-dos(6240)
CVE-2001-0584
IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands.
2001-07-27
2017-12-18
CVE-2001-0584
http://www.securityfocus.com/bid/2508
BID:2508
http://archives.neohapsis.com/archives/bugtraq/2001-03/0365.html
BUGTRAQ:20010325 MDaemon IMAP Denial Of Service
https://exchange.xforce.ibmcloud.com/vulnerabilities/6279
XF:mdaemon-imap-command-dos(6279)
CVE-2001-0585
Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000.
2002-03-09
2002-03-01
CVE-2001-0585
http://www.securityfocus.com/bid/2494
BID:2494
http://archives.neohapsis.com/archives/bugtraq/2001-03/0248.html
BUGTRAQ:20010320 def-2001-13: NTMail Web Services DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6249
XF:ntmail-long-url-dos(6249)
CVE-2001-0586
TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords.
2002-03-09
2002-03-01
CVE-2001-0586
http://archives.neohapsis.com/archives/ntbugtraq/2001-q1/0049.html
BUGTRAQ:20010330 STAT Security Advisory: Trend Micro's ScanMail for Exchange store s passwords in registry unprotected
http://www.osvdb.org/5581
OSVDB:5581
https://exchange.xforce.ibmcloud.com/vulnerabilities/6311
XF:scanmail-reveals-credentials(6311)
CVE-2001-0587
deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
2001-07-27
2017-12-18
CVE-2001-0587
http://www.securityfocus.com/bid/2583
BID:2583
http://archives.neohapsis.com/archives/bugtraq/2001-03/0418.html
BUGTRAQ:20010327 SCO 5.0.6 MMDF issues (deliver)
http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html
BUGTRAQ:20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes
https://exchange.xforce.ibmcloud.com/vulnerabilities/6302
XF:sco-openserver-deliver-bo(6302)
CVE-2001-0588
sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO OpenServer 5.0.6, can allow a local attacker to gain additional privileges via a buffer overflow in the first argument to the command.
2001-07-27
2002-03-01
CVE-2001-0588
http://archives.neohapsis.com/archives/bugtraq/2001-03/0417.html
BUGTRAQ:20010327 SCO 5.0.6 MMDF issues (sendmail 8.9.3)
http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html
BUGTRAQ:20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes
CVE-2001-0589
NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns.
2002-03-09
2002-03-01
CVE-2001-0589
http://www.securityfocus.com/bid/2523
BID:2523
http://archives.neohapsis.com/archives/bugtraq/2001-03/0375.html
BUGTRAQ:20010326 Netscreen: DMZ Network Receives Some "Denied" Traffic
http://www.osvdb.org/1780
OSVDB:1780
https://exchange.xforce.ibmcloud.com/vulnerabilities/6317
XF:netscreen-screenos-bypass-firewall(6317)
CVE-2001-0590
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
2002-03-09
2002-03-01
CVE-2001-0590
http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html
BUGTRAQ:20010403 Re: Tomcat may reveal script source code by URL trickery
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-004
HP:HPSBTL0112-004
http://www.osvdb.org/5580
OSVDB:5580
https://exchange.xforce.ibmcloud.com/vulnerabilities/6971
XF:jakarta-tomcat-jsp-source(6971)
CVE-2001-0591
Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack.
2002-03-09
2002-03-01
CVE-2001-0591
http://www.securityfocus.com/bid/2286
BID:2286
http://archives.neohapsis.com/archives/bugtraq/2001-02/0239.html
BUGTRAQ:20010212 Patch for Potential Vulnerability in the execution of JSPs outside doc_root
WIN2KSEC:20010122 Oracle JSP/SQLJS handlers allow viewing files and executing JSP outside the web root
https://exchange.xforce.ibmcloud.com/vulnerabilities/5986
XF:oracle-handlers-directory-traversal(5986)
CVE-2001-0592
Watchguard Firebox II prior to 4.6 allows a remote attacker to create a denial of service in the kernel via a large stream (>10,000) of malformed ICMP or TCP packets.
2001-07-27
2017-12-18
CVE-2001-0592
http://archives.neohapsis.com/archives/bugtraq/2001-04/0054.html
BUGTRAQ:20010405 def-2001-18: Watchguard Firebox II Kernel DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6327
XF:firebox-kernel-dos(6327)
CVE-2001-0593
Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter.
2002-03-09
2018-11-16
CVE-2001-0593
http://www.securityfocus.com/bid/2512
BID:2512
http://archives.neohapsis.com/archives/bugtraq/2001-03/0395.html
BUGTRAQ:20010327 advisory
http://anacondapartners.com/cgi-local/apexec.pl?template=ap_releasenotestemplate.html&f1=ap_af_updates_menu&f2=ap_af_releasenotes_clip
MISC:http://anacondapartners.com/cgi-local/apexec.pl?template=ap_releasenotestemplate.html&f1=ap_af_updates_menu&f2=ap_af_releasenotes_clip
https://exchange.xforce.ibmcloud.com/vulnerabilities/6286
XF:anaconda-clipper-directory-traversal(6286)
CVE-2001-0594
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.
2002-03-09
2002-02-24
CVE-2001-0594
http://www.securityfocus.com/bid/2558
BID:2558
http://archives.neohapsis.com/archives/bugtraq/2001-04/0140.html
BUGTRAQ:20010409 Solaris kcms_configure vulnerability
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A65
OVAL:oval:org.mitre.oval:def:65
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7
OVAL:oval:org.mitre.oval:def:7
SUNBUG:4199722
https://exchange.xforce.ibmcloud.com/vulnerabilities/6359
XF:solaris-kcms-command-bo(6359)
CVE-2001-0595
Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program.
2002-03-09
2002-02-24
CVE-2001-0595
http://www.securityfocus.com/bid/2605
BID:2605
http://archives.neohapsis.com/archives/bugtraq/2001-04/0203.html
BUGTRAQ:20010411 [LSD] Solaris kcsSUNWIOsolf.so and dtsession vulnerabilities
SUNBUG:4415570
https://exchange.xforce.ibmcloud.com/vulnerabilities/6365
XF:solaris-kcssunwiosolf-bo(6365)
CVE-2001-0596
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
2002-03-09
2002-03-01
CVE-2001-0596
http://www.securityfocus.com/bid/2637
BID:2637
http://marc.info/?l=bugtraq&m=98685237415117&w=2
BUGTRAQ:20010409 Netscape 4.76 gif comment flaw
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000393
CONECTIVA:CLA-2001:393
http://www.debian.org/security/2001/dsa-051
DEBIAN:DSA-051
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-014-01
IMMUNIX:IMNX-2001-70-014-01
http://www.osvdb.org/5579
OSVDB:5579
http://www.redhat.com/support/errata/RHSA-2001-046.html
REDHAT:RHSA-2001:046
https://exchange.xforce.ibmcloud.com/vulnerabilities/6344
XF:netscape-javascript-access-data(6344)
CVE-2001-0597
Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and earlier for the PalmOS allows a local attacker to recover passwords via a brute force attack. This attack is made feasible by STRIP's use of SysRandom, which is seeded by TimeGetTicks, and an implementation flaw which vastly reduces the password 'search space'.
2001-07-27
2017-12-18
CVE-2001-0597
http://www.securityfocus.com/bid/2567
BID:2567
http://archives.neohapsis.com/archives/bugtraq/2001-04/0169.html
BUGTRAQ:20010410 Catastrophic failure of Strip password generation.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6362
XF:strip-weak-passwords(6362)
CVE-2001-0598
Symantec Ghost 6.5 and earlier allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to the Ghost Configuration Server on port 1347, which triggers an error that is not properly handled.
2001-07-27
2017-12-18
CVE-2001-0598
http://www.securityfocus.com/bid/2570
BID:2570
http://archives.neohapsis.com/archives/bugtraq/2001-04/0175.html
BUGTRAQ:20010411 def-2001-21: Ghost Multiple DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6357
XF:ghost-configuration-server-dos(6357)
CVE-2001-0599
Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier as included with Symantec Ghost 6.5 allows a remote attacker to create a denial of service by sending large (> 45Kb) amounts of data to port 2638.
2001-07-27
2017-12-18
CVE-2001-0599
http://www.securityfocus.com/bid/2572
BID:2572
http://archives.neohapsis.com/archives/bugtraq/2001-04/0175.html
BUGTRAQ:20010411 def-2001-21: Ghost Multiple DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6356
XF:ghost-database-engine-dos(6356)
CVE-2001-0600
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type.
2001-07-27
2017-12-18
CVE-2001-0600
http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html
BUGTRAQ:20010411 def-2001-20: Lotus Domino Multiple DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6347
XF:lotus-domino-header-dos(6347)
CVE-2001-0601
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters.
2001-07-27
2017-12-18
CVE-2001-0601
http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html
BUGTRAQ:20010411 def-2001-20: Lotus Domino Multiple DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6349
XF:lotus-domino-unicode-dos(6349)
CVE-2001-0602
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices.
2001-07-27
2017-12-18
CVE-2001-0602
http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html
BUGTRAQ:20010411 def-2001-20: Lotus Domino Multiple DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6348
XF:lotus-domino-device-dos(6348)
CVE-2001-0603
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148.
2001-07-27
2017-12-18
CVE-2001-0603
http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html
BUGTRAQ:20010411 def-2001-20: Lotus Domino Multiple DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6350
XF:lotus-domino-corba-dos(6350)
CVE-2001-0604
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters.
2001-07-27
2017-12-18
CVE-2001-0604
http://archives.neohapsis.com/archives/bugtraq/2001-04/0174.html
BUGTRAQ:20010411 def-2001-20: Lotus Domino Multiple DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6351
XF:lotus-domino-url-dos(6351)
CVE-2001-0605
Headlight Software MyGetright prior to 1.0b allows a remote attacker to upload and/or overwrite arbitrary files via a malicious .dld (skins-data) file which contains long strings of random data.
2001-07-27
2016-10-17
CVE-2001-0605
http://marc.info/?l=bugtraq&m=98321819112158&w=2
BUGTRAQ:20010226 My Getright Unsupervised File Download Vulnerability
CVE-2001-0606
Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service.
2001-07-27
2017-12-18
CVE-2001-0606
http://archives.neohapsis.com/archives/hp/2001-q1/0041.html
HP:HPSBUX0102-139
https://exchange.xforce.ibmcloud.com/vulnerabilities/6110
XF:hp-virtualvault-iws-dos(6110)
CVE-2001-0607
asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083.
2001-07-27
2017-10-09
CVE-2001-0607
http://archives.neohapsis.com/archives/hp/2001-q1/0080.html
HP:HPSBUX0103-145
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5621
OVAL:oval:org.mitre.oval:def:5621
CVE-2001-0608
HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF - AIFCHANGELOGON program.
2001-07-27
2017-12-18
CVE-2001-0608
http://www.kb.cert.org/vuls/id/895496
CERT-VN:VU#895496
http://archives.neohapsis.com/archives/hp/2001-q1/0087.html
HP:HPSBMP0103-011
https://exchange.xforce.ibmcloud.com/vulnerabilities/6951
XF:hp-aif-gain-privileges(6951)
CVE-2001-0609
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
2001-07-27
2017-12-18
CVE-2001-0609
http://www.securityfocus.com/bid/2576
BID:2576
http://archives.neohapsis.com/archives/bugtraq/2001-04/0202.html
BUGTRAQ:20010411 CFINGERD remote vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6364
XF:cfingerd-remote-format-string(6364)
CVE-2001-0610
kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.
2001-07-27
2017-12-18
CVE-2001-0610
http://archives.neohapsis.com/archives/bugtraq/2001-04/0336.html
BUGTRAQ:20010418 Insecure directory handling in KFM file manager
https://exchange.xforce.ibmcloud.com/vulnerabilities/6428
XF:kfm-tmpfile-symlink(6428)
CVE-2001-0611
Becky! 2.00.05 and earlier can allow a remote attacker to gain additional privileges via a buffer overflow attack on long messages without newline characters.
2002-03-09
2002-03-01
CVE-2001-0611
http://www.securityfocus.com/bid/2723
BID:2723
http://archives.neohapsis.com/archives/bugtraq/2001-05/0089.html
BUGTRAQ:20010514 Becky! 2.00.05 Buffer Overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/6531
XF:becky-mail-message-bo(6531)
CVE-2001-0612
McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045.
2004-09-01
2004-08-17
CVE-2001-0612
http://www.securityfocus.com/bid/2726
BID:2726
http://archives.neohapsis.com/archives/bugtraq/2001-05/0158.html
BUGTRAQ:20010516 Remote Desktop DoS
http://www.osvdb.org/6288
OSVDB:6288
https://exchange.xforce.ibmcloud.com/vulnerabilities/6547
XF:remote-desktop-dos(6547)
CVE-2001-0613
Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request.
2002-03-09
2002-03-01
CVE-2001-0613
http://www.securityfocus.com/bid/2730
BID:2730
http://archives.neohapsis.com/archives/bugtraq/2001-05/0131.html
BUGTRAQ:20010515 OmniHTTPd Pro Denial of Service Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6540
XF:omnihttpd-post-dos(6540)
CVE-2001-0614
Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL.
2001-07-27
2017-12-18
CVE-2001-0614
http://marc.info/?l=bugtraq&m=98991352402073&w=2
BUGTRAQ:20010514 def-2001-25: Carello E-Commerce Arbitrary Command Execution
https://exchange.xforce.ibmcloud.com/vulnerabilities/6532
XF:carello-url-code-execution(6532)
CVE-2001-0615
Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'.
2002-03-09
2002-03-01
CVE-2001-0615
http://www.securityfocus.com/bid/2776
BID:2776
http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html
BUGTRAQ:20010525 Advisory for Freestyle Chat server
http://www.osvdb.org/1841
OSVDB:1841
https://exchange.xforce.ibmcloud.com/vulnerabilities/6601
XF:freestyle-chat-directory-traversal(6601)
CVE-2001-0616
Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0).
2002-03-09
2002-03-01
CVE-2001-0616
http://www.securityfocus.com/bid/2777
BID:2777
http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html
BUGTRAQ:20010525 Advisory for Freestyle Chat server
https://exchange.xforce.ibmcloud.com/vulnerabilities/6602
XF:freestyle-chat-device-dos(6602)
CVE-2001-0617
Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the 'Virtual Server' enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be disabled.
2001-07-27
2017-12-18
CVE-2001-0617
http://archives.neohapsis.com/archives/bugtraq/2001-05/0125.html
BUGTRAQ:20010514 Cable-Router AR220e Portmapper Security-Flaw
https://exchange.xforce.ibmcloud.com/vulnerabilities/6560
XF:telesyn-portmapper-access-services(6560)
CVE-2001-0618
Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the 'Network Name' or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications, a remote attacker could determine the WEP key and decrypt RG-1000 traffic.
2001-07-27
2017-12-18
CVE-2001-0618
http://archives.neohapsis.com/archives/bugtraq/2001-04/0020.html
BUGTRAQ:20010402 RG-1000 802.11 Residential Gateway default WEP key disclosure flaw
https://exchange.xforce.ibmcloud.com/vulnerabilities/6328
XF:orinoco-rg1000-wep-key(6328)
CVE-2001-0619
The Lucent Closed Network protocol can allow remote attackers to join Closed Network networks which they do not have access to. The 'Network Name' or SSID, which is used as a shared secret to join the network, is transmitted in the clear.
2001-07-27
2003-05-08
CVE-2001-0619
http://archives.neohapsis.com/archives/bugtraq/2001-04/0015.html
BUGTRAQ:20010402 Design Flaw in Lucent/Orinoco 802.11 proprietary access control- closed network
CVE-2001-0620
iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from the configuration file, which has insecure permissions.
2001-07-27
2017-12-18
CVE-2001-0620
http://archives.neohapsis.com/archives/bugtraq/2001-04/0320.html
BUGTRAQ:20010418 iplanet calendar server 5.0p2 exposes Netscape Admin Server master password
https://exchange.xforce.ibmcloud.com/vulnerabilities/6402
XF:iplanet-calendar-plaintext-password(6402)
CVE-2001-0621
The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.
2002-03-09
2002-03-01
CVE-2001-0621
http://www.securityfocus.com/bid/2745
BID:2745
http://www.ciac.org/ciac/bulletins/l-085.shtml
CIAC:L-085
http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml
CISCO:20010517 Cisco Content Service Switch 11000 Series FTP Vulnerability
http://www.osvdb.org/1834
OSVDB:1834
https://exchange.xforce.ibmcloud.com/vulnerabilities/6557
XF:cisco-css-ftp-commands(6557)
CVE-2001-0622
The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface.
2002-03-09
2002-03-01
CVE-2001-0622
http://www.securityfocus.com/bid/2806
BID:2806
http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml
CISCO:20010531 Cisco Content Service Switch 11000 Series Web Management Vulnerability
http://www.osvdb.org/1848
OSVDB:1848
https://exchange.xforce.ibmcloud.com/vulnerabilities/6631
XF:cisco-css-web-management(6631)
CVE-2001-0623
sendfiled, as included with Simple Asynchronous File Transfer (SAFT), on various Linux systems does not properly drop privileges when sending notification emails, which allows local attackers to gain privileges.
2001-07-27
2017-12-18
CVE-2001-0623
http://www.debian.org/security/2001/dsa-050
DEBIAN:DSA-050
http://www.debian.org/security/2001/dsa-052
DEBIAN:DSA-052
https://exchange.xforce.ibmcloud.com/vulnerabilities/6430
XF:saft-sendfiled-execute-code(6430)
CVE-2001-0624
QNX 2.4 allows a local user to read arbitrary files by directly accessing the mount point for the FAT disk partition, e.g. /fs-dos.
2001-07-27
2017-12-18
CVE-2001-0624
http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0266.html
VULN-DEV:20010421 QNX FIle Read Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6437
XF:qnx-fat-file-read(6437)
CVE-2001-0625
ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log .
2002-03-09
2002-03-01
CVE-2001-0625
http://www.securityfocus.com/bid/2778
BID:2778
http://archives.neohapsis.com/archives/bugtraq/2001-05/0245.html
BUGTRAQ:20010525 Security Bug in InoculateIT for Linux (fwd)
http://www.osvdb.org/1843
OSVDB:1843
https://exchange.xforce.ibmcloud.com/vulnerabilities/6607
XF:inoculateit-ftpdownload-symlink(6607)
CVE-2001-0626
O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.
2002-03-09
2002-03-01
CVE-2001-0626
http://www.securityfocus.com/bid/2488
BID:2488
http://archives.neohapsis.com/archives/bugtraq/2001-03/0236.html
BUGTRAQ:20010316 WebServer Pro All Version Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/3839
XF:website-pro-dir-path(3839)
CVE-2001-0627
vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.
2002-03-09
2002-03-01
CVE-2001-0627
http://www.securityfocus.com/bid/2752
BID:2752
http://archives.neohapsis.com/archives/bugtraq/2001-05/0220.html
BUGTRAQ:20010522 [SRT2001-09] - vi and crontab -e /tmp issues
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.17/CSSA-2001-SCO.17.txt
CALDERA:CSSA-2001-SCO.17
http://www.kb.cert.org/vuls/id/747736
CERT-VN:VU#747736
https://exchange.xforce.ibmcloud.com/vulnerabilities/6588
XF:sco-openserver-vi-symlink(6588)
CVE-2001-0628
Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
2002-03-09
2002-03-01
CVE-2001-0628
http://www.securityfocus.com/bid/2760
BID:2760
http://support.microsoft.com/support/kb/articles/Q274/2/28.asp
MSKB:Q274228
https://exchange.xforce.ibmcloud.com/vulnerabilities/6614
XF:word-asd-macro-execution(6614)
CVE-2001-0629
HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.
2002-03-09
2009-03-01
CVE-2001-0629
http://www.securityfocus.com/bid/2761
BID:2761
http://archives.neohapsis.com/archives/bugtraq/2001-05/0226.html
BUGTRAQ:20010523 HP OpenView NNM v6.1 buffer overflow
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-158
HP:HPSBUX0107-158
https://exchange.xforce.ibmcloud.com/vulnerabilities/6582
XF:openview-nnm-ecsd-bo(6582)
CVE-2001-0630
Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the 'loc' variable.
2002-03-09
2002-03-01
CVE-2001-0630
http://www.securityfocus.com/bid/2762
BID:2762
http://archives.neohapsis.com/archives/bugtraq/2001-05/0231.html
BUGTRAQ:20010523 Vulnerability in viewsrc.cgi
http://www.osvdb.org/5565
OSVDB:5565
https://exchange.xforce.ibmcloud.com/vulnerabilities/6583
XF:viewsrc-cgi-view-files(6583)
CVE-2001-0631
Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users.
2002-03-09
2002-03-01
CVE-2001-0631
http://www.securityfocus.com/bid/2423
BID:2423
http://archives.neohapsis.com/archives/bugtraq/2001-02/0376.html
BUGTRAQ:20010221 FirstClass Internetgateway "stupidity"
http://archives.neohapsis.com/archives/bugtraq/2001-02/0440.html
BUGTRAQ:20010226 Re: [Fwd: FirstClass Internetgateway "stupidity"]
https://exchange.xforce.ibmcloud.com/vulnerabilities/6192
XF:centrinity-firstclass-email-spoofing(6192)
CVE-2001-0632
Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges.
2001-07-27
2003-03-21
CVE-2001-0632
http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html
BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html
BUGTRAQ:20010224 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities
CVE-2001-0633
Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'.
2001-07-27
2003-05-08
CVE-2001-0633
http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html
BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html
BUGTRAQ:20010224 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities
CVE-2001-0634
Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service.
2002-03-09
2002-03-01
CVE-2001-0634
http://www.securityfocus.com/bid/2409
BID:2409
http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html
BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html
BUGTRAQ:20010226 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/6176
XF:chilisoft-asp-license-dos(6176)
CVE-2001-0635
Red Hat Linux 7.1 sets insecure permissions on swap files created during installation, which can allow a local attacker to gain additional privileges by reading sensitive information from the swap file, such as passwords.
2002-03-09
2002-03-01
CVE-2001-0635
http://www.osvdb.org/5564
OSVDB:5564
http://www.redhat.com/support/errata/RHSA-2001-058.html
REDHAT:RHSA-2001:058
https://exchange.xforce.ibmcloud.com/vulnerabilities/6493
XF:mount-swap-world-readable(6493)
CVE-2001-0636
Buffer overflows in Raytheon SilentRunner allow remote attackers to (1) cause a denial of service in the collector (cle.exe) component of SilentRunner 2.0 via traffic containing long passwords, or (2) execute arbitrary commands via long HTTP queries in the Knowledge Browser component in SilentRunner 2.0 and 2.0.1. NOTE: It is highly likely that this candidate will be split into multiple candidates.
2001-08-29
2002-02-11
CVE-2001-0636
http://xforce.iss.net/alerts/advise91.php
ISS:20010806 Multiple Buffer Overflow Vulnerabilities in Raytheon SilentRunner
CVE-2001-0641
Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.
2002-03-09
2002-02-11
CVE-2001-0641
http://www.securityfocus.com/bid/2711
BID:2711
http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html
BUGTRAQ:20010513 RH 7.0:/usr/bin/man exploit: gid man + more
http://www.securityfocus.com/archive/1/190136
BUGTRAQ:20010612 man 1.5h10 + man 1.5i-4 exploits
http://www.redhat.com/support/errata/RHSA-2001-069.html
REDHAT:RHSA-2001:069
http://www.novell.com/linux/security/advisories/2001_019_man_txt.html
SUSE:SuSE-SA:2001:019
https://exchange.xforce.ibmcloud.com/vulnerabilities/6530
XF:man-s-bo(6530)
CVE-2001-0642
Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in the content.ini file.
2001-08-29
2017-12-18
CVE-2001-0642
http://archives.neohapsis.com/archives/bugtraq/2001-05/0078.html
BUGTRAQ:20010511 [eyeonsecurity.net] Incredimail allows automatic over writing offiles on your hard disk
https://exchange.xforce.ibmcloud.com/vulnerabilities/6529
XF:incredimail-dot-overwrite-files(6529)
CVE-2001-0643
Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.
2004-09-01
2004-07-22
CVE-2001-0643
http://www.securityfocus.com/bid/2612
BID:2612
http://www.securityfocus.com/archive/1/176909
BUGTRAQ:20010416 Double clicking on innocent looking files may be dangerous
http://vil.nai.com/vil/virusSummary.asp?virus_k=99048
MISC:http://vil.nai.com/vil/virusSummary.asp?virus_k=99048
http://www.guninski.com/clsidext.html
MISC:http://www.guninski.com/clsidext.html
http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html
MISC:http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html
http://www.osvdb.org/7858
OSVDB:7858
https://exchange.xforce.ibmcloud.com/vulnerabilities/6426
XF:ie-clsid-execute-files(6426)
CVE-2001-0644
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server.
2002-03-09
2002-03-01
CVE-2001-0644
http://www.securityfocus.com/bid/2718
BID:2718
http://www.securityfocus.com/archive/1/184751
BUGTRAQ:20010515 Rumpus FTP DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6543
XF:rumpus-plaintext-passwords(6543)
CVE-2001-0645
Symantec/AXENT NetProwler 3.5.x contains several default passwords, which could allow remote attackers to (1) access to the management tier via the "admin" password, or (2) connect to a MySQL ODBC from the management tier using a blank password.
2001-08-29
2017-12-18
CVE-2001-0645
http://archives.neohapsis.com/archives/bugtraq/2001-05/0098.html
BUGTRAQ:20010510 Corsaire Limited Security Advisory - Symantec/Axent NetProwler 3. 5.x database configuration
http://archives.neohapsis.com/archives/bugtraq/2001-05/0097.html
BUGTRAQ:20010510 Corsaire Limited Security Advisory - Symantec/Axent NetProwler 3. 5.x password restrictions
http://www.kb.cert.org/vuls/id/508387
CERT-VN:VU#508387
https://exchange.xforce.ibmcloud.com/vulnerabilities/6537
XF:netprowler-default-management-password(6537)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6539
XF:netprowler-default-odbc-password(6539)
CVE-2001-0646
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific length.
2002-03-09
2002-03-01
CVE-2001-0646
http://www.securityfocus.com/bid/2716
BID:2716
http://www.securityfocus.com/archive/1/184751
BUGTRAQ:20010515 Rumpus FTP DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6542
XF:rumpus-long-directory-dos(6542)
CVE-2001-0647
Orange Web Server 2.1, based on GoAhead, allows a remote attacker to perform a denial of service via an HTTP GET request that does not include the HTTP version.
2001-09-12
2001-12-16
CVE-2001-0647
http://www.securityfocus.com/bid/2432
BID:2432
http://www.securityfocus.com/archive/1/165658
BUGTRAQ:20010227 Orange Web Server v2.1 DoS
CVE-2001-0648
Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module.
2002-03-09
2002-02-11
CVE-2001-0648
http://www.securityfocus.com/bid/2702
BID:2702
http://www.securityfocus.com/archive/1/184215
BUGTRAQ:20010508 security hole in os groupware suite PHProjekt
https://exchange.xforce.ibmcloud.com/vulnerabilities/6522
XF:phprojekt-dot-directory-traversal(6522)
CVE-2001-0649
Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial of service via a long HTTP request.
2001-08-29
2017-12-18
CVE-2001-0649
http://www.securityfocus.com/archive/1/184548
BUGTRAQ:20010510 Personal Web Sharing remote stop
https://exchange.xforce.ibmcloud.com/vulnerabilities/6536
XF:macos-web-sharing-dos(6536)
CVE-2001-0650
Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.
2002-03-09
2009-03-01
CVE-2001-0650
http://www.securityfocus.com/bid/2733
BID:2733
http://www.kb.cert.org/vuls/id/106392
CERT-VN:VU#106392
http://ciac.llnl.gov/ciac/bulletins/l-082.shtml
CIAC:L-082
http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml
CISCO:20010510 Cisco IOS BGP Attribute Corruption Vulnerability
http://www.osvdb.org/1830
OSVDB:1830
https://exchange.xforce.ibmcloud.com/vulnerabilities/6566
XF:cisco-ios-bgp-dos(6566)
CVE-2001-0652
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
2002-03-09
2002-02-24
CVE-2001-0652
http://www.securityfocus.com/bid/3160
BID:3160
http://marc.info/?l=bugtraq&m=99745571104126&w=2
BUGTRAQ:20010810 NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10
OVAL:oval:org.mitre.oval:def:10
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A131
OVAL:oval:org.mitre.oval:def:131
SUNBUG:4483090
https://exchange.xforce.ibmcloud.com/vulnerabilities/6967
XF:solaris-xlock-bo(6967)
CVE-2001-0653
Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
2002-03-09
2002-02-24
CVE-2001-0653
http://www.securityfocus.com/bid/3163
BID:3163
http://marc.info/?l=bugtraq&m=99841063100516&w=2
BUGTRAQ:20010821 *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
http://www.calderasystems.com/support/security/advisories/CSSA-2001-032.0.txt
CALDERA:CSSA-2001-032.0
CALDERA:CSSA-2001-SCO.31
http://www.ciac.org/ciac/bulletins/l-133.shtml
CIAC:L-133
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000412
CONECTIVA:CLA-2001:412
http://www.sendmail.org/8.11.html
CONFIRM:http://www.sendmail.org/8.11.html
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-007
HP:HPSBTL0112-007
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-032-01
IMMUNIX:IMNX-2001-70-032-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-075.php3
MANDRAKE:MDKSA-2001:075
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-017.txt.asc
NETBSD:NetBSD-SA2001-017
http://rhn.redhat.com/errata/RHSA-2001-106.html
REDHAT:RHSA-2001:106
http://www.novell.com/linux/security/advisories/2001_028_sendmail_txt.html
SUSE:SuSE-SA:2001:028
https://exchange.xforce.ibmcloud.com/vulnerabilities/7016
XF:sendmail-debug-signed-int-overflow(7016)
CVE-2001-0654
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none.
2017-05-11
2017-05-11
CVE-2001-0654
CVE-2001-0655
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none.
2017-05-11
2017-05-11
CVE-2001-0655
CVE-2001-0656
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none.
2017-05-11
2017-05-11
CVE-2001-0656
CVE-2001-0657
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none.
2017-05-11
2017-05-11
CVE-2001-0657
CVE-2001-0658
Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
2002-03-09
2002-02-24
CVE-2001-0658
http://www.securityfocus.com/bid/3198
BID:3198
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-045
MS:MS01-045
https://exchange.xforce.ibmcloud.com/vulnerabilities/6991
XF:isa-cross-site-scripting(6991)
CVE-2001-0659
Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet.
2002-03-09
2002-02-24
CVE-2001-0659
http://www.securityfocus.com/bid/3215
BID:3215
http://online.securityfocus.com/archive/1/209385
BUGTRAQ:20010821 IrDA semiremote vulnerability
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-046
MS:MS01-046
https://exchange.xforce.ibmcloud.com/vulnerabilities/7008
XF:win2k-irda-dos(7008)
CVE-2001-0660
Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).
2002-03-09
2002-03-01
CVE-2001-0660
http://www.securityfocus.com/bid/3301
BID:3301
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-047
MS:MS01-047
http://support.microsoft.com/support/kb/articles/Q307/1/95.ASP
MSKB:Q307195
https://exchange.xforce.ibmcloud.com/vulnerabilities/7089
XF:exchange-owa-obtain-addresses(7089)
CVE-2001-0661
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0661
CVE-2001-0662
RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request.
2002-03-09
2002-03-01
CVE-2001-0662
http://www.securityfocus.com/bid/3313
BID:3313
http://www.ciac.org/ciac/bulletins/l-142.shtml
CIAC:L-142
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-048
MS:MS01-048
https://exchange.xforce.ibmcloud.com/vulnerabilities/7105
XF:winnt-rpc-endpoint-dos(7105)
CVE-2001-0663
Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets.
2002-03-09
2002-03-05
CVE-2001-0663
http://www.securityfocus.com/bid/3445
BID:3445
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-052
MS:MS01-052
https://exchange.xforce.ibmcloud.com/vulnerabilities/7302
XF:win-rdp-packet-dos(7302)
CVE-2001-0664
Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability."
2002-03-09
2006-09-10
CVE-2001-0664
http://www.securityfocus.com/bid/3420
BID:3420
http://marc.info/?l=bugtraq&m=100281551611595&w=2
BUGTRAQ:20011011 Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing
http://morph3us.org/blog/?p=31
MISC:http://morph3us.org/blog/?p=31
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051
MS:MS01-051
http://www.osvdb.org/1971
OSVDB:1971
https://exchange.xforce.ibmcloud.com/vulnerabilities/7258
XF:ie-incorrect-security-zone(7258)
CVE-2001-0665
Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."
2002-03-09
2002-03-01
CVE-2001-0665
http://www.securityfocus.com/bid/3421
BID:3421
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051
MS:MS01-051
http://www.osvdb.org/1972
OSVDB:1972
https://exchange.xforce.ibmcloud.com/vulnerabilities/7259
XF:ie-url-http-requests(7259)
CVE-2001-0666
Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
2002-03-09
2002-02-24
CVE-2001-0666
http://www.securityfocus.com/bid/3368
BID:3368
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-049
MS:MS01-049
https://exchange.xforce.ibmcloud.com/vulnerabilities/7168
XF:exchange-owa-folder-request-dos(7168)
CVE-2001-0667
Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150.
2002-03-09
2002-03-01
CVE-2001-0667
http://www.kb.cert.org/vuls/id/952611
CERT-VN:VU#952611
http://www.ciac.org/ciac/bulletins/m-024.shtml
CIAC:M-024
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051
MS:MS01-051
https://exchange.xforce.ibmcloud.com/vulnerabilities/7260
XF:ie-telnet-command-execution-variant(7260)
CVE-2001-0668
Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands.
2002-03-09
2009-03-01
CVE-2001-0668
http://www.securityfocus.com/bid/3240
BID:3240
http://www.cert.org/advisories/CA-2001-30.html
CERT:CA-2001-30
http://www.kb.cert.org/vuls/id/966075
CERT-VN:VU#966075
http://www.ciac.org/ciac/bulletins/l-134.shtml
CIAC:L-134
http://archives.neohapsis.com/archives/hp/2001-q3/0047.html
HP:HPSBUX0108-163
http://xforce.iss.net/alerts/advise93.php
ISS:20010827 Remote Buffer Overflow Vulnerability in HP-UX Line Printer Daemon
https://exchange.xforce.ibmcloud.com/vulnerabilities/6811
XF:hpux-rlpd-bo(6811)
CVE-2001-0669
Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.
2001-10-12
2016-10-17
CVE-2001-0669
http://www.securityfocus.com/bid/3292
BID:3292
http://marc.info/?l=bugtraq&m=99972950200602&w=2
BUGTRAQ:20010905 %u encoding IDS bypass vulnerability
http://www.kb.cert.org/vuls/id/548515
CERT-VN:VU#548515
http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml
CISCO:20010905 Cisco Secure Intrusion Detection System Signature Obfuscation Vulnerability
http://xforce.iss.net/alerts/advise95.php
ISS:20010905 Multiple Vendor IDS Unicode Bypass Vulnerability
CVE-2001-0670
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
2002-03-09
2007-10-16
CVE-2001-0670
http://www.securityfocus.com/bid/3252
BID:3252
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/CSSA-2001-SCO.20.txt
CALDERA:CSSA-2001-SCO.20
http://www.cert.org/advisories/CA-2001-30.html
CERT:CA-2001-30
http://www.kb.cert.org/vuls/id/274043
CERT-VN:VU#274043
http://xforce.iss.net/alerts/advise94.php
ISS:20010829 Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-018.txt.asc
NETBSD:NetBSD-SA2001-018
http://www.openbsd.com/errata28.html
OPENBSD:20010829
http://www.redhat.com/support/errata/RHSA-2001-147.html
REDHAT:RHSA-2001:147
https://exchange.xforce.ibmcloud.com/vulnerabilities/7046
XF:bsd-lpd-bo(7046)
CVE-2001-0671
Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges.
2001-11-22
2001-11-28
CVE-2001-0671
AIXAPAR:IY23037
AIXAPAR:IY23041
http://www.cert.org/advisories/CA-2001-30.html
CERT:CA-2001-30
http://www.kb.cert.org/vuls/id/388183
CERT-VN:VU#388183
http://www.kb.cert.org/vuls/id/466239
CERT-VN:VU#466239
http://www.kb.cert.org/vuls/id/722143
CERT-VN:VU#722143
CVE-2001-0672
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0672
CVE-2001-0673
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0673
CVE-2001-0674
Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a hexadecimal encoded dot-dot attack (eg. http://www.server.com/%2e%2e/%2e%2e) in an HTTP URL request.
2001-08-29
2017-12-18
CVE-2001-0674
http://www.securityfocus.com/archive/1/177231
BUGTRAQ:20010417 Advisory for Viking
http://www.robtex.com/viking/bugs.htm
CONFIRM:http://www.robtex.com/viking/bugs.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/6394
XF:viking-hex-directory-traversal(6394)
CVE-2001-0675
Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker to cause a denial of service by sending an email to a user's account containing a carriage return <CR> that is not followed by a line feed <LF>.
2002-03-09
2016-09-15
CVE-2001-0675
http://www.securityfocus.com/bid/2636
BID:2636
http://archives.neohapsis.com/archives/bugtraq/2001-04/0345.html
BUGTRAQ:20010418 SECURITY.NNOV: The Bat! <cr> bug
http://archives.neohapsis.com/archives/bugtraq/2001-04/0381.html
BUGTRAQ:20010421 Re: SECURITY.NNOV: The Bat! <cr> bug
http://archives.neohapsis.com/archives/bugtraq/2001-04/0410.html
BUGTRAQ:20010423 Re: SECURITY.NNOV: The Bat! <cr> bug
https://exchange.xforce.ibmcloud.com/vulnerabilities/6423
XF:thebat-pop3-dos(6423)
CVE-2001-0676
Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment.
2002-03-09
2002-03-01
CVE-2001-0676
http://www.securityfocus.com/archive/1/154359
BUGTRAQ:20010104 SECURITY.NNOV advisory - The Bat! directory traversal (public release)
https://exchange.xforce.ibmcloud.com/vulnerabilities/5871
XF:thebat-attachment-directory-traversal(5871)
CVE-2001-0677
Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user.
2002-03-09
2002-03-01
CVE-2001-0677
http://www.securityfocus.com/bid/2616
BID:2616
http://www.securityfocus.com/archive/1/177369
BUGTRAQ:20010418 Eudora file leakage problem (still)
http://www.osvdb.org/3085
OSVDB:3085
https://exchange.xforce.ibmcloud.com/vulnerabilities/6431
XF:eudora-plain-text-attachment(6431)
CVE-2001-0678
A buffer overflow in reggo.dll file used by Trend Micro InterScan VirusWall prior to 3.51 build 1349 for Windows NT 3.5 and InterScan WebManager 1.2 allows a local attacker to execute arbitrary code.
2001-08-29
2017-12-18
CVE-2001-0678
http://www.securityfocus.com/archive/1/185383
BUGTRAQ:20010519 TrendMicro Interscan VirusWall RegGo.dll BOf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6575
XF:interscan-reggo-bo(6575)
CVE-2001-0679
A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote attacker to execute arbitrary code by sending a long HELO command to the server.
2001-09-12
2017-12-18
CVE-2001-0679
http://marc.info/?l=bugtraq&m=94204166130782&w=2
BUGTRAQ:19991108 Patch for VirusWall 3.23.
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9911&L=NTBUGTRAQ&P=R2331
NTBUGTRAQ:19991108 Interscan VirusWall NT 3.23/3.3 buffer overflow.
http://marc.info/?l=ntbugtraq&m=94208143007829&w=2
NTBUGTRAQ:19991108 Patch for VirusWall 3.23.
http://marc.info/?l=ntbugtraq&m=94216491202063&w=2
NTBUGTRAQ:19991109 InterScan VirusWall 3.23/3.3 Buffer Overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/3465
XF:viruswall-helo-bo(3465)
CVE-2001-0680
Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command.
2002-03-09
2002-03-01
CVE-2001-0680
http://www.securityfocus.com/bid/2618
BID:2618
http://www.securityfocus.com/archive/1/176712
BUGTRAQ:20010413 QPC FTPd Directory Traversal and BoF Vulnerabilities
http://online.securityfocus.com/archive/1/216555
BUGTRAQ:20010925 Vulnerabilities in QVT/Term
http://www.osvdb.org/1794
OSVDB:1794
http://www.osvdb.org/4050
OSVDB:4050
https://exchange.xforce.ibmcloud.com/vulnerabilities/6375
XF:qpc-ftpd-directory-traversal(6375)
CVE-2001-0681
Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a remote attacker to cause a denial of service via a long (1) username or (2) password.
2001-08-29
2017-12-18
CVE-2001-0681
http://www.securityfocus.com/archive/1/176712
BUGTRAQ:20010413 QPC FTPd Directory Traversal and BoF Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/6376
XF:qpc-ftpd-bo(6376)
CVE-2001-0682
ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.
2002-03-09
2002-03-01
CVE-2001-0682
http://marc.info/?l=ntbugtraq&m=97818917222992&w=2
NTBUGTRAQ:20001230 [DiamondCS Advisory] ZoneAlarm and ZoneAlarm Pro can be blocked from loading by setting a Mutex in memory
https://exchange.xforce.ibmcloud.com/vulnerabilities/5821
XF:zonealarm-mutex-dos(5821)
CVE-2001-0683
Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service (memory exhaustion) by repeatedly sending approximately 5K of data to TCP port 5238.
2001-08-29
2017-12-18
CVE-2001-0683
http://www.securityfocus.com/archive/1/165516
BUGTRAQ:20010226 def-2001-08: Netscape Collabra DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6158
XF:netscape-collabra-kernel-dos(6158)
CVE-2001-0684
Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to cause a denial of service by sending seven or more characters to TCP port 5239.
2001-08-29
2017-12-18
CVE-2001-0684
http://www.securityfocus.com/archive/1/165516
BUGTRAQ:20010226 def-2001-08: Netscape Collabra DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6159
XF:netscape-collabra-cpu-dos(6159)
CVE-2001-0685
Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file.
2002-03-09
2002-02-24
CVE-2001-0685
http://www.securityfocus.com/bid/2835
BID:2835
http://marc.info/?l=bugtraq&m=98339581702282&w=2
BUGTRAQ:20010228 fcron 0.9.5 is vulnerable to a symlink attack
http://fcron.free.fr/CHANGES.html
CONFIRM:http://fcron.free.fr/CHANGES.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7127
XF:fcron-tmpfile-symlink(7127)
CVE-2001-0686
Buffer overflow in mail included with SunOS 5.8 for x86 allows a local user to gain privileges via a long HOME environment variable.
2002-03-09
2002-02-24
CVE-2001-0686
http://www.securityfocus.com/bid/2819
BID:2819
http://archives.neohapsis.com/archives/bugtraq/2001-06/0000.html
BUGTRAQ:20010604 $HOME buffer overflow in SunOS 5.8 x86
SUNBUG:4465086
https://exchange.xforce.ibmcloud.com/vulnerabilities/6638
XF:solaris-mail-home-bo(6638)
CVE-2001-0687
Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker to retrieve privileged web server system information by (1) issuing a CD command (CD C:) followed by the LS command, (2) specifying arbitrary paths in the UNC format (\\computername\sharename).
2001-08-29
2017-12-18
CVE-2001-0687
http://www.securityfocus.com/bid/2853
BID:2853
http://www.securityfocus.com/archive/1/190032
BUGTRAQ:20010610 Broker FTP Server 5.9.5.0 Buffer Overflow / DoS / Directory Traversal
https://exchange.xforce.ibmcloud.com/vulnerabilities/6674
XF:broker-ftp-cd-directory-traversal(6674)
CVE-2001-0688
Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial of service by repeatedly issuing an invalid CD or CWD ("CD . .") command.
2001-08-29
2003-05-08
CVE-2001-0688
http://www.securityfocus.com/bid/2851
BID:2851
http://www.securityfocus.com/archive/1/190032
BUGTRAQ:20010610 Broker FTP Server 5.9.5.0 Buffer Overflow / DoS / Directory Traversal
CVE-2001-0689
Vulnerability in TrendMicro Virus Control System 1.8 allows a remote attacker to view configuration files and change the configuration via a certain CGI program.
2001-08-29
2002-06-05
CVE-2001-0689
http://archives.neohapsis.com/archives/bugtraq/2001-06/0065.html
BUGTRAQ:20010607 [SNS Advisory No.29] Trend Micro Virus Control System(VCS)
CVE-2001-0690
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
2002-03-09
2002-02-24
CVE-2001-0690
http://www.securityfocus.com/bid/2828
BID:2828
http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.html
BUGTRAQ:20010606 lil' exim format bug
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402
CONECTIVA:CLA-2001:402
http://www.debian.org/security/2001/dsa-058
DEBIAN:DSA-058
http://www.redhat.com/support/errata/RHSA-2001-078.html
REDHAT:RHSA-2001:078
https://exchange.xforce.ibmcloud.com/vulnerabilities/6671
XF:exim-syntax-format-string(6671)
CVE-2001-0691
Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
2001-08-29
2002-08-16
CVE-2001-0691
http://www.securityfocus.com/bid/2856
BID:2856
http://www.securityfocus.com/advisories/3352
MANDRAKE:MDKSA-2001:054
http://www.redhat.com/support/errata/RHSA-2001-094.html
REDHAT:RHSA-2001:094
http://www.iss.net/security_center/static/6269.php
XF:imap-ipop2d-ipop3d-bo(6269)
CVE-2001-0692
SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a remote attacker to bypass firewall filtering via a base64 MIME encoded email attachment whose boundary name ends in two dashes.
2002-03-09
2002-02-11
CVE-2001-0692
http://www.securityfocus.com/bid/2855
BID:2855
http://www.securityfocus.com/archive/1/189783
BUGTRAQ:20010608 WatchGuard SMTP Proxy issue
http://marc.info/?l=bugtraq&m=99379787421319&w=2
BUGTRAQ:20010628 RE: WatchGuard SMTP Proxy issue
https://exchange.xforce.ibmcloud.com/vulnerabilities/6682
XF:firebox-smtp-bypass-filter(6682)
CVE-2001-0693
WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20).
2001-08-29
2017-12-18
CVE-2001-0693
http://www.securityfocus.com/bid/2812
BID:2812
http://marc.info/?l=bugtraq&m=99166905208903&w=2
BUGTRAQ:20010603 Webtrends HTTP Server %20 bug
https://exchange.xforce.ibmcloud.com/vulnerabilities/6639
XF:webtrends-unicode-reveal-source(6639)
CVE-2001-0694
Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command.
2001-08-29
2003-05-08
CVE-2001-0694
http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0454.html
VULN-DEV:20010525 WFTPD 32-bit (X86) 3.00 R5 Directory Traversal / Buffer Overflow / DoS
CVE-2001-0695
WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by making repeated requests to cd to the floppy drive (A:\).
2001-08-29
2017-12-18
CVE-2001-0695
http://www.securityfocus.com/archive/1/182054
BUGTRAQ:20010503 Potential DOS Vulnerability in WFTPD
https://exchange.xforce.ibmcloud.com/vulnerabilities/6496
XF:wftpd-cd-dos(6496)
CVE-2001-0696
NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.
2002-03-09
2002-03-01
CVE-2001-0696
http://www.securityfocus.com/bid/2891
BID:2891
http://www.securityfocus.com/archive/1/191916
BUGTRAQ:20010619 SurgeFTP vulnerabilities
http://netwinsite.com/surgeftp/manual/updates.htm
MISC:http://netwinsite.com/surgeftp/manual/updates.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/6712
XF:surgeftp-concon-dos(6712)
CVE-2001-0697
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
2002-03-09
2002-03-01
CVE-2001-0697
http://www.securityfocus.com/bid/2442
BID:2442
http://www.securityfocus.com/archive/1/165816
BUGTRAQ:20010228 SurgeFTP Denial of Service
http://netwinsite.com/surgeftp/manual/updates.htm
CONFIRM:http://netwinsite.com/surgeftp/manual/updates.htm
http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200
WIN2KSEC:20010301 SurgeFTP 1.0b Denial of Service
https://exchange.xforce.ibmcloud.com/vulnerabilities/6168
XF:surgeftp-listing-dos(6168)
CVE-2001-0698
Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command.
2002-03-09
2002-02-24
CVE-2001-0698
http://www.securityfocus.com/bid/2892
BID:2892
http://www.securityfocus.com/archive/1/191916
BUGTRAQ:20010619 SurgeFTP vulnerabilities
http://www.netwinsite.com/surgeftp/manual/updates.htm
CONFIRM:http://www.netwinsite.com/surgeftp/manual/updates.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/6711
XF:surgeftp-nlist-directory-traversal(6711)
CVE-2001-0699
Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument.
2002-03-09
2002-02-24
CVE-2001-0699
http://www.securityfocus.com/bid/2893
BID:2893
http://www.securityfocus.com/archive/1/192299
BUGTRAQ:20010620 Solaris /opt/SUNWssp/bin/cb_reset Vulnerability
SUNBUG:4469366
https://exchange.xforce.ibmcloud.com/vulnerabilities/6726
XF:sun-cbreset-bo(6726)
CVE-2001-0700
Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header.
2002-03-09
2002-02-11
CVE-2001-0700
http://www.securityfocus.com/bid/2895
BID:2895
http://www.securityfocus.com/archive/1/192371
BUGTRAQ:20010621 [SNS Advisory No.32] w3m malformed MIME header Buffer Overflow Vulnerability
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000434
CONECTIVA:CLA-2001:434
http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html
CONFIRM:http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html
http://www.debian.org/security/2001/dsa-064
DEBIAN:DSA-064
http://www.debian.org/security/2001/dsa-081
DEBIAN:DSA-081
https://exchange.xforce.ibmcloud.com/vulnerabilities/6725
XF:w3m-mime-header-bo(6725)
CVE-2001-0701
Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument.
2002-03-09
2002-02-24
CVE-2001-0701
http://www.securityfocus.com/bid/2898
BID:2898
http://www.securityfocus.com/archive/1/192667
BUGTRAQ:20010621 Solaris /opt/SUNWvts/bin/ptexec Vulnerability
SUNBUG:4469370
https://exchange.xforce.ibmcloud.com/vulnerabilities/6736
XF:sunvts-ptexec-bo(6736)
CVE-2001-0702
Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long (1) username, (2) password, or (3) PASV command.
2001-08-29
2017-12-18
CVE-2001-0702
http://www.securityfocus.com/bid/2901
BID:2901
http://www.securityfocus.com/archive/1/192655
BUGTRAQ:20010621 Cerberus FTP Server 1.x Remote DoS attack Vulnerability
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00070.html
BUGTRAQ:20010704 CesarFTPd, Cerberus FTPd
https://exchange.xforce.ibmcloud.com/vulnerabilities/6728
XF:cerberus-ftp-bo(6728)
CVE-2001-0703
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to cause a denial of service via a URL request with an MS-DOS device name in the template parameter.
2001-08-29
2017-12-18
CVE-2001-0703
http://www.securityfocus.com/bid/2905
BID:2905
http://www.securityfocus.com/archive/1/192651
BUGTRAQ:20010621 NERF Advisory #2 - 1C:Arcadia multiple vulnerablilities.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6739
XF:arcadia-tradecli-dos(6739)
CVE-2001-0704
tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to discover the full path to the working directory via a URL with a template argument for a file that does not exist.
2001-08-29
2017-12-18
CVE-2001-0704
http://www.securityfocus.com/bid/2904
BID:2904
http://www.securityfocus.com/archive/1/192651
BUGTRAQ:20010621 NERF Advisory #2 - 1C:Arcadia multiple vulnerablilities.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6738
XF:arcadia-tradecli-reveal-path(6738)
CVE-2001-0705
Directory traversal vulnerability in tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to read arbitrary files on the web server via a URL with "dot dot" sequences in the template argument.
2001-08-29
2017-12-18
CVE-2001-0705
http://www.securityfocus.com/bid/2902
BID:2902
http://www.securityfocus.com/archive/1/192651
BUGTRAQ:20010621 NERF Advisory #2 - 1C:Arcadia multiple vulnerablilities.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6737
XF:arcadia-tradecli-directory-traversal(6737)
CVE-2001-0706
Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders.
2002-03-09
2002-03-01
CVE-2001-0706
http://www.securityfocus.com/bid/2864
BID:2864
http://www.securityfocus.com/archive/1/190932
BUGTRAQ:20010612 Rumpus FTP DoS vol. 2
https://exchange.xforce.ibmcloud.com/vulnerabilities/6699
XF:rumpus-ftp-directory-dos(6699)
CVE-2001-0707
Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a denial of service (crash) via a long string to port 514.
2001-08-29
2017-12-18
CVE-2001-0707
http://www.securityfocus.com/archive/1/183911
BUGTRAQ:20010503 Denicomp REXECD/RSHD Denial of Service Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6523
XF:denicomp-rshd-dos(6523)
CVE-2001-0708
Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a denial of service (crash) via a long string.
2001-08-29
2017-12-18
CVE-2001-0708
http://www.securityfocus.com/archive/1/183911
BUGTRAQ:20010503 Denicomp REXECD/RSHD Denial of Service Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6524
XF:denicomp-rexecd-dos(6524)
CVE-2001-0709
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
2001-08-29
2017-12-18
CVE-2001-0709
http://www.securityfocus.com/bid/2909
BID:2909
http://www.securityfocus.com/archive/1/192802
BUGTRAQ:20010622 [VIGILANTE-2001001] ASP source code retrieved with Unicode extens ion
https://exchange.xforce.ibmcloud.com/vulnerabilities/6742
XF:iis-unicode-asp-disclosure(6742)
CVE-2001-0710
NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool.
2002-03-09
2002-02-24
CVE-2001-0710
http://www.securityfocus.com/bid/2799
BID:2799
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:52.fragment.asc
FREEBSD:FreeBSD-SA-01:52
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-006.txt.asc
NETBSD:NetBSD-SA2001-006
https://exchange.xforce.ibmcloud.com/vulnerabilities/6636
XF:bsd-ip-fragments-dos(6636)
CVE-2001-0711
Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string.
2001-09-12
2017-12-18
CVE-2001-0711
http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml
CISCO:20010207 Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6169
XF:cisco-ios-modify-snmp(6169)
CVE-2001-0712
The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is placed in a file whose MIME type does not normally support scripting, such as text (.txt), JPEG (.jpg), etc.
2001-10-12
2003-03-21
CVE-2001-0712
http://www.securityfocus.com/bid/3116
BID:3116
http://www.securityfocus.com/archive/1/200109
BUGTRAQ:20010727 TXT or HTML? -- IE NEW BUG
http://www.securityfocus.com/archive/1/200291
BUGTRAQ:20010729 Re: TXT or HTML? -- IE NEW BUG
CVE-2001-0713
Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as (1) macro names that are one character long, (2) a variable setting which is processed by the setoption function, or (3) a Modifiers setting which is processed by the getmodifiers function.
2001-10-12
2005-07-01
CVE-2001-0713
http://www.securityfocus.com/bid/3377
BID:3377
http://razor.bindview.com/publish/advisories/adv_sm812.html
BINDVIEW:20011001 Multiple Local Sendmail Vulnerabilities
http://www.iss.net/security_center/static/7192.php
XF:sendmail-setregid-gain-privileges(7192)
CVE-2001-0714
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h), which causes Sendmail to drop queue entries, (2) via the -qR option, or (3) via the -qS option.
2001-10-12
2005-07-03
CVE-2001-0714
http://razor.bindview.com/publish/advisories/adv_sm812.html
BINDVIEW:20011001 Multiple Local Sendmail Vulnerabilities
ftp://patches.sgi.com/support/free/security/advisories/20011101-01-I
SGI:20011101-01-I
CVE-2001-0715
Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode.
2001-10-12
2005-07-03
CVE-2001-0715
http://razor.bindview.com/publish/advisories/adv_sm812.html
BINDVIEW:20011001 Multiple Local Sendmail Vulnerabilities
ftp://patches.sgi.com/support/free/security/advisories/20011101-01-I
SGI:20011101-01-I
CVE-2001-0716
Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.
2002-03-09
2002-02-25
CVE-2001-0716
http://www.securityfocus.com/bid/3440
BID:3440
http://xforce.iss.net/alerts/advise99.php
ISS:20011016 Citrix MetaFrame Remote Denial of Service Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/7068
XF:metaframe-multiple-sessions-dos(7068)
CVE-2001-0717
Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function.
2002-03-09
2002-02-24
CVE-2001-0717
http://www.securityfocus.com/bid/3382
BID:3382
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.28/CSSA-2001-SCO.28.txt
CALDERA:CSSA-2001-SCO.28
http://www.cert.org/advisories/CA-2001-27.html
CERT:CA-2001-27
http://www.ciac.org/ciac/bulletins/m-002.shtml
CIAC:M-002
http://ftp.support.compaq.com/patches/.new/html/SSRT0767U.shtml
COMPAQ:SSRT0767U
http://online.securityfocus.com/advisories/3584
HP:HPSBUX0110-168
http://xforce.iss.net/alerts/advise98.php
ISS:20011002 Multi-Vendor Format String Vulnerability in ToolTalk Service
http://securitytracker.com/id?1002479
SECTRACK:1002479
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/212
SUN:00212
https://exchange.xforce.ibmcloud.com/vulnerabilities/7069
XF:tooltalk-ttdbserverd-format-string(7069)
CVE-2001-0718
Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
2002-03-09
2002-03-01
CVE-2001-0718
http://www.securityfocus.com/bid/3402
BID:3402
http://online.securityfocus.com/archive/1/218802
BUGTRAQ:20011005 Symantec Security Response SecBul-10042001, Revision1, Malformed Microsoft Excel or PowerPoint documents bypass Microsoft macro security features
http://www.cert.org/advisories/CA-2001-28.html
CERT:CA-2001-28
http://www.kb.cert.org/vuls/id/287067
CERT-VN:VU#287067
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-050
MS:MS01-050
https://exchange.xforce.ibmcloud.com/vulnerabilities/7223
XF:ms-malformed-document-macro(7223)
CVE-2001-0719
Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.
2002-03-09
2002-02-24
CVE-2001-0719
http://www.securityfocus.com/bid/3156
BID:3156
http://online.securityfocus.com/archive/1/202470
BUGTRAQ:20010807 MS Windows Media Player ASF Marker Buffer Overflow
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-056
MS:MS01-056
http://www.osvdb.org/5558
OSVDB:5558
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A287
OVAL:oval:org.mitre.oval:def:287
http://www.iss.net/security_center/static/6962.php
XF:mediaplayer-asf-marker-bo(6962)
CVE-2001-0720
Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.
2002-03-09
2001-11-28
CVE-2001-0720
http://www.securityfocus.com/bid/3471
BID:3471
http://www.ciac.org/ciac/bulletins/m-013.shtml
CIAC:M-013
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-053
MS:MS01-053
https://exchange.xforce.ibmcloud.com/vulnerabilities/7336
XF:ie-mac-downloaded-file-execution(7336)
CVE-2001-0721
Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request.
2001-11-22
2018-10-12
CVE-2001-0721
http://marc.info/?l=bugtraq&m=100467787323377&w=2
BUGTRAQ:20011101 Three Windows XP UPNP DOS attacks
http://marc.info/?l=bugtraq&m=100528449024158&w=2
BUGTRAQ:20011109 Important Information Regarding MS01-054 and WindowsME
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-054
MS:MS01-054
CVE-2001-0722
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."
2002-03-09
2002-02-24
CVE-2001-0722
http://www.securityfocus.com/bid/3513
BID:3513
http://www.securityfocus.com/archive/1/221612
BUGTRAQ:20011019 Minor IE vulnerability: about: URLs
http://marc.info/?l=bugtraq&m=100527618108521&w=2
BUGTRAQ:20011108 Microsoft IE cookies readable via about: URLS
http://www.ciac.org/ciac/bulletins/m-016.shtml
CIAC:M-016
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-055
MS:MS01-055
http://www.osvdb.org/1982
OSVDB:1982
https://exchange.xforce.ibmcloud.com/vulnerabilities/7486
XF:ie-about-cookie-information(7486)
CVE-2001-0723
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability."
2002-03-09
2002-02-26
CVE-2001-0723
http://www.securityfocus.com/bid/3546
BID:3546
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-055
MS:MS01-055
CVE-2001-0724
Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664.
2003-04-02
2006-09-10
CVE-2001-0724
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-055
MS:MS01-055
http://www.osvdb.org/5556
OSVDB:5556
https://exchange.xforce.ibmcloud.com/vulnerabilities/8471
XF:ie-incorrect-security-zone-variant(8471)
CVE-2001-0725
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0725
CVE-2001-0726
Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.
2002-06-25
2002-06-15
CVE-2001-0726
http://www.securityfocus.com/bid/3650
BID:3650
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-057
MS:MS01-057
http://www.osvdb.org/5557
OSVDB:5557
https://exchange.xforce.ibmcloud.com/vulnerabilities/7663
XF:exchange-owa-embedded-script-execution(7663)
CVE-2001-0727
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."
2002-06-25
2002-06-15
CVE-2001-0727
http://www.securityfocus.com/bid/3578
BID:3578
http://marc.info/?l=bugtraq&m=100835204509262&w=2
BUGTRAQ:20011214 MSIE may download and run progams automatically
http://marc.info/?l=bugtraq&m=100861273114437&w=2
BUGTRAQ:20011216 Re: MSIE may download and run progams automatically - NOT SO FAST
http://www.cert.org/advisories/CA-2001-36.html
CERT:CA-2001-36
http://www.kb.cert.org/vuls/id/443699
CERT-VN:VU#443699
http://www.ciac.org/ciac/bulletins/m-027.shtml
CIAC:M-027
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-058
MS:MS01-058
http://www.osvdb.org/3033
OSVDB:3033
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A921
OVAL:oval:org.mitre.oval:def:921
https://exchange.xforce.ibmcloud.com/vulnerabilities/7703
XF:ie-file-download-execution(7703)
CVE-2001-0728
Buffer overflow in Compaq Management Agents before 5.2, included in Compaq Web-enabled Management Software, allows local users to gain privileges.
2002-03-09
2002-02-24
CVE-2001-0728
http://www.securityfocus.com/bid/3376
BID:3376
http://www.kb.cert.org/vuls/id/275979
CERT-VN:VU#275979
http://www.compaq.com/products/servers/management/mgtsw-advisory2.html
COMPAQ:SSRT0758
https://exchange.xforce.ibmcloud.com/vulnerabilities/7189
XF:compaq-wbm-bo(7189)
CVE-2001-0729
Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
2001-10-12
2021-06-06
CVE-2001-0729
http://www.securityfocus.com/bid/22083
BID:22083
http://www.apacheweek.com/issues/01-09-28#security
CONFIRM:http://www.apacheweek.com/issues/01-09-28#security
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://securitytracker.com/id?1017522
SECTRACK:1017522
http://secunia.com/advisories/23794
SECUNIA:23794
CVE-2001-0730
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
2002-03-09
2021-06-06
CVE-2001-0730
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000430
CONECTIVA:CLA-2001:430
http://www.apacheweek.com/issues/01-09-28#security
CONFIRM:http://www.apacheweek.com/issues/01-09-28#security
http://www.linuxsecurity.com/advisories/other_advisory-1649.html
ENGARDE:ESA-20011019-01
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:077
MANDRAKE:MDKSA-2001:077
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://www.redhat.com/support/errata/RHSA-2001-126.html
REDHAT:RHSA-2001:126
http://www.redhat.com/support/errata/RHSA-2001-164.html
REDHAT:RHSA-2001:164
https://exchange.xforce.ibmcloud.com/vulnerabilities/7419
XF:apache-log-file-overwrite(7419)
CVE-2001-0731
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
2002-06-25
2021-06-06
CVE-2001-0731
http://www.securityfocus.com/bid/3009
BID:3009
http://www.securityfocus.com/archive/1/20010709214744.A28765@brasscannon.net
BUGTRAQ:20010709 How Google indexed a file with no external link
http://www.apacheweek.com/issues/01-10-05#security
CONFIRM:http://www.apacheweek.com/issues/01-10-05#security
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:077
MANDRAKE:MDKSA-2001:077
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://www.redhat.com/support/errata/RHSA-2001-126.html
REDHAT:RHSA-2001:126
http://www.redhat.com/support/errata/RHSA-2001-164.html
REDHAT:RHSA-2001:164
ftp://patches.sgi.com/support/free/security/advisories/20020301-01-P
SGI:20020301-01-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/8275
XF:apache-multiviews-directory-listing(8275)
CVE-2001-0733
The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code.
2002-03-09
2002-03-01
CVE-2001-0733
http://www.securityfocus.com/bid/2912
BID:2912
http://www.securityfocus.com/archive/1/192711
BUGTRAQ:20010621 bugtraq submission
https://exchange.xforce.ibmcloud.com/vulnerabilities/6743
XF:eperl-embedded-code-execution(6743)
CVE-2001-0734
Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local user to gain privileges via modified Status Register contents, which are not properly handled by (1) the sigreturn system call or (2) the process_write_regs kernel routine.
2001-10-12
2017-12-18
CVE-2001-0734
http://www.securityfocus.com/bid/2810
BID:2810
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-008.txt.asc
NETBSD:NetBSD-SA2001-008
https://exchange.xforce.ibmcloud.com/vulnerabilities/6637
XF:bsd-sh3-sigreturn-privileges(6637)
CVE-2001-0735
Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.
2001-10-12
2017-12-18
CVE-2001-0735
http://www.securityfocus.com/bid/2914
BID:2914
http://www.securityfocus.com/archive/1/192844
BUGTRAQ:20010621 cfingerd local vulnerability (possibly root)
http://www.securityfocus.com/archive/1/01071120191900.00788@localhost.localdomain
BUGTRAQ:20010711 Another exploit for cfingerd <= 1.4.3-8
http://www.debian.org/security/2001/dsa-066
DEBIAN:DSA-066
https://exchange.xforce.ibmcloud.com/vulnerabilities/6744
XF:cfingerd-util-bo(6744)
CVE-2001-0736
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
2001-10-12
2017-12-18
CVE-2001-0736
http://marc.info/?l=bugtraq&m=98749102621604&w=2
BUGTRAQ:20010416 Immunix OS Security update for pine
http://marc.info/?l=bugtraq&m=99106787825229&w=2
BUGTRAQ:20010527 [ESA-20010509-01] pine temporary file handling vulnerabilities
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-047.php3?dis=8.0
MANDRAKE:MDKSA-2001:047
http://www.redhat.com/support/errata/RHSA-2001-042.html
REDHAT:RHSA-2001:042
https://exchange.xforce.ibmcloud.com/vulnerabilities/6367
XF:pine-tmp-file-symlink(6367)
CVE-2001-0737
A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack.
2001-10-12
2017-12-18
CVE-2001-0737
http://www.securityfocus.com/bid/2738
BID:2738
http://www.securityfocus.com/archive/1/185003
BUGTRAQ:20010516 logitech wireless devices: man-in-the-middle attack
http://www.securityfocus.com/archive/1/3B0A36C8.E9D8610@daten-treuhand.de
BUGTRAQ:20010522 Logitech vulnerability (DoS, man-in-the-middle-attack) - Resend
https://exchange.xforce.ibmcloud.com/vulnerabilities/6562
XF:logitech-wireless-unauthorized-access(6562)
CVE-2001-0738
LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.
2002-03-09
2002-02-25
CVE-2001-0738
http://marc.info/?l=bugtraq&m=99258618906506&w=2
BUGTRAQ:20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0
http://www.kb.cert.org/vuls/id/249579
CERT-VN:VU#249579
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01
IMMUNIX:IMNX-2001-70-026-01
https://exchange.xforce.ibmcloud.com/vulnerabilities/7098
XF:klogd-null-byte-dos(7098)
CVE-2001-0739
Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges.
2002-03-09
2002-03-01
CVE-2001-0739
http://www.linuxsecurity.com/advisories/other_advisory-1404.html
ENGARDE:ESA-20010529-02
http://www.redhat.com/support/errata/RHSA-2001-126.html
REDHAT:RHSA-2001:126
https://exchange.xforce.ibmcloud.com/vulnerabilities/7404
XF:linux-webtool-inherit-privileges(7404)
CVE-2001-0740
3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability.
2002-03-09
2002-03-01
CVE-2001-0740
http://www.securityfocus.com/bid/2721
BID:2721
http://archives.neohapsis.com/archives/bugtraq/2001-05/0115.html
BUGTRAQ:20010515 3COM OfficeConnect DSL router vulneratibilities
http://marc.info/?l=bugtraq&m=100119572524232&w=2
BUGTRAQ:20010921 3Com OfficeConnect 812/840 Router DoS exploit code
http://marc.info/?l=bugtraq&m=100137290421828&w=2
BUGTRAQ:20010924 Regarding: 3Com OfficeConnect 812/840 Router DoS exploit code
https://exchange.xforce.ibmcloud.com/vulnerabilities/6573
XF:3com-officeconnect-http-dos(6573)
CVE-2001-0741
Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets.
2004-09-01
2003-03-27
CVE-2001-0741
http://www.securityfocus.com/bid/2684
BID:2684
http://archives.neohapsis.com/archives/bugtraq/2001-05/0035.html
BUGTRAQ:20010503 Cisco HSRP Weakness/DoS
http://www.cisco.com/networkers/nw00/pres/2402.pdf
MISC:http://www.cisco.com/networkers/nw00/pres/2402.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6497
XF:cisco-hsrp-dos(6497)
CVE-2001-0742
Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows remote attackers to run arbitrary code via a long HELO command.
2001-10-12
2003-05-08
CVE-2001-0742
http://www.securiteam.com/windowsntfocus/5UP0B204AY.html
MISC:http://www.securiteam.com/windowsntfocus/5UP0B204AY.html
CVE-2001-0743
Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands.
2001-10-12
2002-02-02
CVE-2001-0743
http://www.securityfocus.com/bid/2814
BID:2814
http://archives.neohapsis.com/archives/bugtraq/2001-05/0326.html
BUGTRAQ:20010602 O'Reilly WebBoard 4.10.30 JavaScript code execution problem
CVE-2001-0744
Horde IMP 2.2.4 and earlier allows local users to overwrite files via a symlink attack on a temporary file.
2001-10-12
2002-02-20
CVE-2001-0744
http://archives.neohapsis.com/archives/bugtraq/2001-05/0303.html
BUGTRAQ:20010531 Imp-2.2.4 temporary files
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-025.0.txt
CALDERA:CSSA-2001-025.0
http://www.horde.org/imp/2.2/news.php
CONFIRM:http://www.horde.org/imp/2.2/news.php
CVE-2001-0745
Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property.
2002-03-09
2002-02-25
CVE-2001-0745
http://archives.neohapsis.com/archives/bugtraq/2001-06/0014.html
BUGTRAQ:20010605 SECURITY.NNOV: Netscape 4.7x Messanger user information retrival
http://www.osvdb.org/5543
OSVDB:5543
https://exchange.xforce.ibmcloud.com/vulnerabilities/7417
XF:netscape-user-info-retrieval(7417)
CVE-2001-0746
Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods.
2001-10-12
2017-12-18
CVE-2001-0746
http://www.securityfocus.com/bid/2732
BID:2732
http://archives.neohapsis.com/archives/bugtraq/2001-05/0132.html
BUGTRAQ:20010515 iPlanet - Netscape Enterprise Web Publisher Buffer Overflow
http://iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html
CONFIRM:http://iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6554
XF:netscape-enterprise-uri-bo(6554)
CVE-2001-0747
Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, service packs 3 through 7, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long method name in an HTTP request.
2001-10-12
2017-08-16
CVE-2001-0747
http://archives.neohapsis.com/archives/bugtraq/2001-05/0203.html
BUGTRAQ:20010518 Netscape Enterprise Server 4 Method and URI overflow
http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html
CONFIRM:http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert5.11.html
CVE-2001-0748
Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.
2003-04-02
2007-06-25
CVE-2001-0748
http://www.securityfocus.com/bid/2809
BID:2809
http://www.securityfocus.com/archive/1/188141
BUGTRAQ:20010531 Acme.Server v1.7 of 13nov96 Directory Browsing
http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml
CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
http://www.osvdb.org/5544
OSVDB:5544
http://www.iss.net/security_center/static/6634.php
XF:acme-serve-directory-traversal(6634)
CVE-2001-0749
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root.
2004-09-01
2004-07-22
CVE-2001-0749
http://www.securityfocus.com/bid/2775
BID:2775
http://www.securityfocus.com/archive/1/186418
BUGTRAQ:20010524 IPC@Chip Security
https://exchange.xforce.ibmcloud.com/vulnerabilities/8922
XF:ipcchip-web-root-system(8922)
CVE-2001-0750
Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999.
2002-03-09
2009-03-01
CVE-2001-0750
http://www.securityfocus.com/bid/2804
BID:2804
http://www.cisco.com/warp/public/707/ios-tcp-scanner-reload-pub.shtml
CISCO:20010524 IOS Reload after Scanning Vulnerability
http://www.osvdb.org/800
OSVDB:800
https://exchange.xforce.ibmcloud.com/vulnerabilities/6589
XF:cisco-ios-tcp-dos(6589)
CVE-2001-0751
Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.
2002-03-09
2002-03-01
CVE-2001-0751
http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html
CISCO:20010522 More Multiple Vulnerabilities in CBOS
https://exchange.xforce.ibmcloud.com/vulnerabilities/139
XF:tcp-seq-predict(139)
CVE-2001-0752
Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set.
2002-03-09
2002-03-01
CVE-2001-0752
http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html
CISCO:20010522 More Multiple Vulnerabilities in CBOS
http://www.osvdb.org/5573
OSVDB:5573
https://exchange.xforce.ibmcloud.com/vulnerabilities/7298
XF:cisco-cbos-record-dos(7298)
CVE-2001-0753
Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges.
2001-10-12
2017-07-10
CVE-2001-0753
http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html
CISCO:20010522 More Multiple Vulnerabilities in CBOS
https://exchange.xforce.ibmcloud.com/vulnerabilities/44544
XF:cisco-cbos-execenable-info-disclosure(44544)
CVE-2001-0754
Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets.
2002-03-09
2002-03-01
CVE-2001-0754
http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html
CISCO:20010522 More Multiple Vulnerabilities in CBOS
https://exchange.xforce.ibmcloud.com/vulnerabilities/7299
XF:cisco-cbos-multiple-echo(7299)
CVE-2001-0755
Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows attackers to cause a denial of service and possibly execute arbitrary code via a long SITE command.
2001-10-12
2004-10-19
CVE-2001-0755
http://archives.neohapsis.com/archives/bugtraq/2001-05/0188.html
BUGTRAQ:20010518 Tamersahin.net Security Announcement: Debian 2.2 is 2.2r3 Ftpd Daemon Buffer Owerflow Vulnerability
CVE-2001-0756
CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualCart) allows remote attackers to execute arbitrary code via the template parameter.
2001-10-12
2016-10-17
CVE-2001-0756
http://archives.neohapsis.com/archives/bugtraq/2001-06/0067.html
BUGTRAQ:20010607 cgisecurity.com Advisory #5
http://marc.info/?l=bugtraq&m=99237435902211&w=2
BUGTRAQ:20010611 re: Advisory #5 Corrections.
CVE-2001-0757
Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet.
2002-03-09
2009-03-01
CVE-2001-0757
http://www.securityfocus.com/bid/2874
BID:2874
http://www.kb.cert.org/vuls/id/516659
CERT-VN:VU#516659
http://www.ciac.org/ciac/bulletins/l-097.shtml
CIAC:L-097
http://www.cisco.com/warp/public/707/6400-nrp2-telnet-vuln-pub.shtml
CISCO:20010614 Cisco 6400 NRP2 Telnet Vulnerability
http://www.osvdb.org/804
OSVDB:804
https://exchange.xforce.ibmcloud.com/vulnerabilities/6691
XF:cisco-nrp2-telnet-access(6691)
CVE-2001-0758
Directory traversal vulnerability in Shambala 4.5 allows remote attackers to escape the FTP root directory via "CWD ..." command.
2001-10-12
2002-07-31
CVE-2001-0758
http://www.securiteam.com/windowsntfocus/5SP011P4KC.html
MISC:http://www.securiteam.com/windowsntfocus/5SP011P4KC.html
CVE-2001-0759
Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows local users to execute arbitrary code via a file or directory with a long pathname, which is processed during an unmount.
2001-10-12
2003-05-08
CVE-2001-0759
http://www.securityfocus.com/bid/2875
BID:2875
http://www.securityfocus.com/archive/1/191111
BUGTRAQ:20010614 Buffer overflow in BestCrypt for Linux
CVE-2001-0760
Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.
2002-03-09
2002-02-25
CVE-2001-0760
http://www.securityfocus.com/bid/2956
BID:2956
http://www.securityfocus.com/archive/1/194449
BUGTRAQ:20010630 Nfuse reveals full path
http://www.securityfocus.com/archive/1/194522
BUGTRAQ:20010702 Re: Nfuse reveals full path
https://exchange.xforce.ibmcloud.com/vulnerabilities/6786
XF:citrix-nfuse-path-disclosure(6786)
CVE-2001-0761
Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1.2 allows remote attackers to execute arbitrary code via a long value to a certain parameter.
2001-10-12
2001-12-16
CVE-2001-0761
http://www.securityfocus.com/bid/2959
BID:2959
http://www.securityfocus.com/archive/1/194463
BUGTRAQ:20010702 [SNS Advisory No.36] TrendMicro InterScan WebManager Version 1.2 HttpSave.dll Buffer Overflow Vulnerability
CVE-2001-0762
Buffer overflow in su-wrapper 1.1.1 allows local users to execute arbitrary code via a long first argument.
2001-10-12
2002-05-03
CVE-2001-0762
http://archives.neohapsis.com/archives/bugtraq/2001-06/0057.html
BUGTRAQ:20010602 su-wrapper 1.1.1 Local root exploit.
CVE-2001-0763
Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.
2003-04-02
2002-08-20
CVE-2001-0763
http://www.securityfocus.com/bid/2840
BID:2840
http://archives.neohapsis.com/archives/bugtraq/2001-06/0064.html
BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1
http://www.ciac.org/ciac/bulletins/l-104.shtml
CIAC:L-104
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404
CONECTIVA:CLA-2001:404
http://www.debian.org/security/2001/dsa-063
DEBIAN:DSA-063
http://www.linuxsecurity.com/advisories/other_advisory-1469.html
ENGARDE:ESA-20010621-01
FREEBSD:FreeBSD-SA-01:47
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01
IMMUNIX:IMNX-2001-70-024-01
http://www.redhat.com/support/errata/RHSA-2001-075.html
REDHAT:RHSA-2001:075
SUSE:SA:2001:022
https://exchange.xforce.ibmcloud.com/vulnerabilities/6670
XF:xinetd-identd-bo(6670)
CVE-2001-0764
Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument.
2002-03-09
2002-02-02
CVE-2001-0764
http://www.securityfocus.com/bid/2911
BID:2911
http://www.securityfocus.com/archive/1/192664
BUGTRAQ:20010621 suid scotty (ntping) overflow (fwd)
http://www.novell.com/linux/security/advisories/2001_023_scotty_txt.html
SUSE:SuSE-SA:2001:023
http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0579.html
VULN-DEV:20010609 suid scotty / ntping overflow
http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0627.html
VULN-DEV:20010615 Re: suid scotty (ntping) overflow (fwd)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6735
XF:scotty-ntping-bo(6735)
CVE-2001-0765
BisonFTP V4R1 allows local users to access directories outside of their home directory by uploading .bdl files, which can then be linked to other directories.
2002-03-09
2002-02-25
CVE-2001-0765
http://www.securityfocus.com/bid/2963
BID:2963
http://archives.neohapsis.com/archives/bugtraq/2001-07/0025.html
BUGTRAQ:20010702 BisonFTP Server V4R1 *.bdl upload Directory Traversal
http://www.bisonftp.com/ServRev.htm
CONFIRM:http://www.bisonftp.com/ServRev.htm
http://www.osvdb.org/1888
OSVDB:1888
https://exchange.xforce.ibmcloud.com/vulnerabilities/6782
XF:bisonftp-bdl-directory-traversal(6782)
CVE-2001-0766
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
2001-10-12
2002-03-09
CVE-2001-0766
http://www.securityfocus.com/bid/2852
BID:2852
http://archives.neohapsis.com/archives/bugtraq/2001-06/0090.html
BUGTRAQ:20010610 Mac OS X - Apache & Case Insensitive Filesystems
CVE-2001-0767
Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a .. in (1) LS or (2) GET.
2001-10-12
2002-03-09
CVE-2001-0767
http://www.securityfocus.com/bid/2789
BID:2789
http://archives.neohapsis.com/archives/bugtraq/2001-05/0250.html
BUGTRAQ:20010526 GuildFTPD v0.97 Directory Traversal / Weak password encryption
http://www.nitrolic.com/
MISC:http://www.nitrolic.com/
CVE-2001-0768
GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file.
2001-10-12
2017-12-18
CVE-2001-0768
http://www.securityfocus.com/bid/2792
BID:2792
http://archives.neohapsis.com/archives/bugtraq/2001-05/0250.html
BUGTRAQ:20010526 GuildFTPD v0.97 Directory Traversal / Weak password encryption
https://exchange.xforce.ibmcloud.com/vulnerabilities/6611
XF:guildftpd-usr-plaintext-passwords(6611)
CVE-2001-0769
Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause a denial of service via a request containing a null character.
2002-06-25
2002-03-09
CVE-2001-0769
http://archives.neohapsis.com/archives/bugtraq/2001-05/0254.html
BUGTRAQ:20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6613
XF:guildftpd-null-memory-leak(6613)
CVE-2001-0770
Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command.
2002-06-25
2002-03-07
CVE-2001-0770
http://archives.neohapsis.com/archives/bugtraq/2001-05/0254.html
BUGTRAQ:20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS
http://www.nitrolic.com/help/history.htm
CONFIRM:http://www.nitrolic.com/help/history.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/6612
XF:guildftpd-site-bo(6612)
CVE-2001-0771
Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator access via a single character in the "loginpass" field.
2001-10-12
2017-12-18
CVE-2001-0771
http://www.securityfocus.com/bid/2755
BID:2755
http://www.securityfocus.com/archive/1/186006
BUGTRAQ:20010521 SpyAnywhere Authentication Bypassing Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/6578
XF:spyanywhere-weak-authentication(6578)
CVE-2001-0772
Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges.
2001-10-12
2017-12-18
CVE-2001-0772
http://archives.neohapsis.com/archives/hp/2001-q2/0044.html
HP:HPSBUX0105-151
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6022
OVAL:oval:org.mitre.oval:def:6022
https://exchange.xforce.ibmcloud.com/vulnerabilities/6585
XF:hpux-cde-bo(6585)
CVE-2001-0773
Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests.
2002-03-09
2002-02-25
CVE-2001-0773
http://www.securityfocus.com/bid/3001
BID:3001
http://www.securityfocus.com/archive/1/195644
BUGTRAQ:20010709 Cayman-DSL Model 3220-H DOS with nmap
http://www.kb.cert.org/vuls/id/312761
CERT-VN:VU#312761
https://exchange.xforce.ibmcloud.com/vulnerabilities/6825
XF:cayman-dsl-portscan-dos(6825)
CVE-2001-0774
Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files.
2002-03-09
2002-02-25
CVE-2001-0774
http://www.securityfocus.com/bid/3003
BID:3003
http://www.securityfocus.com/archive/1/195617
BUGTRAQ:20010709 Tripwire temporary files
http://www.kb.cert.org/vuls/id/349019
CERT-VN:VU#349019
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-064.php3
MANDRAKE:MDKSA-2001:064
http://www.osvdb.org/1895
OSVDB:1895
https://exchange.xforce.ibmcloud.com/vulnerabilities/6820
XF:tripwire-tmpfile-symlink(6820)
CVE-2001-0775
Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field.
2001-10-12
2016-05-13
CVE-2001-0775
http://www.securityfocus.com/bid/3006
BID:3006
http://www.securityfocus.com/archive/1/195823
BUGTRAQ:20010710 xloadimage remote exploit - tstot.c
http://www.debian.org/security/2001/dsa-069
DEBIAN:DSA-069
http://www.debian.org/security/2005/dsa-695
DEBIAN:DSA-695
http://www.gentoo.org/security/en/glsa/glsa-200503-05.xml
GENTOO:GLSA-200503-05
http://www.redhat.com/support/errata/RHSA-2001-088.html
REDHAT:RHSA-2001:088
http://www.novell.com/linux/security/advisories/2001_024_xli_txt.html
SUSE:SA:2001:024
http://www.iss.net/security_center/static/6821.php
XF:xloadimage-faces-bo(6821)
CVE-2001-0776
Buffer overflow in DynFX MailServer version 2.10 allows remote attackers to conduct a denial of service via a long username to the POP3 service.
2001-10-12
2017-12-18
CVE-2001-0776
http://www.securityfocus.com/bid/2781
BID:2781
http://archives.neohapsis.com/archives/bugtraq/2001-05/0278.html
BUGTRAQ:20010526 DynFX POPd Denial of Service Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6615
XF:dynfx-mailserver-pop3-bo(6615)
CVE-2001-0777
Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests for PHP scripts.
2001-10-12
2017-12-18
CVE-2001-0777
http://www.securityfocus.com/bid/2783
BID:2783
http://archives.neohapsis.com/archives/bugtraq/2001-05/0248.html
BUGTRAQ:20010526 Remote vulnerabilities in OmniHTTPd
https://exchange.xforce.ibmcloud.com/vulnerabilities/6620
XF:omnihttpd-php-request-dos(6620)
CVE-2001-0778
OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20).
2001-10-12
2017-12-18
CVE-2001-0778
http://archives.neohapsis.com/archives/bugtraq/2001-05/0248.html
BUGTRAQ:20010525 Remote vulnerabilities in OmniHTTPd
http://www.omnicron.ca/httpd/docs/release.html
CONFIRM:http://www.omnicron.ca/httpd/docs/release.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6621
XF:omnihttpd-reveal-source-code(6621)
CVE-2001-0779
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
2002-03-09
2002-02-25
CVE-2001-0779
http://www.securityfocus.com/bid/2763
BID:2763
http://www.securityfocus.com/archive/1/187086
BUGTRAQ:20010528 solaris 2.6, 7 yppasswd vulnerability
http://www.securityfocus.com/archive/1/200110041632.JAA28125@dim.ucsd.edu
BUGTRAQ:20011004 Patches for Solaris rpc.yppasswdd available
http://www.kb.cert.org/vuls/id/327281
CERT-VN:VU#327281
http://www.ciac.org/ciac/bulletins/m-008.shtml
CIAC:M-008
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A102
OVAL:oval:org.mitre.oval:def:102
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A56
OVAL:oval:org.mitre.oval:def:56
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/209
SUN:00209
SUNBUG:4456994
https://exchange.xforce.ibmcloud.com/vulnerabilities/6629
XF:solaris-yppasswd-bo(6629)
CVE-2001-0780
Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a .. (dot dot) in the SHOW parameter.
2001-10-12
2016-05-13
CVE-2001-0780
http://www.securityfocus.com/bid/2793
BID:2793
http://www.securityfocus.com/archive/1/187182
BUGTRAQ:20010527 directorypro.cgi , directory traversal
CVE-2001-0781
Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST.
2001-10-12
2017-12-18
CVE-2001-0781
http://archives.neohapsis.com/archives/bugtraq/2001-05/0296.html
BUGTRAQ:20010530 SpoonFTP Buffer Overflow Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/6630
XF:spoonftp-cwd-list-bo(6630)
CVE-2001-0782
KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file.
2001-10-12
2017-12-18
CVE-2001-0782
http://archives.neohapsis.com/archives/bugtraq/2001-06/0302.html
BUGTRAQ:20010622 Symlinks symlinks...this time KTVision
https://exchange.xforce.ibmcloud.com/vulnerabilities/6741
XF:ktvision-symlink(6741)
CVE-2001-0783
Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command.
2001-10-12
2017-12-18
CVE-2001-0783
http://www.securityfocus.com/bid/2886
BID:2886
http://archives.neohapsis.com/archives/bugtraq/2001-06/0227.html
BUGTRAQ:20010618 Cisco TFTPD 1.1 Vulerablity
http://www.sentry-labs.com/files/cisco0201061701.txt
MISC:http://www.sentry-labs.com/files/cisco0201061701.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/6722
XF:cisco-tftp-directory-traversal(6722)
CVE-2001-0784
Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.
2002-03-09
2002-02-25
CVE-2001-0784
http://www.securityfocus.com/bid/2932
BID:2932
http://archives.neohapsis.com/archives/bugtraq/2001-06/0353.html
BUGTRAQ:20010626 Advisory
http://www.debian.org/security/2001/dsa-089
DEBIAN:DSA-089
http://www.osvdb.org/1883
OSVDB:1883
http://www.redhat.com/support/errata/RHSA-2001-105.html
REDHAT:RHSA-2001:105
http://www.redhat.com/support/errata/RHSA-2002-063.html
REDHAT:RHSA-2002:063
https://exchange.xforce.ibmcloud.com/vulnerabilities/6752
XF:icecast-dot-directory-traversal(6752)
CVE-2001-0785
Directory traversal in Webpaging interface in Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows remote attackers to read arbitrary files via a .. (dot dot) attack.
2001-10-12
2003-05-08
CVE-2001-0785
http://www.securityfocus.com/bid/2883
BID:2883
http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html
BUGTRAQ:20010618 Multiple Vulnerabilities In AMLServer
CVE-2001-0786
Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 stores user passwords in plaintext in the pUser.Dat file.
2001-10-12
2003-05-08
CVE-2001-0786
http://www.securityfocus.com/bid/2882
BID:2882
http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html
BUGTRAQ:20010618 Multiple Vulnerabilities In AMLServer
CVE-2001-0787
LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges.
2002-03-09
2002-02-25
CVE-2001-0787
http://www.securityfocus.com/bid/2865
BID:2865
http://www.ciac.org/ciac/bulletins/l-096.shtml
CIAC:L-096
http://www.redhat.com/support/errata/RHSA-2001-077.html
REDHAT:RHSA-2001:077
https://exchange.xforce.ibmcloud.com/vulnerabilities/6703
XF:lprng-supplementary-groups(6703)
CVE-2001-0788
Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows remote attackers to obtain an absolute path for the server directory by viewing the Location header.
2001-10-12
2003-05-08
CVE-2001-0788
http://www.securityfocus.com/bid/2881
BID:2881
http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html
BUGTRAQ:20010618 Multiple Vulnerabilities In AMLServer
CVE-2001-0789
Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 for Sendmail allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed mail message.
2001-10-12
2016-05-13
CVE-2001-0789
http://archives.neohapsis.com/archives/bugtraq/2001-06/0274.html
BUGTRAQ:20010621 SECURITY.NNOV: KAV (AVP) for sendmail format string vulnerability
CVE-2001-0790
Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a denial of service (CPU exhaustion) via a port scan, which causes the server to consume CPU while preparing alerts.
2001-10-12
2003-05-08
CVE-2001-0790
http://archives.neohapsis.com/archives/win2ksecadvice/2001-q2/0071.html
WIN2KSEC:20010527
CVE-2001-0791
Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access.
2001-10-12
2003-05-17
CVE-2001-0791
http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00006.html
BUGTRAQ:20010531 [SNS Advisory No.28]InterScan VirusWall for NT remote configuration
CVE-2001-0792
Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname.
2004-09-01
2002-03-01
CVE-2001-0792
http://www.securiteam.com/exploits/5AP0Q2A4AQ.html
MISC:http://www.securiteam.com/exploits/5AP0Q2A4AQ.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7416
XF:xchat-nickname-format-string(7416)
CVE-2001-0794
Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers to cause a denial of service via a long USER command.
2001-10-12
2003-05-08
CVE-2001-0794
http://archives.neohapsis.com/archives/bugtraq/2001-06/0280.html
BUGTRAQ:20010621 A-FTP Anonymous FTP Server Remote DoS attack Vulnerability
CVE-2001-0795
Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names.
2001-10-12
2003-05-08
CVE-2001-0795
http://www.securityfocus.com/bid/2926
BID:2926
http://archives.neohapsis.com/archives/bugtraq/2001-06/0328.html
BUGTRAQ:20010625 Perception LiteServe MS-DOS filename vulnerability
CVE-2001-0796
SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay.
2002-03-09
2002-02-25
CVE-2001-0796
http://www.securityfocus.com/bid/3463
BID:3463
http://www.freebsd.org/cgi/query-pr.cgi?pr=8990
CONFIRM:http://www.freebsd.org/cgi/query-pr.cgi?pr=8990
ftp://patches.sgi.com/support/free/security/advisories/20011001-01-P
SGI:20011001-01-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/7332
XF:irix-igmp-dos(7332)
CVE-2001-0797
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
2002-06-25
2002-06-15
CVE-2001-0797
http://www-1.ibm.com/support/search.wss?rs=0&q=IY26221&apar=only
AIXAPAR:IY26221
http://www.securityfocus.com/bid/3681
BID:3681
http://marc.info/?l=bugtraq&m=100844757228307&w=2
BUGTRAQ:20011214 Sun Solaris login bug patches out
http://www.securityfocus.com/archive/1/246487
BUGTRAQ:20011219 Linux distributions and /bin/login overflow
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/CSSA-2001-SCO.40.txt
CALDERA:CSSA-2001-SCO.40
http://www.cert.org/advisories/CA-2001-34.html
CERT:CA-2001-34
http://www.kb.cert.org/vuls/id/569272
CERT-VN:VU#569272
http://xforce.iss.net/alerts/advise105.php
ISS:20011212 Buffer Overflow in /bin/login
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2025
OVAL:oval:org.mitre.oval:def:2025
ftp://patches.sgi.com/support/free/security/advisories/20011201-01-I
SGI:20011201-01-I
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/213
SUN:00213
SUNBUG:4516885
https://exchange.xforce.ibmcloud.com/vulnerabilities/7284
XF:telnet-tab-bo(7284)
CVE-2001-0798
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none.
2017-05-11
2017-05-11
CVE-2001-0798
CVE-2001-0799
Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument.
2001-11-22
2017-07-10
CVE-2001-0799
http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2
MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2
http://www.osvdb.org/8572
OSVDB:8572
ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P
SGI:20011003-02-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/7641
XF:irix-lpsched-bo(7641)
CVE-2001-0800
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
2001-11-22
2008-02-10
CVE-2001-0800
http://www.securityfocus.com/bid/27566
BID:27566
http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2
MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2
ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P
SGI:20011003-02-P
CVE-2001-0801
lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library.
2002-03-09
2002-02-25
CVE-2001-0801
http://www.lsd-pl.net/files/get?IRIX/irx_lpstat2
MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpstat2
ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P
SGI:20011003-02-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/7639
XF:irix-lpstat-net-type-library(7639)
CVE-2001-0802
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none.
2017-05-11
2017-05-11
CVE-2001-0802
CVE-2001-0803
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
2002-03-09
2002-02-25
CVE-2001-0803
http://www.securityfocus.com/bid/3517
BID:3517
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/
CALDERA:CSSA-2001-SCO.30
http://www.cert.org/advisories/CA-2001-31.html
CERT:CA-2001-31
http://www.cert.org/advisories/CA-2002-01.html
CERT:CA-2002-01
http://www.kb.cert.org/vuls/id/172583
CERT-VN:VU#172583
http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml
COMPAQ:SSRT541
http://www.securityfocus.com/advisories/3651
HP:HPSBUX0111-175
http://xforce.iss.net/alerts/advise101.php
ISS:20011112 Multi-Vendor Buffer Overflow Vulnerability in CDE Subprocess Control Service
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A70
OVAL:oval:org.mitre.oval:def:70
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A74
OVAL:oval:org.mitre.oval:def:74
ftp://patches.sgi.com/support/free/security/advisories/20011107-01-P
SGI:20011107-01-P
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/214
SUN:00214
https://exchange.xforce.ibmcloud.com/vulnerabilities/7396
XF:cde-dtspcd-bo(7396)
CVE-2001-0804
Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. (dot dot) attack on the "next" parameter.
2002-03-09
2001-11-28
CVE-2001-0804
http://www.securityfocus.com/bid/3028
BID:3028
http://www.securityfocus.com/archive/1/4.3.2.7.2.20010715184257.00b20100@compumodel.com
BUGTRAQ:20010715 Interactive Story File Disclosure Vulnerability
http://www.valeriemates.com/story_download.html
CONFIRM:http://www.valeriemates.com/story_download.html
http://www.osvdb.org/683
OSVDB:683
https://exchange.xforce.ibmcloud.com/vulnerabilities/6843
XF:interactive-story-next-directory-traversal(6843)
CVE-2001-0805
Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter.
2002-03-09
2001-11-28
CVE-2001-0805
http://www.securityfocus.com/bid/2890
BID:2890
http://www.securityfocus.com/archive/1/3B2E37D0.81D9ED9D@snosoft.com
BUGTRAQ:20010618 SCO Tarantella Remote file read via ttawebtop.cgi
http://www.securityfocus.com/archive/1/20010619150935.A5226@tarantella.com
BUGTRAQ:20010619 Re: SCO Tarantella Remote file read via ttawebtop.cgi
https://exchange.xforce.ibmcloud.com/vulnerabilities/6723
XF:tarantella-ttawebtop-read-files(6723)
CVE-2001-0806
Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.
2002-03-09
2002-02-25
CVE-2001-0806
http://www.securityfocus.com/bid/2930
BID:2930
http://marc.info/?l=bugtraq&m=99358249631139&w=2
BUGTRAQ:20010626 MacOSX 10.0.X Permissions uncorrectly set
http://marc.info/?l=bugtraq&m=99436289015729&w=2
BUGTRAQ:20010704 Re: MacOSX 10.0.X Permissions uncorrectly set - I got it
http://online.securityfocus.com/archive/1/219166
BUGTRAQ:20011007 OS X 10.1 and localized desktop folder still vulnerable
http://www.osvdb.org/1882
OSVDB:1882
https://exchange.xforce.ibmcloud.com/vulnerabilities/6750
XF:macos-desktop-insecure-permissions(6750)
CVE-2001-0807
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.
2001-11-22
2017-12-18
CVE-2001-0807
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=189341
BUGTRAQ:20010606 security bug Internet Explorer 5
https://exchange.xforce.ibmcloud.com/vulnerabilities/6688
XF:ie-local-file-disclosure(6688)
CVE-2001-0808
gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.
2001-11-22
2017-12-18
CVE-2001-0808
http://archives.neohapsis.com/archives/bugtraq/2001-06/0365.html
BUGTRAQ:20010627 gnats update
http://sources.redhat.com/gnats/gnatsweb/advisory-jun-26-2001.html
CONFIRM:http://sources.redhat.com/gnats/gnatsweb/advisory-jun-26-2001.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6753
XF:gnatsweb-helpfile-execute-commands(6753)
CVE-2001-0809
Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.
2001-11-22
2017-10-09
CVE-2001-0809
http://archives.neohapsis.com/archives/hp/2001-q2/0074.html
HP:HPSBUX0106-155
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5673
OVAL:oval:org.mitre.oval:def:5673
CVE-2001-0810
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none.
2017-05-11
2017-05-11
CVE-2001-0810
CVE-2001-0811
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none.
2017-05-11
2017-05-11
CVE-2001-0811
CVE-2001-0812
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none.
2017-05-11
2017-05-11
CVE-2001-0812
CVE-2001-0813
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none.
2017-05-11
2017-05-11
CVE-2001-0813
CVE-2001-0814
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2001. Notes: none.
2017-05-11
2017-05-11
CVE-2001-0814
CVE-2001-0815
Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.
2002-03-09
2016-09-15
CVE-2001-0815
http://www.securityfocus.com/bid/3526
BID:3526
http://marc.info/?l=bugtraq&m=100583978302585&w=2
BUGTRAQ:20011115 NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability
http://bugs.activestate.com/show_bug.cgi?id=18062
CONFIRM:http://bugs.activestate.com/show_bug.cgi?id=18062
http://www.osvdb.org/678
OSVDB:678
https://exchange.xforce.ibmcloud.com/vulnerabilities/7539
XF:activeperl-perlis-filename-bo(7539)
CVE-2001-0816
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
2002-03-09
2002-02-25
CVE-2001-0816
http://archives.neohapsis.com/archives/bugtraq/2001-09/0153.html
BUGTRAQ:20010918 OpenSSH: sftp & bypassing keypair auth restrictions
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431
CONECTIVA:CLSA-2001:431
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01
IMMUNIX:IMNX-2001-70-034-01
http://www.osvdb.org/5536
OSVDB:5536
http://www.redhat.com/support/errata/RHSA-2001-154.html
REDHAT:RHSA-2001:154
https://exchange.xforce.ibmcloud.com/vulnerabilities/7634
XF:openssh-sftp-bypass-restrictions(7634)
CVE-2001-0817
Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.
2001-11-22
2017-12-18
CVE-2001-0817
http://www.securityfocus.com/bid/3561
BID:3561
http://www.cert.org/advisories/CA-2001-32.html
CERT:CA-2001-32
http://www.kb.cert.org/vuls/id/638011
CERT-VN:VU#638011
http://www.ciac.org/ciac/bulletins/m-021.shtml
CIAC:M-021
http://archives.neohapsis.com/archives/hp/2001-q4/0047.html
HP:HPSBUX0111-176
http://xforce.iss.net/alerts/advise102.php
ISS:20011120 Remote Logic Flaw Vulnerability in HP-UX Line Printer Daemon
https://exchange.xforce.ibmcloud.com/vulnerabilities/7234
XF:hpux-rlpdaemon-logic-flaw(7234)
CVE-2001-0818
A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data.
2001-11-22
2017-12-18
CVE-2001-0818
http://www.securityfocus.com/bid/2867
BID:2867
http://www.securityfocus.com/archive/1/190933
BUGTRAQ:20010612 Remote buffer overflow in MDBMS.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6700
XF:mdbms-query-display-bo(6700)
CVE-2001-0819
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.
2002-03-09
2002-02-25
CVE-2001-0819
http://www.securityfocus.com/bid/2877
BID:2877
http://www.caldera.com/support/security/advisories/CSSA-2001-022.1.txt
CALDERA:CSSA-2001-022.1
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000403
CONECTIVA:CLA-2001:403
http://www.debian.org/security/2001/dsa-060
DEBIAN:DSA-060
http://www.linuxsecurity.com/advisories/other_advisory-1451.html
ENGARDE:ESA-20010620-01
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:43.fetchmail.asc
FREEBSD:FreeBSD-SA-01:43
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-025-01
IMMUNIX:IMNX-2001-70-025-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-063.php3?dis=7.1
MANDRAKE:MDKSA-2001:063
http://www.redhat.com/support/errata/RHSA-2001-103.html
REDHAT:RHSA-2001:103
http://www.novell.com/linux/security/advisories/2001_026_fetchmail_txt.html
SUSE:SuSE-SA:2001:026
https://exchange.xforce.ibmcloud.com/vulnerabilities/6704
XF:fetchmail-long-header-bo(6704)
CVE-2001-0820
Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c.
2001-11-22
2017-12-18
CVE-2001-0820
http://www.securityfocus.com/bid/2879
BID:2879
http://www.securityfocus.com/bid/2965
BID:2965
http://marc.info/?l=bugtraq&m=99279182704674&w=2
BUGTRAQ:20010617 Buffer Overflow in GazTek HTTP Daemon v1.4 (ghttpd)
http://marc.info/?l=bugtraq&m=99406263214417&w=2
BUGTRAQ:20010630 Advisory Ghttp 1.4
https://exchange.xforce.ibmcloud.com/vulnerabilities/6702
XF:gaztek-ghttpd-bo(6702)
CVE-2001-0821
The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt.
2001-11-22
2017-12-18
CVE-2001-0821
http://www.securityfocus.com/bid/2889
BID:2889
http://archives.neohapsis.com/archives/bugtraq/2001-06/0233.html
BUGTRAQ:20010618 DCShop vulnerability
http://www.dcscripts.com/dcforum/dcshop/44.html
CONFIRM:http://www.dcscripts.com/dcforum/dcshop/44.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6707
XF:dcshop-cgi-retrieve-information(6707)
CVE-2001-0822
FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets.
2002-03-09
2001-11-28
CVE-2001-0822
http://www.securityfocus.com/bid/2816
BID:2816
http://marc.info/?l=bugtraq&m=99167206319643&w=2
BUGTRAQ:20010602 fpf module and packet fragmentation:local/remote DoS.
http://www.pkcrew.org/news.php
CONFIRM:http://www.pkcrew.org/news.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/6659
XF:linux-fpf-kernel-dos(6659)
CVE-2001-0823
The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).
2002-03-09
2001-11-28
CVE-2001-0823
http://www.securityfocus.com/bid/2887
BID:2887
http://marc.info/?l=bugtraq&m=99290754901708&w=2
BUGTRAQ:20010618 pmpost - another nice symlink follower
http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html
BUGTRAQ:20010619 Re: pmpost - another nice symlink follower
ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A
SGI:20010601-01-A
https://exchange.xforce.ibmcloud.com/vulnerabilities/6724
XF:irix-pcp-pmpost-symlink(6724)
CVE-2001-0824
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.
2001-11-22
2001-11-28
CVE-2001-0824
http://www.securityfocus.com/bid/2969
BID:2969
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html
BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability
CVE-2001-0825
Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.
2004-09-01
2002-08-20
CVE-2001-0825
http://www.securityfocus.com/bid/2971
BID:2971
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406
CONECTIVA:CLA-2001:406
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01
IMMUNIX:IMNX-2001-70-029-01
http://www.redhat.com/support/errata/RHSA-2001-092.html
REDHAT:RHSA-2001:092
SUSE:SuSE-SA:2001:022
https://exchange.xforce.ibmcloud.com/vulnerabilities/6804
XF:xinetd-zero-length-bo(6804)
CVE-2001-0826
Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS, (4) PORT, (5) DELE, (6) REST, (7) RMD, or (8) MKD.
2001-11-22
2001-11-28
CVE-2001-0826
http://www.securityfocus.com/bid/2972
BID:2972
http://www.securityfocus.com/archive/1/20010630093621.66913.qmail@web13002.mail.yahoo.com
BUGTRAQ:20010630 cesarFTP v0.98b 'HELP' buffer overflow
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00070.html
BUGTRAQ:20010704 CesarFTPd, Cerberus FTPd
CVE-2001-0827
Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.
2001-11-22
2001-11-28
CVE-2001-0827
http://www.securityfocus.com/bid/2976
BID:2976
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00070.html
BUGTRAQ:20010704 CesarFTPd, Cerberus FTPd
CVE-2001-0828
A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.
2002-03-09
2002-02-25
CVE-2001-0828
http://www.securityfocus.com/bid/2981
BID:2981
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html
BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability
http://www.kb.cert.org/vuls/id/981651
CERT-VN:VU#981651
http://www.caucho.com/products/resin/changes.xtp
CONFIRM:http://www.caucho.com/products/resin/changes.xtp
http://www.osvdb.org/1890
OSVDB:1890
https://exchange.xforce.ibmcloud.com/vulnerabilities/6793
XF:java-servlet-crosssite-scripting(6793)
CVE-2001-0829
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
2001-11-22
2001-11-28
CVE-2001-0829
http://www.securityfocus.com/bid/2982
BID:2982
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html
BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability
http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme
MISC:http://jakarta.apache.org/tomcat/tomcat-3.2-doc/readme
CVE-2001-0830
6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server.
2002-03-09
2002-02-25
CVE-2001-0830
http://www.securityfocus.com/bid/3467
BID:3467
http://marc.info/?l=bugtraq&m=100386451702966&w=2
BUGTRAQ:20011023 Remote DoS in 6tunnel
ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz
CONFIRM:ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz
https://exchange.xforce.ibmcloud.com/vulnerabilities/7337
XF:6tunnel-open-socket-dos(7337)
CVE-2001-0831
Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access.
2001-11-22
2016-10-17
CVE-2001-0831
http://www.securityfocus.com/bid/3465
BID:3465
http://marc.info/?l=bugtraq&m=100386756715645&w=2
BUGTRAQ:20011023 FW: ASI Oracle Security Alert: 3 new security alerts
http://otn.oracle.com/deploy/security/pdf/OLS817alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/OLS817alert.pdf
http://www.iss.net/security_center/static/7344.php
XF:oracle-label-security-access(7344)
CVE-2001-0832
Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability."
2001-11-22
2016-10-17
CVE-2001-0832
http://marc.info/?l=bugtraq&m=100386756715645&w=2
BUGTRAQ:20011023 FW: ASI Oracle Security Alert: 3 new security alerts
http://otn.oracle.com/deploy/security/pdf/oracle_race.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/oracle_race.pdf
CVE-2001-0833
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."
2002-03-09
2002-03-07
CVE-2001-0833
http://www.securityfocus.com/bid/3139
BID:3139
http://online.securityfocus.com/archive/1/201295
BUGTRAQ:20010802 vulnerability in otrcrep binary in Oracle 8.0.5.
http://marc.info/?l=bugtraq&m=100386756715645&w=2
BUGTRAQ:20011023 FW: ASI Oracle Security Alert: 3 new security alerts
http://online.securityfocus.com/archive/1/222612
BUGTRAQ:20011024 Oracle Trace Collection Security Vulnerability
http://www.ciac.org/ciac/bulletins/m-011.shtml
CIAC:M-011
http://otn.oracle.com/deploy/security/pdf/otrcrep.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/otrcrep.pdf
VULNWATCH:20011024 Oracle Trace Collection Security Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6940
XF:oracle-binary-symlink(6940)
CVE-2001-0834
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
2002-03-09
2002-02-25
CVE-2001-0834
http://www.securityfocus.com/bid/3410
BID:3410
http://marc.info/?l=bugtraq&m=100260195401753&w=2
BUGTRAQ:20011007 Re: Bug found in ht://Dig htsearch CGI
http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txt
CALDERA:CSSA-2001-035.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429
CONECTIVA:CLA-2001:429
http://www.debian.org/security/2001/dsa-080
DEBIAN:DSA-080
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3
MANDRAKE:MDKSA-2001:083
http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593
MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593
http://www.redhat.com/support/errata/RHSA-2001-139.html
REDHAT:RHSA-2001:139
http://www.novell.com/linux/security/advisories/2001_035_htdig_txt.html
SUSE:SuSE-SA:2001:035
https://exchange.xforce.ibmcloud.com/vulnerabilities/7262
XF:htdig-htsearch-infinite-loop(7262)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7263
XF:htdig-htsearch-retrieve-files(7263)
CVE-2001-0835
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.
2001-11-22
2017-12-18
CVE-2001-0835
http://www.securityfocus.com/bid/3473
BID:3473
http://marc.info/?l=bugtraq&m=100394630702875&w=2
BUGTRAQ:20011024 Cross-site Scripting Flaw in webalizer
http://www.mrunix.net/webalizer/news.html
CONFIRM:http://www.mrunix.net/webalizer/news.html
http://www.linuxsecurity.com/advisories/other_advisory-1677.html
ENGARDE:ESA-20011101-01
http://www.redhat.com/support/errata/RHSA-2001-140.html
REDHAT:RHSA-2001:140
http://www.redhat.com/support/errata/RHSA-2001-141.html
REDHAT:RHSA-2001:141
http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html
SUSE:SuSE-SA:2001:040
https://exchange.xforce.ibmcloud.com/vulnerabilities/7350
XF:webalizer-html-tag-host(7350)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7351
XF:webalizer-html-tags-keywords(7351)
CVE-2001-0836
Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
2002-03-09
2002-02-25
CVE-2001-0836
http://marc.info/?l=bugtraq&m=100342151132277&w=2
BUGTRAQ:20011018 def-2001-30
http://marc.info/?l=bugtraq&m=100395487007578&w=2
BUGTRAQ:20011024 Oracle9iAS Web Cache Overflow Vulnerability
http://www.cert.org/advisories/CA-2001-29.html
CERT:CA-2001-29
http://www.kb.cert.org/vuls/id/649979
CERT-VN:VU#649979
http://otn.oracle.com/deploy/security/pdf/webcache.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache.pdf
http://www.osvdb.org/5534
OSVDB:5534
https://exchange.xforce.ibmcloud.com/vulnerabilities/7306
XF:oracle-appserver-http-bo(7306)
CVE-2001-0837
DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder.
2004-09-01
2004-07-22
CVE-2001-0837
http://www.securityfocus.com/bid/3475
BID:3475
http://marc.info/?l=bugtraq&m=100403691432052&w=2
BUGTRAQ:20011025 Pc-to-Phone vulnerability - broken by design
https://exchange.xforce.ibmcloud.com/vulnerabilities/7393
XF:pc2phone-temp-account-readable(7393)
CVE-2001-0838
Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command.
2001-11-22
2017-07-11
CVE-2001-0838
http://marc.info/?l=bugtraq&m=100402652724815&w=2
BUGTRAQ:20011025 RWhoisd remote format string vulnerability
CVE-2001-0839
ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing.
2001-11-22
2017-12-18
CVE-2001-0839
http://www.securityfocus.com/bid/3476
BID:3476
http://marc.info/?l=bugtraq&m=100404371423927&w=2
BUGTRAQ:20011025 Weak authentication in iBill's Password Management CGI
https://exchange.xforce.ibmcloud.com/vulnerabilities/7352
XF:ibillpm-cgi-insecure-password(7352)
CVE-2001-0840
Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.
2001-11-22
2005-07-02
CVE-2001-0840
http://www.securityfocus.com/bid/3482
BID:3482
http://www.kb.cert.org/vuls/id/908611
CERT-VN:VU#908611
http://www.compaq.com/products/servers/management/mgtsw-advisory.html
COMPAQ:SSRT0766
http://www.iss.net/security_center/static/7411.php
XF:compaq-insightmanager-xe-bo(7411)
CVE-2001-0841
Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
2001-11-22
2016-10-17
CVE-2001-0841
http://www.securityfocus.com/bid/3486
BID:3486
http://marc.info/?l=bugtraq&m=100446445208739&w=2
BUGTRAQ:20011030 Ikonboard Cookie filter vulnerability
http://www.iss.net/security_center/static/7433.php
XF:ikonboard-cookie-auth-privileges(7433)
CVE-2001-0842
Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie.
2001-11-22
2016-10-17
CVE-2001-0842
http://www.securityfocus.com/bid/3484
BID:3484
http://marc.info/?l=bugtraq&m=100446455809273&w=2
BUGTRAQ:20011030 LB5000 Cookie filter vulnerability
http://www.iss.net/security_center/static/7436.php
XF:leoboard-cookie-auth-privileges(7436)
CVE-2001-0843
Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.
2002-03-09
2002-03-07
CVE-2001-0843
http://www.securityfocus.com/bid/3354
BID:3354
http://marc.info/?l=bugtraq&m=100109679010256&w=2
BUGTRAQ:20010921 squid DoS
http://archives.neohapsis.com/archives/linux/conectiva/2001-q3/0020.html
CONECTIVA:CLA-2001:426
http://www.debian.org/security/2001/dsa-077
DEBIAN:DSA-077
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-088.php3
MANDRAKE:MDKSA-2001:088
http://www.redhat.com/support/errata/RHSA-2001-113.html
REDHAT:RHSA-2001:113
http://www.novell.com/linux/security/advisories/2001_037_squid_txt.html
SUSE:SuSE-SA:2001:037
https://exchange.xforce.ibmcloud.com/vulnerabilities/7157
XF:squid-mkdir-put-dos(7157)
CVE-2001-0844
Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter.
2001-11-22
2016-10-17
CVE-2001-0844
http://www.securityfocus.com/bid/3483
BID:3483
http://www.securityfocus.com/bid/3485
BID:3485
http://marc.info/?l=bugtraq&m=100446263601021&w=2
BUGTRAQ:20011030 cgi vulnerability
http://www.iss.net/security_center/static/7434.php
XF:bookofguests-cgi-command-execution(7434)
http://www.iss.net/security_center/static/7435.php
XF:postit-cgi-command-execution(7435)
CVE-2001-0845
Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources.
2001-11-22
2017-12-18
CVE-2001-0845
http://www.securityfocus.com/bid/3492
BID:3492
http://ftp.support.compaq.com/patches/.new/html/SSRT0738.shtml
COMPAQ:SSRT0738
https://exchange.xforce.ibmcloud.com/vulnerabilities/7425
XF:openvms-dms-unauthorized-access(7425)
CVE-2001-0846
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
2002-03-09
2002-02-25
CVE-2001-0846
http://www.iss.net/security_center/static/7424.php
BID:3491
http://marc.info/?l=bugtraq&m=100448721830960&w=2
BUGTRAQ:20011030 Lotus Domino Web Administrator Template ReplicaID Access (#NISR29102001A)
http://www.osvdb.org/1979
OSVDB:1979
https://exchange.xforce.ibmcloud.com/vulnerabilities/7424
XF:lotus-domino-replicaid-access(7424)
CVE-2001-0847
Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID.
2001-11-22
2017-12-18
CVE-2001-0847
http://www.securityfocus.com/bid/3488
BID:3488
http://marc.info/?l=bugtraq&m=100448726831108&w=2
BUGTRAQ:20011031 Lotus Domino Default Navigator Protection By-pass (#NISR29102001B)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7423
XF:lotus-domino-navigator-access(7423)
CVE-2001-0848
join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable.
2001-11-22
2016-10-17
CVE-2001-0848
http://www.securityfocus.com/bid/3496
BID:3496
http://marc.info/?l=bugtraq&m=100463832209281&w=2
BUGTRAQ:20011101 Fuse Talk vulnerability
http://www.iss.net/security_center/static/7445.php
XF:fusetalk-joincfm-sql-execution(7445)
CVE-2001-0849
viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget.
2001-11-22
2017-12-18
CVE-2001-0849
http://www.securityfocus.com/bid/3495
BID:3495
http://marc.info/?l=bugtraq&m=100463639800515&w=2
BUGTRAQ:20011101 Vulnerability in Viralator proxy extension
http://viralator.loddington.com/changes.html
MISC:http://viralator.loddington.com/changes.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7440
XF:viralator-cgi-command-execution(7440)
CVE-2001-0850
A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow.
2002-03-09
2002-02-25
CVE-2001-0850
http://www.caldera.com/support/security/advisories/CSSA-2001-037.0.txt
CALDERA:CSSA-2001-037.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/7427
XF:openlinux-libdb-bo(7427)
CVE-2001-0851
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
2002-03-09
2002-02-25
CVE-2001-0851
http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt
CALDERA:CSSA-2001-38.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432
CONECTIVA:CLA-2001:432
http://www.linuxsecurity.com/advisories/other_advisory-1683.html
ENGARDE:ESA-20011106-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3
MANDRAKE:MDKSA-2001:082
http://www.redhat.com/support/errata/RHSA-2001-142.html
REDHAT:RHSA-2001:142
http://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html
SUSE:SuSE-SA:2001:039
https://exchange.xforce.ibmcloud.com/vulnerabilities/7461
XF:linux-syncookie-bypass-filter(7461)
CVE-2001-0852
TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header.
2002-03-09
2002-02-25
CVE-2001-0852
http://www.securityfocus.com/bid/3506
BID:3506
http://marc.info/?l=bugtraq&m=100498100112191&w=2
BUGTRAQ:20011105 RH Linux Tux HTTPD DoS
http://marc.info/?l=tux-list&m=100584714702328&w=2
CONFIRM:http://marc.info/?l=tux-list&m=100584714702328&w=2
http://www.redhat.com/support/errata/RHSA-2001-142.html
REDHAT:RHSA-2001:142
VULNWATCH:20011102 [RH Linux7.2] Tux HTTPD Denial of Service
https://exchange.xforce.ibmcloud.com/vulnerabilities/7464
XF:tux-http-host-dos(7464)
CVE-2001-0853
Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat.
2001-11-22
2017-07-10
CVE-2001-0853
http://www.securityfocus.com/bid/3508
BID:3508
http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html
BUGTRAQ:20011105 Entrust Bulletin E01-005: GetAccess Access Service vulnerability
http://marc.info/?l=bugtraq&m=100498111712723&w=2
BUGTRAQ:20011105 New getAccess[tm] Vulnerability
http://www.kb.cert.org/vuls/id/243243
CERT-VN:VU#243243
https://exchange.xforce.ibmcloud.com/vulnerabilities/7474
XF:getaccess-shellscripts-retrieve-files(7474)
CVE-2001-0854
PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.
2001-11-22
2016-10-17
CVE-2001-0854
http://www.securityfocus.com/bid/3510
BID:3510
http://marc.info/?l=bugtraq&m=100525739116093&w=2
BUGTRAQ:20011105 Copying and Deleting Files Using PHP-Nuke
http://www.iss.net/security_center/static/7478.php
XF:phpnuke-filemanager-gain-privileges(7478)
CVE-2001-0855
Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable.
2001-11-22
2016-10-17
CVE-2001-0855
http://www.securityfocus.com/bid/3523
BID:3523
http://marc.info/?l=bugtraq&m=100528623328037&w=2
BUGTRAQ:20011109 ClearCase db_loader TERM environment variable buffer overflow vulnerability
http://www.iss.net/security_center/static/7488.php
XF:clearcase-dbloader-term-bo(7488)
CVE-2001-0856
Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key.
2001-11-22
2016-10-17
CVE-2001-0856
http://www.securityfocus.com/bid/3524
BID:3524
http://marc.info/?l=bugtraq&m=100533053219673&w=2
BUGTRAQ:20011109 Extracting a 3DES key from an IBM 4758
http://www.cl.cam.ac.uk/~rnc1/descrack/
MISC:http://www.cl.cam.ac.uk/~rnc1/descrack/
http://www.cl.cam.ac.uk/~rnc1/descrack/attack.html
MISC:http://www.cl.cam.ac.uk/~rnc1/descrack/attack.html
CVE-2001-0857
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
2002-03-09
2006-01-31
CVE-2001-0857
http://www.securityfocus.com/bid/3525
BID:3525
http://marc.info/?l=bugtraq&m=100535679608486&w=2
BUGTRAQ:20011109 Imp Webmail session hijacking vulnerability
http://marc.info/?l=bugtraq&m=100540578822469&w=2
BUGTRAQ:20011110 IMP 2.2.7 (SECURITY) released
http://www.caldera.com/support/security/advisories/CSSA-2001-039.0.txt
CALDERA:CSSA-2001-039.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000437
CONECTIVA:CLA-2001:437
http://www.osvdb.org/668
OSVDB:668
https://exchange.xforce.ibmcloud.com/vulnerabilities/7496
XF:imp-css-steal-cookies(7496)
CVE-2001-0858
Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges.
2001-11-22
2016-10-17
CVE-2001-0858
http://marc.info/?l=bugtraq&m=100562386012917&w=2
BUGTRAQ:20011113 Security Update: [CSSA-2001-SCO.32] Open UNIX, UnixWare 7: buffer overflow in ppp utilities
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.32/
CALDERA:CSSA-2001-SCO.32
http://www.iss.net/security_center/static/7570.php
XF:unixware-openunix-ppp-bo(7570)
CVE-2001-0859
2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions.
2002-03-09
2002-02-25
CVE-2001-0859
http://www.securityfocus.com/bid/3527
BID:3527
http://online.securityfocus.com/advisories/3725
HP:HPSBTL0112-006
http://www.redhat.com/support/errata/RHSA-2001-148.html
REDHAT:RHSA-2001:148
https://exchange.xforce.ibmcloud.com/vulnerabilities/7549
XF:linux-korean-default-umask(7549)
CVE-2001-0860
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
2002-03-09
2002-02-25
CVE-2001-0860
http://www.securityfocus.com/bid/3541
BID:3541
http://marc.info/?l=bugtraq&m=100578220002083&w=2
BUGTRAQ:20011114 Xato Advisory: Win2k/XP Terminal Services IP Spoofing
https://exchange.xforce.ibmcloud.com/vulnerabilities/7538
XF:win-terminal-spoof-address(7538)
CVE-2001-0861
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.
2002-03-09
2009-03-01
CVE-2001-0861
http://www.securityfocus.com/bid/3534
BID:3534
http://www.ciac.org/ciac/bulletins/m-018.shtml
CIAC:M-018
http://www.cisco.com/warp/public/707/GSR-unreachables-pub.shtml
CISCO:20011114 ICMP Unreachable Vulnerability in Cisco 12000 Series Internet Router
http://www.osvdb.org/794
OSVDB:794
https://exchange.xforce.ibmcloud.com/vulnerabilities/7536
XF:cisco-icmp-unreachable-dos(7536)
CVE-2001-0862
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
2002-03-09
2009-03-01
CVE-2001-0862
http://www.securityfocus.com/bid/3535
BID:3535
http://www.ciac.org/ciac/bulletins/m-018.shtml
CIAC:M-018
http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
http://www.osvdb.org/1985
OSVDB:1985
https://exchange.xforce.ibmcloud.com/vulnerabilities/7550
XF:cisco-acl-noninital-dos(7550)
CVE-2001-0863
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.
2002-03-09
2009-03-01
CVE-2001-0863
http://www.securityfocus.com/bid/3539
BID:3539
http://www.ciac.org/ciac/bulletins/m-018.shtml
CIAC:M-018
http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
http://www.osvdb.org/1987
OSVDB:1987
https://exchange.xforce.ibmcloud.com/vulnerabilities/7551
XF:cisco-acl-outgoing-fragment(7551)
CVE-2001-0864
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.
2002-03-09
2009-03-01
CVE-2001-0864
http://www.securityfocus.com/bid/3536
BID:3536
http://www.ciac.org/ciac/bulletins/m-018.shtml
CIAC:M-018
http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
http://www.osvdb.org/1986
OSVDB:1986
https://exchange.xforce.ibmcloud.com/vulnerabilities/7553
XF:cisco-acl-deny-ip(7553)
CVE-2001-0865
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.
2002-03-09
2009-03-01
CVE-2001-0865
http://www.securityfocus.com/bid/3540
BID:3540
http://www.ciac.org/ciac/bulletins/m-018.shtml
CIAC:M-018
http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
http://www.osvdb.org/1988
OSVDB:1988
https://exchange.xforce.ibmcloud.com/vulnerabilities/7552
XF:cisco-turbo-acl-dos(7552)
CVE-2001-0866
Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.
2002-03-09
2009-03-01
CVE-2001-0866
http://www.securityfocus.com/bid/3537
BID:3537
http://www.ciac.org/ciac/bulletins/m-018.shtml
CIAC:M-018
http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
http://www.osvdb.org/1984
OSVDB:1984
http://www.iss.net/security_center/static/7554.php
XF:cisco-input-acl-configured(7554)
CVE-2001-0867
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.
2002-03-09
2009-03-01
CVE-2001-0867
http://www.securityfocus.com/bid/3538
BID:3538
http://www.ciac.org/ciac/bulletins/m-018.shtml
CIAC:M-018
http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
http://www.osvdb.org/1989
OSVDB:1989
https://exchange.xforce.ibmcloud.com/vulnerabilities/7555
XF:cisco-acl-fragment-bypass(7555)
CVE-2001-0868
Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status.
2001-11-28
2017-12-18
CVE-2001-0868
http://www.securityfocus.com/bid/3577
BID:3577
http://marc.info/?l=bugtraq&m=100654958131854&w=2
BUGTRAQ:20011123 Redhat Stronghold Secure Server File System Disclosure Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/51950
XF:apache-strongholdinfo-info-disclosure(51950)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51951
XF:apache-strongholdstatus-info-disclosure(51951)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7582
XF:stronghold-webserver-obtain-information(7582)
CVE-2001-0869
Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.
2002-06-25
2002-06-15
CVE-2001-0869
http://www.securityfocus.com/bid/3498
BID:3498
BUGTRAQ:20011101 Formatting string bug on cyrus-sasl library
http://www.caldera.com/support/security/advisories/CSSA-2001-040.0.txt
CALDERA:CSSA-2001-040.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000444
CONECTIVA:CLA-2001:444
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc
FREEBSD:FreeBSD-SA-02:15
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:018
MANDRAKE:MDKSA-2002:018
http://www.redhat.com/support/errata/RHSA-2001-150.html
REDHAT:RHSA-2001:150
http://www.redhat.com/support/errata/RHSA-2001-151.html
REDHAT:RHSA-2001:151
http://lwn.net/alerts/SuSE/SuSE-SA%3A2001%3A042.php3
SUSE:SuSE-SA:2001:042
https://exchange.xforce.ibmcloud.com/vulnerabilities/7443
XF:cyrus-sasl-format-string(7443)
CVE-2001-0870
HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file.
2001-11-30
2017-12-18
CVE-2001-0870
http://www.securityfocus.com/bid/3598
BID:3598
http://marc.info/?l=bugtraq&m=100715758109838&w=2
BUGTRAQ:20011130 Rapid 7 Advisory R7-0002: Alchemy Eye Remote Unauthenticated Log Viewing
https://exchange.xforce.ibmcloud.com/vulnerabilities/7630
XF:alchemy-http-view-log(7630)
CVE-2001-0871
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing (1) a .. in versions 2.0 through 2.6.18, or (2) a DOS device name followed by a .. in versions 2.6.19 through 3.0.10.
2001-11-30
2017-12-18
CVE-2001-0871
http://www.securityfocus.com/bid/3599
BID:3599
http://marc.info/?l=bugtraq&m=100714173510535&w=2
BUGTRAQ:20011129 Rapid 7 Advisory R7-0001: Alchemy Eye HTTP Remote Command Execution
http://www.kb.cert.org/vuls/id/220715
CERT-VN:VU#220715
https://exchange.xforce.ibmcloud.com/vulnerabilities/7625
XF:alchemy-http-dot-commands(7625)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7626
XF:alchemy-http-dot-variant(7626)
CVE-2001-0872
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
2002-06-25
2002-02-27
CVE-2001-0872
http://www.securityfocus.com/bid/3614
BID:3614
http://marc.info/?l=bugtraq&m=100749779131514&w=2
BUGTRAQ:20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]
BUGTRAQ:20011220 TSL-2001-0030 - openssh (updated)
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt
CALDERA:CSSA-2001-042.1
http://www.kb.cert.org/vuls/id/157447
CERT-VN:VU#157447
http://www.ciac.org/ciac/bulletins/m-026.shtml
CIAC:M-026
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000446
CONECTIVA:CLA-2001:446
http://marc.info/?l=openssh-unix-dev&m=100747128105913&w=2
CONFIRM:http://marc.info/?l=openssh-unix-dev&m=100747128105913&w=2
http://www.debian.org/security/2001/dsa-091
DEBIAN:DSA-091
FREEBSD:FreeBSD-SA-01:63
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005
HP:HPSBUX0112-005
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092
MANDRAKE:MDKSA-2001:092
http://www.osvdb.org/688
OSVDB:688
http://www.redhat.com/support/errata/RHSA-2001-161.html
REDHAT:RHSA-2001:161
http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html
SUSE:SuSE-SA:2001:045
TURBO:TLSA2002001
VULN-DEV:20011205 OpenSSH UseLogin proof of concept exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/7647
XF:openssh-uselogin-execute-code(7647)
CVE-2001-0873
uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.
2003-04-02
2002-08-17
CVE-2001-0873
http://www.securityfocus.com/bid/3312
BID:3312
http://www.securityfocus.com/archive/1/212892
BUGTRAQ:20010908 Multiple vendor 'Taylor UUCP' problems.
http://marc.info/?l=bugtraq&m=100715446131820
BUGTRAQ:20011130 Redhat 7.0 local root (via uucp) (attempt 2)
http://www.calderasystems.com/support/security/advisories/CSSA-2001-033.0.txt
CALDERA:CSSA-2001-033.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425
CONECTIVA:CLA-2001:425
http://www.debian.org/security/2001/dsa-079
DEBIAN:DSA-079
http://rhn.redhat.com/errata/RHSA-2001-165.html
REDHAT:RHSA-2001:165
http://www.novell.com/linux/security/advisories/2001_038_uucp_txt.html
SUSE:SuSE-SA:2001:38
https://exchange.xforce.ibmcloud.com/vulnerabilities/7099
XF:uucp-argument-gain-privileges(7099)
CVE-2001-0874
Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability.
2002-03-09
2002-02-26
CVE-2001-0874
http://www.securityfocus.com/bid/3693
BID:3693
http://www.ciac.org/ciac/bulletins/m-027.shtml
CIAC:M-027
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-058
MS:MS01-058
https://exchange.xforce.ibmcloud.com/vulnerabilities/7702
XF:ie-frame-verification-variant2(7702)
CVE-2001-0875
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
2002-03-09
2002-02-26
CVE-2001-0875
http://www.securityfocus.com/bid/3597
BID:3597
http://www.securityfocus.com/archive/1/245594
BUGTRAQ:20011126 File extensions spoofable in MSIE download dialog
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-058
MS:MS01-058
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1014
OVAL:oval:org.mitre.oval:def:1014
https://exchange.xforce.ibmcloud.com/vulnerabilities/7636
XF:ie-file-download-ext-spoof(7636)
CVE-2001-0876
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.
2002-03-09
2002-03-07
CVE-2001-0876
http://www.securityfocus.com/bid/3723
BID:3723
http://marc.info/?l=bugtraq&m=100887440810532&w=2
BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
http://www.cert.org/advisories/CA-2001-37.html
CERT:CA-2001-37
http://www.kb.cert.org/vuls/id/951555
CERT-VN:VU#951555
http://www.ciac.org/ciac/bulletins/m-030.shtml
CIAC:M-030
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-059
MS:MS01-059
http://marc.info/?l=ntbugtraq&m=100887271006313&w=2
NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/7721
XF:win-upnp-notify-bo(7721)
CVE-2001-0877
Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.
2002-03-09
2002-02-27
CVE-2001-0877
http://www.securityfocus.com/bid/3724
BID:3724
http://marc.info/?l=bugtraq&m=100887440810532&w=2
BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
http://www.securityfocus.com/archive/1/249238
BUGTRAQ:20020109 UPNP Denial of Service
http://www.cert.org/advisories/CA-2001-37.html
CERT:CA-2001-37
http://www.kb.cert.org/vuls/id/411059
CERT-VN:VU#411059
http://www.ciac.org/ciac/bulletins/m-030.shtml
CIAC:M-030
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-059
MS:MS01-059
http://marc.info/?l=ntbugtraq&m=100887271006313&w=2
NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/7722
XF:win-upnp-udp-dos(7722)
CVE-2001-0878
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0878
CVE-2001-0879
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
2002-03-09
2002-02-26
CVE-2001-0879
http://www.atstake.com/research/advisories/2001/a122001-1.txt
ATSTAKE:A122001-1
http://www.securityfocus.com/bid/3732
BID:3732
http://marc.info/?l=bugtraq&m=100891252317406&w=2
BUGTRAQ:20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060
MS:MS01-060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A253
OVAL:oval:org.mitre.oval:def:253
https://exchange.xforce.ibmcloud.com/vulnerabilities/7725
XF:mssql-c-runtime-format-string(7725)
CVE-2001-0880
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0880
CVE-2001-0881
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0881
CVE-2001-0882
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0882
CVE-2001-0883
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0883
CVE-2001-0884
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
2002-06-25
2001-12-25
CVE-2001-0884
http://www.securityfocus.com/bid/3602
BID:3602
http://www.securityfocus.com/archive/1/242839
BUGTRAQ:20011128 Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting
http://www.securityfocus.com/advisories/3721
CONECTIVA:CLA-2001:445
http://www.redhat.com/support/errata/RHSA-2001-168.html
REDHAT:RHSA-2001:168
http://www.redhat.com/support/errata/RHSA-2001-169.html
REDHAT:RHSA-2001:169
http://www.redhat.com/support/errata/RHSA-2001-170.html
REDHAT:RHSA-2001:170
https://exchange.xforce.ibmcloud.com/vulnerabilities/7617
XF:mailman-java-css(7617)
CVE-2001-0885
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2001-0885
CVE-2001-0886
Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.
2002-06-25
2001-12-20
CVE-2001-0886
http://www.securityfocus.com/bid/3707
BID:3707
http://www.securityfocus.com/archive/1/245956
BUGTRAQ:20011217 [Global InterSec 2001121001] glibc globbing issues.
BUGTRAQ:20011220 TSLSA-2001-0029 - glibc
http://www.ciac.org/ciac/bulletins/m-029.shtml
CIAC:M-029
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000447
CONECTIVA:CLA-2002:447
http://www.debian.org/security/2002/dsa-103
DEBIAN:DSA-103
http://www.linuxsecurity.com/advisories/other_advisory-1752.html
ENGARDE:ESA-20011217-01
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-008
HP:HPSBTL0112-008
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-037-01
IMMUNIX:IMNX-2001-70-037-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-095.php3
MANDRAKE:MDKSA-2001:095
http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html
MISC:http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html
http://www.redhat.com/support/errata/RHSA-2001-160.html
REDHAT:RHSA-2001:160
SUSE:SuSE-SA:2001:046
https://exchange.xforce.ibmcloud.com/vulnerabilities/7705
XF:glibc-glob-bo(7705)
CVE-2001-0887
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.
2002-06-25
2002-02-02
CVE-2001-0887
http://www.securityfocus.com/bid/3700
BID:3700
http://www.securityfocus.com/advisories/3734
FREEBSD:FreeBSD-SA-01:68
http://rhn.redhat.com/errata/RHSA-2001-171.html
REDHAT:RHSA-2001:171
http://www.redhat.com/support/errata/RHSA-2001-172.html
REDHAT:RHSA-2001:172
https://exchange.xforce.ibmcloud.com/vulnerabilities/7714
XF:xsane-temp-symlink(7714)
CVE-2001-0888
Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests.
2002-06-25
2002-02-26
CVE-2001-0888
http://www.securityfocus.com/bid/3734
BID:3734
http://marc.info/?l=bugtraq&m=100895903202798&w=2
BUGTRAQ:20011221 VIGILANTe advisory 2001003 : Atmel SNMP Non Public Community String DoS Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/7734
XF:atmel-snmp-community-dos(7734)
CVE-2001-0889
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
2002-06-25
2002-06-15
CVE-2001-0889
http://www.securityfocus.com/bid/3728
BID:3728
http://marc.info/?l=bugtraq&m=100877978506387&w=2
BUGTRAQ:20011219 [ph10@cus.cam.ac.uk: [Exim] Potential security problem]
http://www.kb.cert.org/vuls/id/283723
CERT-VN:VU#283723
http://www.debian.org/security/2002/dsa-097
DEBIAN:DSA-097
http://www.redhat.com/support/errata/RHSA-2001-176.html
REDHAT:RHSA-2001:176
https://exchange.xforce.ibmcloud.com/vulnerabilities/7738
XF:exim-pipe-hostname-commands(7738)
CVE-2001-0890
Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.
2002-07-23
2002-07-26
CVE-2001-0890
http://www.securityfocus.com/bid/3987
BID:3987
http://rhn.redhat.com/errata/RHSA-2001-171.html
REDHAT:RHSA-2001:171
http://www.iss.net/security_center/static/7714.php
XF:xsane-temp-symlink(7714)
CVE-2001-0891
Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters.
2003-04-02
2002-06-15
CVE-2001-0891
http://www.securityfocus.com/bid/3590
BID:3590
http://marc.info/?l=bugtraq&m=100695627423924&w=2
BUGTRAQ:20011127 UNICOS LOCAL HOLE ALL VERSIONS
http://www.osvdb.org/3275
OSVDB:3275
ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I
SGI:20020101-01-I
https://exchange.xforce.ibmcloud.com/vulnerabilities/7618
XF:unicos-nqsd-format-string(7618)
CVE-2001-0892
Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.
2002-02-02
2016-10-17
CVE-2001-0892
http://marc.info/?l=bugtraq&m=100568999726036&w=2
BUGTRAQ:20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln
http://www.acme.com/software/thttpd/
CONFIRM:http://www.acme.com/software/thttpd/
CVE-2001-0893
Acme mini_httpd before 1.16 allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.
2002-02-02
2016-10-17
CVE-2001-0893
http://marc.info/?l=bugtraq&m=100568999726036&w=2
BUGTRAQ:20011113 Cgisecurity.com Advisory #6: thttpd and mini_http Permission bypass vuln
http://www.acme.com/software/mini_httpd/
CONFIRM:http://www.acme.com/software/mini_httpd/
http://www.iss.net/security_center/static/7541.php
XF:httpd-bypass-permissions(7541)
CVE-2001-0894
Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.
2002-06-25
2002-06-15
CVE-2001-0894
http://www.securityfocus.com/bid/3544
BID:3544
http://marc.info/?l=bugtraq&m=100584160110303&w=2
BUGTRAQ:20011115 Postfix session log memory exhaustion bugfix
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000439
CONECTIVA:CLA-2001:439
http://www.debian.org/security/2001/dsa-093
DEBIAN:DSA-093
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:089
MANDRAKE:MDKSA-2001:089
http://www.redhat.com/support/errata/RHSA-2001-156.html
REDHAT:RHSA-2001:156
https://exchange.xforce.ibmcloud.com/vulnerabilities/7568
XF:postfix-smtp-log-dos(7568)
CVE-2001-0895
Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table.
2002-06-25
2009-03-01
CVE-2001-0895
http://www.securityfocus.com/bid/3547
BID:3547
http://www.kb.cert.org/vuls/id/399355
CERT-VN:VU#399355
http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml
CISCO:20011115 Cisco IOS ARP Table Overwrite Vulnerability
http://www.osvdb.org/807
OSVDB:807
https://exchange.xforce.ibmcloud.com/vulnerabilities/7547
XF:cisco-arp-overwrite-table(7547)
CVE-2001-0896
Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of service (crash) via a port scan, e.g. with nmap -PO.
2002-06-25
2002-06-15
CVE-2001-0896
http://marc.info/?l=bugtraq&m=101284101228656&w=2
BUGTRAQ:20020201 RE: DoS bug on Tru64
http://marc.info/?l=bugtraq&m=101303877215098&w=2
BUGTRAQ:20020205 nmap vs. inetd on Caldera (ex-SCO) OpenServer, Re: DoS bug on Tru64
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.33/CSSA-2001-SCO.33.txt
CALDERA:CSSA-2001-SCO.33
https://exchange.xforce.ibmcloud.com/vulnerabilities/7571
XF:openserver-nmap-po-option(7571)
CVE-2001-0897
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.
2002-02-02
2016-10-17
CVE-2001-0897
http://marc.info/?l=bugtraq&m=100586541317940&w=2
BUGTRAQ:20011115 Re: UBB vulnerablietis + about: using example
http://marc.info/?l=bugtraq&m=100586033530341&w=2
BUGTRAQ:20011115 UBB vulnerablietis + about: using example
CVE-2001-0898
Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.
2002-02-02
2016-10-17
CVE-2001-0898
http://www.securityfocus.com/bid/3553
BID:3553
http://marc.info/?l=bugtraq&m=100586079932284&w=2
BUGTRAQ:20011115 Several javascript vulnerabilities in Opera
http://marc.info/?l=bugtraq&m=100588139312696&w=2
BUGTRAQ:20011116 Re: Several javascript vulnerabilities in Opera
http://www.iss.net/security_center/static/7567.php
XF:opera-java-cross-site(7567)
CVE-2001-0899
Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.
2002-06-25
2002-06-15
CVE-2001-0899
http://marc.info/?l=bugtraq&m=100593523104176&w=2
BUGTRAQ:20011116 Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution
http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32
CONFIRM:http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32
https://exchange.xforce.ibmcloud.com/vulnerabilities/7578
XF:phpnuke-nettools-command-execution(7578)
CVE-2001-0900
Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter.
2002-06-25
2002-06-15
CVE-2001-0900
http://www.securityfocus.com/bid/3554
BID:3554
http://marc.info/?l=bugtraq&m=100619599000590&w=2
BUGTRAQ:20011118 Gallery Addon for PhpNuke remote file viewing vulnerability
http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order=
CONFIRM:http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order=
http://www.osvdb.org/677
OSVDB:677
https://exchange.xforce.ibmcloud.com/vulnerabilities/7580
XF:phpnuke-gallery-directory-traversal(7580)
CVE-2001-0901
Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment.
2002-06-25
2002-06-15
CVE-2001-0901
http://marc.info/?l=bugtraq&m=100626603407639&w=2
BUGTRAQ:20011119 Hypermail SSI Vulnerability
http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz
CONFIRM:http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz
https://exchange.xforce.ibmcloud.com/vulnerabilities/7576
XF:hypermail-ssi-execute-commands(7576)
CVE-2001-0902
Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.
2004-09-01
2004-07-22
CVE-2001-0902
http://www.securityfocus.com/bid/6795
BID:6795
http://marc.info/?l=bugtraq&m=100626531103946&w=2
BUGTRAQ:20011120 IIS logging issue
http://marc.info/?l=ntbugtraq&m=100627497122247&w=2
NTBUGTRAQ:20011120 IIS logging issue
https://exchange.xforce.ibmcloud.com/vulnerabilities/7613
XF:iis-fake-log-entry(7613)
CVE-2001-0903
Linear key exchange process in High-bandwidth Digital Content Protection (HDCP) System allows remote attackers to access data as plaintext, avoid device blacklists, clone devices, and create new device keyvectors by computing and using alternate key combinations for authentication.
2002-02-02
2016-10-17
CVE-2001-0903
http://www.securityfocus.com/bid/3558
BID:3558
http://marc.info/?l=bugtraq&m=100626641009560&w=2
BUGTRAQ:20011120 A Cryptanalysis of the High-bandwidth Digital Content Protection System
http://nunce.org/hdcp/hdcp111901.htm
MISC:http://nunce.org/hdcp/hdcp111901.htm
http://www.iss.net/security_center/static/7612.php
XF:hdcp-authentication-keys(7612)
CVE-2001-0904
Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies the HTTP_USER_AGENT (UserAgent) information that indicates that the patch has been installed, which could allow remote malicious web sites to more easily identify and exploit vulnerable clients.
2002-02-02
2016-10-17
CVE-2001-0904
http://www.securityfocus.com/bid/3556
BID:3556
http://marc.info/?l=bugtraq&m=100619268115798&w=2
BUGTRAQ:20011120 MSIE 5.5/6 Q312461 patch disclose patch information
http://www.iss.net/security_center/static/7581.php
XF:ie-q312461-patch-existence(7581)
CVE-2001-0905
Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running.
2002-06-25
2002-06-15
CVE-2001-0905
http://www.securityfocus.com/bid/3071
BID:3071
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000433
CONECTIVA:CLA-2001:433
http://www.debian.org/security/2001/dsa-083
DEBIAN:DSA-083
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:60.procmail.asc
FREEBSD:FreeBSD-SA-01:60
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-085.php3
MANDRAKE:MDKSA-2001:085
http://www.redhat.com/support/errata/RHSA-2001-093.html
REDHAT:RHSA-2001:093
https://exchange.xforce.ibmcloud.com/vulnerabilities/6872
XF:procmail-signal-handling-race(6872)
CVE-2001-0906
teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr.
2002-06-25
2002-02-06
CVE-2001-0906
http://www.securityfocus.com/bid/2974
BID:2974
http://www.securityfocus.com/archive/1/192647
BUGTRAQ:20010622 LPRng + tetex tmpfile race - uid lp exploit
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-030-01
IMMUNIX:IMNX-2001-70-030-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-086.php3
MANDRAKE:MDKSA-2001:086
http://www.redhat.com/support/errata/RHSA-2001-102.html
REDHAT:RHSA-2001:102
https://exchange.xforce.ibmcloud.com/vulnerabilities/6785
XF:tetex-lprng-tmp-race(6785)
CVE-2001-0907
Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link.
2004-09-01
2002-08-16
CVE-2001-0907
http://www.securityfocus.com/bid/3444
BID:3444
http://marc.info/?l=bugtraq&m=100343090106914&w=2
BUGTRAQ:20011018 Flaws in recent Linux kernels
http://marc.info/?l=bugtraq&m=100350685431610&w=2
BUGTRAQ:20011019 TSLSA-2001-0028
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt
CALDERA:CSSA-2001-036.0
http://www.linuxsecurity.com/advisories/other_advisory-1650.html
ENGARDE:ESA-20011019-02
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01
IMMUNIX:IMNX-2001-70-035-01
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:079
MANDRAKE:MDKSA-2001:079
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3
MANDRAKE:MDKSA-2001:082
http://www.novell.com/linux/security/advisories/2001_036_kernel_txt.html
SUSE:SuSE-SA:2001:036
http://www.iss.net/security_center/static/7312.php
XF:linux-multiple-symlink-dos(7312)
CVE-2001-0908
CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).
2002-02-02
2017-12-18
CVE-2001-0908
http://www.securityfocus.com/bid/3566
BID:3566
http://marc.info/?l=bugtraq&m=100638693315933&w=2
BUGTRAQ:20011121 CITRIX & Microsoft Windows Terminal Services False IP Address Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/7538
XF:win-terminal-spoof-address(7538)
CVE-2001-0909
Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL.
2004-09-01
2004-07-22
CVE-2001-0909
http://www.securityfocus.com/bid/6802
BID:6802
http://marc.info/?l=bugtraq&m=100638955422011&w=2
BUGTRAQ:20011121 Buffer overflow in Windows XP "helpctr.exe"
https://exchange.xforce.ibmcloud.com/vulnerabilities/7605
XF:winxp-helpctr-bo(7605)
CVE-2001-0910
Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup.
2002-02-02
2017-12-18
CVE-2001-0910
http://www.securityfocus.com/bid/3564
BID:3564
http://marc.info/?l=bugtraq&m=100638782917917&w=2
BUGTRAQ:20011121 Legato Networker vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/7601
XF:networker-reverse-dns-bypass-auth(7601)
CVE-2001-0911
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.
2002-02-02
2017-12-18
CVE-2001-0911
http://www.securityfocus.com/bid/3567
BID:3567
http://marc.info/?l=bugtraq&m=100638850219503&w=2
BUGTRAQ:20011121 PhpNuke Admin password can be stolen !
https://exchange.xforce.ibmcloud.com/vulnerabilities/7596
XF:phpnuke-postnuke-insecure-passwords(7596)
CVE-2001-0912
Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.
2002-06-25
2002-02-06
CVE-2001-0912
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-087.php3?dis=8.1
MANDRAKE:MDKSA-2001:087
https://exchange.xforce.ibmcloud.com/vulnerabilities/7604
XF:linux-expect-unauth-root(7604)
CVE-2001-0913
Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and earlier, when using syslog, allows remote attackers to corrupt memory and possibly execute arbitrary code via a rwhois request that contains format specifiers.
2002-02-02
2016-10-17
CVE-2001-0913
http://marc.info/?l=bugtraq&m=100655265508104&w=2
BUGTRAQ:20011122 [NetGuard Security] NSI Rwhoisd another Remote Format String Vulnerability
http://lists.research.netsol.com/pipermail/rwhois-announce/2001-November/000023.html
CONFIRM:http://lists.research.netsol.com/pipermail/rwhois-announce/2001-November/000023.html
CVE-2001-0914
Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading.
2004-09-01
2004-07-22
CVE-2001-0914
http://www.securityfocus.com/bid/3570
BID:3570
http://marc.info/?l=bugtraq&m=100638584813349&w=2
BUGTRAQ:20011121 SuSE 7.3 : Kernel 2.4.10-4GB Bug
http://marc.info/?l=bugtraq&m=100654787226869&w=2L:2
BUGTRAQ:20011122 Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug
https://exchange.xforce.ibmcloud.com/vulnerabilities/7591
XF:linux-vmlinux-dos(7591)
CVE-2001-0915
Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via format specifiers in the check argument of a shell definition.
2002-02-02
2016-10-17
CVE-2001-0915
http://www.securityfocus.com/bid/3572
BID:3572
http://marc.info/?l=bugtraq&m=100638919720975&w=2
BUGTRAQ:20011121 Advisory: Berkeley pmake
http://www.iss.net/security_center/static/7602.php
XF:pmake-shell-format-string(7602)
CVE-2001-0916
Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier allows a local user to gain root privileges via a long check argument of a shell definition.
2002-02-02
2016-10-17
CVE-2001-0916
http://www.securityfocus.com/bid/3573
BID:3573
http://marc.info/?l=bugtraq&m=100638919720975&w=2
BUGTRAQ:20011121 Advisory: Berkeley pmake
http://www.iss.net/security_center/static/7603.php
XF:pmake-shell-bo(7603)
CVE-2001-0917
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.
2002-06-25
2020-02-13
CVE-2001-0917
http://marc.info/?l=bugtraq&m=100654722925155&w=2
BUGTRAQ:20011122 Hi
http://marc.info/?l=tomcat-dev&m=100658457507305&w=2
CONFIRM:http://marc.info/?l=tomcat-dev&m=100658457507305&w=2
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
https://exchange.xforce.ibmcloud.com/vulnerabilities/7599
XF:tomcat-reveal-install-path(7599)
CVE-2001-0918
Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely.
2002-06-25
2002-02-06
CVE-2001-0918
http://www.securityfocus.com/bid/3576
BID:3576
http://www.novell.com/linux/security/advisories/2001_041_susehelp_txt.html
SUSE:SuSE-SA:2001:041
https://exchange.xforce.ibmcloud.com/vulnerabilities/7583
XF:susehelp-cgi-command-execution(7583)
CVE-2001-0919
Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow cookies to be stored on your machine" enabled does not warn a user when a cookie is set using Javascript.
2002-02-02
2016-10-17
CVE-2001-0919
http://marc.info/?l=bugtraq&m=100679857614967&w=2
BUGTRAQ:20011126 Javascript can bypass user preference for cookie prompt in IE5.50.4134.0100
CVE-2001-0920
Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string.
2002-06-25
2002-02-06
CVE-2001-0920
http://www.securityfocus.com/bid/3580
BID:3580
http://marc.info/?l=bugtraq&m=100680319004162&w=2
BUGTRAQ:20011126 [CERT-intexxia] Auto Nice Daemon Format String Vulnerability
http://and.sourceforge.net/
CONFIRM:http://and.sourceforge.net/
https://exchange.xforce.ibmcloud.com/vulnerabilities/7606
XF:and-format-string(7606)
CVE-2001-0921
Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext.
2003-04-02
2002-02-06
CVE-2001-0921
http://www.securityfocus.com/bid/3565
BID:3565
http://marc.info/?l=bugtraq&m=100638816318705&w=2
BUGTRAQ:20011121 Mac Netscape password fields
http://www.osvdb.org/5524
OSVDB:5524
https://exchange.xforce.ibmcloud.com/vulnerabilities/7593
XF:macos-netscape-print-passwords(7593)
CVE-2001-0922
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.
2002-02-02
2017-12-18
CVE-2001-0922
http://www.securityfocus.com/bid/3583
BID:3583
http://marc.info/?l=bugtraq&m=100681274915525&w=2
BUGTRAQ:20011126 NMRC Advisory - NetDynamics Session ID is Reusable
https://exchange.xforce.ibmcloud.com/vulnerabilities/7620
XF:netdynamics-session-hijacking(7620)
CVE-2001-0923
RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to execute arbitrary code via corrupted data in the RPM file when the file is queried.
2002-02-02
2017-12-18
CVE-2001-0923
http://www.securityfocus.com/bid/3472
BID:3472
http://www.securityfocus.com/archive/1/222542
BUGTRAQ:20011025 Advisory: Corrupt RPM Query Vulnerability
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000440
CONECTIVA:CLA-2001:440
https://exchange.xforce.ibmcloud.com/vulnerabilities/7349
XF:Linux-rpm-execute-code(7349)
CVE-2001-0924
Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter.
2002-02-02
2017-12-18
CVE-2001-0924
http://www.securityfocus.com/bid/3575
BID:3575
http://marc.info/?l=bugtraq&m=100654890029878&w=2
BUGTRAQ:20011122 double dot vulnerability on a site running Informix database.
http://marc.info/?l=bugtraq&m=100688672019635&w=2
BUGTRAQ:20011127 Re: double dot vulnerability on a site running Informix database.
https://exchange.xforce.ibmcloud.com/vulnerabilities/7585
XF:informix-web-datablade-directory-traversal(7585)
CVE-2001-0925
The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
2002-02-02
2021-06-06
CVE-2001-0925
http://www.securityfocus.com/bid/2503
BID:2503
http://www.securityfocus.com/archive/1/168497
BUGTRAQ:20010312 FORW: [ANNOUNCE] Apache 1.3.19 Released
http://www.securityfocus.com/archive/1/178066
BUGTRAQ:20010419 OpenBSD 2.8patched Apache vuln!
http://www.securityfocus.com/archive/1/193081
BUGTRAQ:20010624 Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1
BUGTRAQ:20010726 Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS
http://www.apacheweek.com/features/security-13
CONFIRM:http://www.apacheweek.com/features/security-13
http://www.debian.org/security/2001/dsa-067
DEBIAN:DSA-067
http://www.linuxsecurity.com/advisories/other_advisory-1452.html
ENGARDE:ESA-20010620-02
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3
MANDRAKE:MDKSA-2001:077
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6921
XF:apache-slash-directory-listing(6921)
CVE-2001-0926
SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers to obtain source code for Java server pages (.jsp) and other files in the web root via an HTTP request for a non-existent SSI page, in which the request's body has an #include statement.
2002-02-02
2017-12-18
CVE-2001-0926
http://www.securityfocus.com/bid/3589
BID:3589
http://marc.info/?l=bugtraq&m=100697797325013&w=2
BUGTRAQ:20011128 JRun SSI Request Body Parsing
http://www.macromedia.com/v1/handlers/index.cfm?ID=22261&Method=Full
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22261&Method=Full
https://exchange.xforce.ibmcloud.com/vulnerabilities/7622
XF:allaire-jrun-view-source(7622)
CVE-2001-0927
Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions.
2002-02-02
2016-10-17
CVE-2001-0927
http://marc.info/?l=bugtraq&m=100689302316077&w=2
BUGTRAQ:20011127 [CERT-intexxia] libgtop_daemon Remote Format String Vulnerability
http://www.debian.org/security/2002/dsa-098
DEBIAN:DSA-098
ftp://ftp.gnome.org/pub/GNOME/stable/sources/libgtop/libgtop-1.0.13.tar.gz
MISC:ftp://ftp.gnome.org/pub/GNOME/stable/sources/libgtop/libgtop-1.0.13.tar.gz
CVE-2001-0928
Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.
2002-02-02
2016-10-17
CVE-2001-0928
http://www.securityfocus.com/bid/3594
BID:3594
http://marc.info/?l=bugtraq&m=100699007010203&w=2
BUGTRAQ:20011128 Re: [CERT-intexxia] libgtop_daemon Remote Format String Vulnerability
http://www.kb.cert.org/vuls/id/705771
CERT-VN:VU#705771
http://www.debian.org/security/2002/dsa-098
DEBIAN:DSA-098
http://www.debian.org/security/2003/dsa-301
DEBIAN:DSA-301
CVE-2001-0929
Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists.
2002-06-25
2009-03-01
CVE-2001-0929
http://www.securityfocus.com/bid/3588
BID:3588
http://www.kb.cert.org/vuls/id/362483
CERT-VN:VU#362483
http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml
CISCO:20011128 A Vulnerability in IOS Firewall Feature Set
http://www.osvdb.org/808
OSVDB:808
https://exchange.xforce.ibmcloud.com/vulnerabilities/7614
XF:ios-cbac-bypass-acl(7614)
CVE-2001-0930
Sendpage.pl allows remote attackers to execute arbitrary commands via a message containing shell metacharacters.
2002-02-02
2016-10-17
CVE-2001-0930
http://marc.info/?l=bugtraq&m=100689313216624&w=2
BUGTRAQ:20011128 Sendpage (Perl CGI) Remote Execution Vulnerability
http://www.iss.net/security_center/static/7609.php
XF:sendpage-message-command-execution(7609)
CVE-2001-0931
Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET.
2002-02-02
2017-12-18
CVE-2001-0931
http://www.securityfocus.com/bid/3593
BID:3593
http://marc.info/?l=bugtraq&m=100698397818175&w=2
BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes
https://exchange.xforce.ibmcloud.com/vulnerabilities/7615
XF:powerftp-dot-directory-traversal(7615)
CVE-2001-0932
Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command.
2002-02-02
2017-12-18
CVE-2001-0932
http://www.securityfocus.com/bid/3595
BID:3595
http://marc.info/?l=bugtraq&m=100698397818175&w=2
BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes
https://exchange.xforce.ibmcloud.com/vulnerabilities/7616
XF:powerftp-long-command-dos(7616)
CVE-2001-0933
Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an argument, e.g. "ls C:".
2002-02-02
2016-10-17
CVE-2001-0933
http://marc.info/?l=bugtraq&m=100698397818175&w=2
BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes
CVE-2001-0934
Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname.
2002-02-02
2016-10-17
CVE-2001-0934
http://marc.info/?l=bugtraq&m=100698397818175&w=2
BUGTRAQ:20011128 PowerFTP-server-Bugs&Exploits-Remotes
CVE-2001-0935
Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.
2002-02-02
2002-02-06
CVE-2001-0935
http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html
SUSE:SuSE-SA:2001:043
CVE-2001-0936
Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with the local caching method selected, allows remote FTP servers to run arbitrary code via a long response to an MDTM request.
2002-06-25
2002-02-06
CVE-2001-0936
http://www.securityfocus.com/bid/3606
BID:3606
http://marc.info/?l=bugtraq&m=100713367307799&w=2
BUGTRAQ:20011130 Alert: Vulnerability in frox transparent ftp proxy.
http://frox.sourceforge.net/security.txt
CONFIRM:http://frox.sourceforge.net/security.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/7632
XF:frox-ftp-proxy-bo(7632)
CVE-2001-0937
PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters.
2002-02-02
2016-10-17
CVE-2001-0937
http://marc.info/?l=bugtraq&m=100714269114686&w=2
BUGTRAQ:20011130 Vulnerabilities in PGPMail.pl
http://www.securityfocus.com/archive/82/243262
VULN-DEV:20011129 PGPMail.pl possible remote command execution
CVE-2001-0938
Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp.
2002-02-02
2016-10-17
CVE-2001-0938
http://www.securityfocus.com/bid/3608
BID:3608
http://marc.info/?l=bugtraq&m=100715294425985&w=2
BUGTRAQ:20011130 Aspupload installs exploitable scripts
http://www.iss.net/security_center/static/7629.php
XF:aspupload-directory-browsing-download(7629)
http://www.iss.net/security_center/static/7628.php
XF:aspupload-upload-directory-traversal(7628)
CVE-2001-0939
Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443.
2002-06-25
2002-06-15
CVE-2001-0939
http://www.securityfocus.com/bid/3607
BID:3607
http://marc.info/?l=bugtraq&m=100715316426817&w=2
BUGTRAQ:20011130 Denial of Service in Lotus Domino 5.08 and earlier HTTP Server
http://www-1.ibm.com/support/manager.wss?rs=0&rt=0&org=sims&doc=4C8E450DBF2E7F1885256B200079FA88
CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=0&rt=0&org=sims&doc=4C8E450DBF2E7F1885256B200079FA88
http://www.osvdb.org/1998
OSVDB:1998
https://exchange.xforce.ibmcloud.com/vulnerabilities/7631
XF:lotus-domino-nhttp-dos(7631)
CVE-2001-0940
Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name.
2002-06-25
2002-06-15
CVE-2001-0940
http://www.securityfocus.com/bid/3336
BID:3336
http://marc.info/?l=bugtraq&m=100094268017271&w=2
BUGTRAQ:20010919 Check Point FireWall-1 GUI Log Viewer vulnerability (vuldb 3336)
http://marc.info/?l=bugtraq&m=100698954308436&w=2
BUGTRAQ:20011128 Firewall-1 remote SYSTEM shell buffer overflow
http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00291.html
BUGTRAQ:20011130 Fw: Firewall-1 remote SYSTEM shell buffer overflow
http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html
CHECKPOINT:20010919 GUI Buffer Overflow
http://www.osvdb.org/1951
OSVDB:1951
http://archives.neohapsis.com/archives/win2ksecadvice/2001-q3/0151.html
WIN2KSEC:20010921 Check Point FireWall-1 GUI Buffer Overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/7145
XF:fw1-log-viewer-bo(7145)
CVE-2001-0941
Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable.
2002-02-02
2017-07-10
CVE-2001-0941
http://www.securityfocus.com/bid/3138
BID:3138
http://marc.info/?l=bugtraq&m=100716693806967&w=2
BUGTRAQ:20011130 ASI Oracle Security Alert: Oracle Home Environment Variable Buffer Overflow
http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7643
XF:oracle-dbsnmp-home-bo(7643)
CVE-2001-0942
dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp.
2002-02-02
2017-07-10
CVE-2001-0942
http://www.securityfocus.com/bid/3137
BID:3137
http://seclists.org/lists/bugtraq/2001/Dec/0000.html
BUGTRAQ:20011130 ASI Oracle Security Alert: Oracle Home Environment Variable Validation Vulnerability
http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7645
XF:oracle-dbsnmp-home-validation(7645)
CVE-2001-0943
dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.
2002-02-02
2005-07-01
CVE-2001-0943
http://www.securityfocus.com/bid/3129
BID:3129
http://www.securityfocus.com/archive/1/201020
BUGTRAQ:20010801 Oracle 8.1.5 dbnsmp vulnerability
http://seclists.org/lists/bugtraq/2001/Dec/0001.html
BUGTRAQ:20011130 ASI Oracle Security Alert: CHOWN Path Environment Variable Vulnerability
http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf
CVE-2001-0944
DDE in mIRC allows local users to launch applications under another user's account via a DDE message that executes a command, which may be executed by the other user's process.
2002-02-02
2016-10-17
CVE-2001-0944
http://marc.info/?l=bugtraq&m=100734173831990&w=2
BUGTRAQ:20011202 mIRC bug?
CVE-2001-0945
Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.
2002-02-02
2016-10-17
CVE-2001-0945
http://www.securityfocus.com/bid/3611
BID:3611
http://marc.info/?l=bugtraq&m=100741295502017&w=2
BUGTRAQ:20011203 Buffer over flow on Outlook express for Macintosh
http://www.iss.net/security_center/static/7648.php
XF:macos-outlook-long-message-bo(7648)
CVE-2001-0946
apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins.
2002-06-25
2002-06-15
CVE-2001-0946
http://marc.info/?l=bugtraq&m=100743394701962&w=2
BUGTRAQ:20011204 Symlink attack with apmd of RH 7.2
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389
MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389
http://www.osvdb.org/5493
OSVDB:5493
https://exchange.xforce.ibmcloud.com/vulnerabilities/8268
XF:apmd-apmscript-symlink(8268)
CVE-2001-0947
Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.
2002-02-02
2017-12-18
CVE-2001-0947
http://www.securityfocus.com/bid/3615
BID:3615
http://marc.info/?l=bugtraq&m=100749428517090&w=2
BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems
http://www.valicert.com/support/security_advisory_eva.html
CONFIRM:http://www.valicert.com/support/security_advisory_eva.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7649
XF:eva-forms-reveal-path(7649)
CVE-2001-0948
Cross-site scripting (CSS) vulnerability in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to execute arbitrary code or display false information by including HTML or script in the certificate's description, which is executed when the certificate is viewed.
2002-02-02
2017-12-18
CVE-2001-0948
http://www.securityfocus.com/bid/3619
BID:3619
http://marc.info/?l=bugtraq&m=100749428517090&w=2
BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems
http://www.valicert.com/support/security_advisory_eva.html
CONFIRM:http://www.valicert.com/support/security_advisory_eva.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7650
XF:eva-admin-script-injection(7650)
CVE-2001-0949
Buffer overflows in forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 allows remote attackers to execute arbitrary code via long arguments to the parameters (1) Mode, (2) Certificate_File, (3) useExpiredCRLs, (4) listenLength, (5) maxThread, (6) maxConnPerSite, (7) maxMsgLen, (8) exitTime, (9) blockTime, (10) nextUpdatePeriod, (11) buildLocal, (12) maxOCSPValidityPeriod, (13) extension, and (14) a particular combination of parameters associated with private key generation that form a string of a certain length.
2002-02-02
2017-12-18
CVE-2001-0949
http://www.securityfocus.com/bid/3621
BID:3621
http://www.securityfocus.com/bid/3622
BID:3622
http://www.securityfocus.com/bid/3624
BID:3624
http://www.securityfocus.com/bid/3625
BID:3625
http://www.securityfocus.com/bid/3627
BID:3627
http://www.securityfocus.com/bid/3628
BID:3628
http://www.securityfocus.com/bid/3629
BID:3629
http://www.securityfocus.com/bid/3630
BID:3630
http://www.securityfocus.com/bid/3631
BID:3631
http://www.securityfocus.com/bid/3632
BID:3632
http://www.securityfocus.com/bid/3633
BID:3633
http://www.securityfocus.com/bid/3634
BID:3634
http://www.securityfocus.com/bid/3635
BID:3635
http://www.securityfocus.com/bid/3636
BID:3636
http://marc.info/?l=bugtraq&m=100749428517090&w=2
BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems
http://www.valicert.com/support/security_advisory_eva.html
CONFIRM:http://www.valicert.com/support/security_advisory_eva.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7652
XF:eva-forms-bo(7652)
CVE-2001-0950
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.
2002-02-02
2017-12-18
CVE-2001-0950
http://www.securityfocus.com/bid/3618
BID:3618
http://www.securityfocus.com/bid/3620
BID:3620
http://marc.info/?l=bugtraq&m=100749428517090&w=2
BUGTRAQ:20011204 NMRC Advisory - Multiple Valicert Problems
http://www.valicert.com/support/security_advisory_eva.html
CONFIRM:http://www.valicert.com/support/security_advisory_eva.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7653
XF:eva-insecure-key-generation(7653)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7651
XF:eva-insecure-key-storage(7651)
CVE-2001-0951
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
2004-09-01
2004-07-22
CVE-2001-0951
http://www.securityfocus.com/bid/3652
BID:3652
http://marc.info/?l=bugtraq&m=100774842520403&w=2
BUGTRAQ:20011207 UDP DoS attack in Win2k via IKE
http://marc.info/?l=bugtraq&m=100813081913496&w=2
BUGTRAQ:20011211 UDP DoS attack in Win2k via IKE
https://exchange.xforce.ibmcloud.com/vulnerabilities/7667
XF:win2k-ike-dos(7667)
CVE-2001-0952
THQ Volition Red Faction Game allows remote attackers to cause a denial of service (hang) of a client or server via packets to UDP port 7755.
2002-02-02
2017-12-18
CVE-2001-0952
http://www.securityfocus.com/bid/3651
BID:3651
http://marc.info/?l=bugtraq&m=100774266027774&w=2
BUGTRAQ:20011207 Red Faction Server/Client DOS
https://exchange.xforce.ibmcloud.com/vulnerabilities/7672
XF:red-faction-udp-dos(7672)
CVE-2001-0953
Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root.
2002-02-02
2017-12-18
CVE-2001-0953
http://www.securityfocus.com/bid/3655
BID:3655
http://marc.info/?l=bugtraq&m=100780264902037&w=2:1
BUGTRAQ:20011208 kebi-Webmail Solution vulnerability (Tested)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7674
XF:kebi-webmail-admin-dir-access(7674)
CVE-2001-0954
Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory.
2002-03-09
2002-02-06
CVE-2001-0954
http://www.securityfocus.com/bid/3656
BID:3656
http://marc.info/?l=bugtraq&m=100780146532131&w=2L:1
BUGTRAQ:20011207 Lotus Domino Web server vulnerability
http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B
CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B
http://www.osvdb.org/2000
OSVDB:2000
https://exchange.xforce.ibmcloud.com/vulnerabilities/7684
XF:lotus-domino-database-dos(7684)
CVE-2001-0955
Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph clipping for large origins, allows attackers to cause a denial of service and possibly gain privileges via a large number of characters, possibly through the web page search form of KDE Konqueror or from an xterm command with a long title.
2002-02-02
2017-12-18
CVE-2001-0955
http://www.securityfocus.com/bid/3657
BID:3657
http://www.securityfocus.com/bid/3663
BID:3663
http://marc.info/?l=bugtraq&m=100776624224549&w=2
BUGTRAQ:20011207 Crashing X
http://marc.info/?l=bugtraq&m=100784290015880&w=2
BUGTRAQ:20011208 Re: Crashing X
http://www.xfree86.org/4.2.0/RELNOTES2.html#2
CONFIRM:http://www.xfree86.org/4.2.0/RELNOTES2.html#2
http://www.xfree86.org/security/
CONFIRM:http://www.xfree86.org/security/
http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c
MISC:http://cvsweb.xfree86.org/cvsweb/xc/programs/Xserver/fb/fbglyph.c
http://marc.info/?l=vuln-dev&m=100118958310463&w=2
VULN-DEV:20010922 XFree86 DOS / Buffer overflow local and remote.
https://exchange.xforce.ibmcloud.com/vulnerabilities/7673
XF:xfree86-konqueror-bo(7673)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7683
XF:xfree86-xterm-title-bo(7683)
CVE-2001-0956
speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters.
2002-02-02
2017-12-18
CVE-2001-0956
http://www.securityfocus.com/bid/3326
BID:3326
http://archives.neohapsis.com/archives/bugtraq/2001-09/0089.html
BUGTRAQ:20010911 security alert: speechd from speechio.org
http://www.speechio.org/speechd.html
CONFIRM:http://www.speechio.org/speechd.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7121
XF:speechd-execute-commands(7121)
CVE-2001-0958
Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll.
2002-02-02
2017-12-18
CVE-2001-0958
http://www.securityfocus.com/bid/3327
BID:3327
http://archives.neohapsis.com/archives/bugtraq/2001-09/0099.html
BUGTRAQ:20010912 [SNS Advisory No.42] Trend Micro InterScan eManager for NT Multiple Program Buffer Overflow Vulnerability
http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=3142
MISC:http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=3142
https://exchange.xforce.ibmcloud.com/vulnerabilities/7104
XF:interscan-emanager-bo(7104)
CVE-2001-0959
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.
2003-04-02
2003-03-24
CVE-2001-0959
http://www.securityfocus.com/bid/3342
BID:3342
http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html
BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability
http://support.ca.com/Download/patches/asitnt/QO00945.html
MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html
http://www.osvdb.org/5483
OSVDB:5483
https://exchange.xforce.ibmcloud.com/vulnerabilities/7122
XF:arcserve-aremote-plaintext(7122)
CVE-2001-0960
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.
2003-04-02
2002-02-06
CVE-2001-0960
http://www.securityfocus.com/bid/3343
BID:3343
http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html
BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability
http://support.ca.com/Download/patches/asitnt/QO00945.html
MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7122
XF:arcserve-aremote-plaintext(7122)
CVE-2001-0961
Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most.
2002-06-25
2002-02-06
CVE-2001-0961
http://www.securityfocus.com/bid/3347
BID:3347
http://www.debian.org/security/2001/dsa-076
DEBIAN:DSA-076
https://exchange.xforce.ibmcloud.com/vulnerabilities/7149
XF:most-file-create-bo(7149)
CVE-2001-0962
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
2002-06-25
2002-02-06
CVE-2001-0962
http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
BUGTRAQ:20010919 Websphere cookie/sessionid predictable
http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
BUGTRAQ:20010928 Re: Websphere cookie/sessionid predictable
http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p
CONFIRM:http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p
http://www.osvdb.org/5492
OSVDB:5492
https://exchange.xforce.ibmcloud.com/vulnerabilities/7153
XF:ibm-websphere-seq-predict(7153)
CVE-2001-0963
Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... (modified dot dot) in the CD (CWD) command.
2002-03-09
2002-02-27
CVE-2001-0963
http://www.securityfocus.com/bid/3351
BID:3351
http://archives.neohapsis.com/archives/bugtraq/2001-09/0171.html
BUGTRAQ:20010920 Vulnerability in SpoonFTP
http://www.pi-soft.com/spoonftp/index.shtml
CONFIRM:http://www.pi-soft.com/spoonftp/index.shtml
http://www.osvdb.org/1953
OSVDB:1953
https://exchange.xforce.ibmcloud.com/vulnerabilities/7147
XF:spoonftp-dot-directory-traversal(7147)
CVE-2001-0964
Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command.
2002-02-02
2017-12-18
CVE-2001-0964
http://archives.neohapsis.com/archives/bugtraq/2001-09/0178.html
BUGTRAQ:20010920 Advisory: Half-Life remote buffer overflow vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/7148
XF:halflife-connect-bo(7148)
CVE-2001-0965
glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters.
2002-03-09
2002-02-27
CVE-2001-0965
http://www.securityfocus.com/bid/3201
BID:3201
http://archives.neohapsis.com/archives/bugtraq/2001-08/0239.html
BUGTRAQ:20010817 [ASGUARD-LABS] glFTPD v1.23 DOS Attack
http://www.glftpd.org/
CONFIRM:http://www.glftpd.org/
http://www.iss.net/security_center/static/7001.php
XF:glftpd-list-dos(7001)
CVE-2001-0966
Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command.
2002-02-02
2002-02-06
CVE-2001-0966
http://www.securityfocus.com/bid/3202
BID:3202
http://archives.neohapsis.com/archives/bugtraq/2001-08/0232.html
BUGTRAQ:20010818 [Real Security] Advisory for Nudester 1.10
CVE-2001-0967
Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing.
2002-02-02
2002-02-06
CVE-2001-0967
http://www.securityfocus.com/bid/3204
BID:3204
http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html
BUGTRAQ:20010817 Arkeia Possible remote root & information leakage
CVE-2001-0968
Knox Arkeia server 4.2, and possibly other versions, installs its root user with a null password by default, which allows local and remote users to gain privileges.
2002-02-02
2002-02-06
CVE-2001-0968
http://www.securityfocus.com/bid/3203
BID:3203
http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html
BUGTRAQ:20010817 Arkeia Possible remote root & information leakage
CVE-2001-0969
ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.
2002-03-09
2002-02-06
CVE-2001-0969
http://www.securityfocus.com/bid/3206
BID:3206
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:53.ipfw.asc
FREEBSD:FreeBSD-SA-01:53
http://www.osvdb.org/1937
OSVDB:1937
https://exchange.xforce.ibmcloud.com/vulnerabilities/7002
XF:ipfw-me-unauthorized-access(7002)
CVE-2001-0970
Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script.
2002-02-02
2017-07-10
CVE-2001-0970
http://www.securityfocus.com/bid/3207
BID:3207
http://archives.neohapsis.com/archives/bugtraq/2001-08/0281.html
BUGTRAQ:20010820 Re: tdforum 1.2 Messageboard
http://marc.info/?l=bugtraq&m=99832137410609&w=2
BUGTRAQ:20010820 tdforum 1.2 Messageboard
http://www.kb.cert.org/vuls/id/782243
CERT-VN:VU#782243
https://exchange.xforce.ibmcloud.com/vulnerabilities/7009
XF:tdforum-cross-site-scripting(7009)
CVE-2001-0971
Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request.
2002-02-02
2002-02-06
CVE-2001-0971
http://www.securityfocus.com/bid/3209
BID:3209
http://www.securityfocus.com/archive/1/206102
BUGTRAQ:20010820 ACI 4D WebServer Directory traversal.
http://www.iss.net/security_center/static/7010.php
XF:4d-webserver-directory-traversal(7010)
CVE-2001-0972
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."
2002-02-02
2017-07-10
CVE-2001-0972
http://www.securityfocus.com/bid/3210
BID:3210
http://marc.info/?l=bugtraq&m=99834088223352&w=2
BUGTRAQ:20010820 security problem in surf-net ASP Discussion Forum < 2.30
https://exchange.xforce.ibmcloud.com/vulnerabilities/7011
XF:surfnet-asp-cookie-seq-predictable(7011)
CVE-2001-0973
BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.
2002-03-09
2002-02-27
CVE-2001-0973
http://www.securityfocus.com/bid/3227
BID:3227
http://archives.neohapsis.com/archives/bugtraq/2001-08/0328.html
BUGTRAQ:20010822 BSCW symlink vulnerability
http://www.kb.cert.org/vuls/id/465971
CERT-VN:VU#465971
http://bscw.gmd.de/Bulletins/BSCW-SB-2001-08.extract.txt
CONFIRM:http://bscw.gmd.de/Bulletins/BSCW-SB-2001-08.extract.txt
http://www.iss.net/security_center/static/7029.php
XF:bscw-extracted-file-symlink(7029)
CVE-2001-0974
Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
2002-02-02
2017-12-18
CVE-2001-0974
http://www.securityfocus.com/bid/3048
BID:3048
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/869184
CERT-VN:VU#869184
http://www.ciac.org/ciac/bulletins/l-116.shtml
CIAC:L-116
https://exchange.xforce.ibmcloud.com/vulnerabilities/6903
XF:oracle-ldap-protos-format-string(6903)
CVE-2001-0975
Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
2002-02-02
2017-12-18
CVE-2001-0975
http://www.securityfocus.com/bid/3047
BID:3047
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/869184
CERT-VN:VU#869184
http://www.ciac.org/ciac/bulletins/l-116.shtml
CIAC:L-116
http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6902
XF:oracle-ldap-protos-bo(6902)
CVE-2001-0976
Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables.
2002-02-02
2002-02-06
CVE-2001-0976
http://archives.neohapsis.com/archives/hp/2001-q3/0048.html
HP:HPSBUX0108-165
CVE-2001-0977
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
2002-06-25
2002-02-06
CVE-2001-0977
http://www.securityfocus.com/bid/3049
BID:3049
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/935800
CERT-VN:VU#935800
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417
CONECTIVA:CLA-2001:417
http://www.debian.org/security/2001/dsa-068
DEBIAN:DSA-068
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3
MANDRAKE:MDKSA-2001:069
http://www.osvdb.org/1905
OSVDB:1905
http://www.redhat.com/support/errata/RHSA-2001-098.html
REDHAT:RHSA-2001:098
https://exchange.xforce.ibmcloud.com/vulnerabilities/6904
XF:openldap-ldap-protos-dos(6904)
CVE-2001-0978
login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program.
2003-04-02
2003-03-17
CVE-2001-0978
http://www.securityfocus.com/bid/3289
BID:3289
http://archives.neohapsis.com/archives/hp/2001-q3/0052.html
HPBUG:PHCO_17719
HPBUG:PHCO_24454
http://www.iss.net/security_center/static/8632.php
XF:hpux-login-btmp(8632)
CVE-2001-0979
Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument.
2002-02-02
2017-12-18
CVE-2001-0979
http://www.securityfocus.com/bid/3279
BID:3279
http://www.securityfocus.com/archive/1/211687
BUGTRAQ:20010903 hpux warez
https://exchange.xforce.ibmcloud.com/vulnerabilities/7078
XF:hpux-swverify-bo(7078)
CVE-2001-0980
docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.
2002-03-09
2002-02-06
CVE-2001-0980
http://www.securityfocus.com/bid/3052
BID:3052
http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt
CALDERA:CSSA-2001-026.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/6854
XF:docview-httpd-command-execution(6854)
CVE-2001-0981
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
2002-06-25
2002-06-15
CVE-2001-0981
http://archives.neohapsis.com/archives/hp/2001-q3/0048.html
HP:HPSBUX0108-164
https://exchange.xforce.ibmcloud.com/vulnerabilities/7051
XF:hp-cifs-change-passwords(7051)
CVE-2001-0982
Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings.
2002-03-09
2002-02-06
CVE-2001-0982
http://www-1.ibm.com/support/search.wss?rs=0&q=IY18152&apar=only
AIXAPAR:IY18152
http://www.securityfocus.com/bid/3080
BID:3080
http://archives.neohapsis.com/archives/bugtraq/2001-07/0497.html
BUGTRAQ:20010723 iXsecurity.20010618.policy_director.a
ftp://ftp.tivoli.com/support/patches/patches_3.7.1/3.7.1-POL-0003/3.7.1-POL-0003.README
CONFIRM:ftp://ftp.tivoli.com/support/patches/patches_3.7.1/3.7.1-POL-0003/3.7.1-POL-0003.README
http://www.osvdb.org/1908
OSVDB:1908
https://exchange.xforce.ibmcloud.com/vulnerabilities/6884
XF:tivoli-secureway-dot-directory-traversal(6884)
CVE-2001-0983
UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges.
2002-02-02
2016-10-17
CVE-2001-0983
http://marc.info/?l=bugtraq&m=99861651923668&w=2
BUGTRAQ:20010823 Re: Respondus v1.1.2 stores passwords using weak encryption
http://www.eve-software.com/security/ueditpw.html
MISC:http://www.eve-software.com/security/ueditpw.html
CVE-2001-0984
Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize and prompt on restore" options enabled, which could allow an attacker with access to the memory (e.g. an administrator) to read the passwords.
2002-02-02
2017-12-19
CVE-2001-0984
http://www.securityfocus.com/bid/3337
BID:3337
http://www.securityfocus.com/archive/1/213931
BUGTRAQ:20010913 leak of information in counterpane/Bruce Schneier's Password Safe program
https://exchange.xforce.ibmcloud.com/vulnerabilities/7123
XF:counterpane-password-access(7123)
CVE-2001-0985
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.
2002-02-02
2017-12-18
CVE-2001-0985
http://www.securityfocus.com/bid/3308
BID:3308
http://www.securityfocus.com/archive/1/212827
BUGTRAQ:20010908 Shopping Cart Version 1.23
http://www.irata.com/shopver.html
MISC:http://www.irata.com/shopver.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7106
XF:hassan-cart-command-execution(7106)
CVE-2001-0986
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
2002-02-02
2017-12-18
CVE-2001-0986
http://www.securityfocus.com/bid/3339
BID:3339
http://www.securityfocus.com/archive/1/214217
BUGTRAQ:20010914 Security Vulnerability with Microsoft Index Server 2.0(Sample file reveals file info, physical path etc)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7125
XF:winnt-indexserver-sqlqhit-asp(7125)
CVE-2001-0987
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap.
2002-03-09
2002-02-06
CVE-2001-0987
http://www.securityfocus.com/bid/3084
BID:3084
http://archives.neohapsis.com/archives/bugtraq/2001-07/0499.html
BUGTRAQ:20010722 Re: [cgiwrap-users] Re: Security hole in CGIWrap (cross-site scripting vulnerability)
http://cgiwrap.sourceforge.net/changes.html
CONFIRM:http://cgiwrap.sourceforge.net/changes.html
http://www.osvdb.org/1909
OSVDB:1909
https://exchange.xforce.ibmcloud.com/vulnerabilities/6886
XF:cgiwrap-cross-site-scripting(6886)
CVE-2001-0988
Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information.
2002-02-02
2017-12-18
CVE-2001-0988
http://www.securityfocus.com/bid/3085
BID:3085
http://archives.neohapsis.com/archives/bugtraq/2001-07/0521.html
BUGTRAQ:20010723 permission probs with Arkeia
https://exchange.xforce.ibmcloud.com/vulnerabilities/6885
XF:arkeia-insecure-file-permissions(6885)
CVE-2001-0989
Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign.
2002-02-02
2002-02-06
CVE-2001-0989
http://www.securityfocus.com/bid/3086
BID:3086
http://archives.neohapsis.com/archives/bugtraq/2001-07/0512.html
BUGTRAQ:20010723 pileup 1.2
http://www.babbage.demon.co.uk/linux/pileup-1.2/pileup-1.2.tar.gz
CONFIRM:http://www.babbage.demon.co.uk/linux/pileup-1.2/pileup-1.2.tar.gz
CVE-2001-0990
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail programs that use the library.
2002-02-02
2017-12-18
CVE-2001-0990
http://www.securityfocus.com/bid/3284
BID:3284
http://www.securityfocus.com/archive/1/212036
BUGTRAQ:20010904 BUZ.CH Security Advisory 200109041: Inter7 vpopmail DB pw problem
http://www.inter7.com/vpopmail/ChangeLog
MISC:http://www.inter7.com/vpopmail/ChangeLog
https://exchange.xforce.ibmcloud.com/vulnerabilities/7076
XF:vpopmail-insecure-auth-data(7076)
CVE-2001-0991
Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message.
2002-02-02
2017-12-18
CVE-2001-0991
http://www.securityfocus.com/bid/3087
BID:3087
http://www.securityfocus.com/archive/1/198954
BUGTRAQ:20010724 Proxomitron Cross-site Scripting Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6887
XF:proxomitron-cross-site-scripting(6887)
CVE-2001-0992
shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter.
2002-02-02
2017-12-18
CVE-2001-0992
http://archives.neohapsis.com/archives/bugtraq/2001-09/0012.html
BUGTRAQ:20010905 ShopPlus Cart
https://exchange.xforce.ibmcloud.com/vulnerabilities/7077
XF:shopplus-command-execution(7077)
CVE-2001-0993
sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length.
2002-03-09
2002-02-06
CVE-2001-0993
http://www.securityfocus.com/bid/3088
BID:3088
http://archives.neohapsis.com/archives/netbsd/2001-q3/0102.html
NETBSD:NetBSD-SA2001-011
http://www.osvdb.org/1910
OSVDB:1910
https://exchange.xforce.ibmcloud.com/vulnerabilities/6908
XF:bsd-kernel-sendmsg-dos(6908)
CVE-2001-0994
Marconi ForeThought 7.1 allows remote attackers to cause a denial of service by causing both telnet sessions to be locked via unusual input (e.g., from a port scanner), which prevents others from logging into the device.
2002-02-02
2017-12-18
CVE-2001-0994
http://www.securityfocus.com/bid/3286
BID:3286
http://www.securityfocus.com/archive/1/211956
BUGTRAQ:20010904 Telnet DoS Vulnerability in Marconi ATM Switch Software
https://exchange.xforce.ibmcloud.com/vulnerabilities/7082
XF:forethought-telnet-dos(7082)
CVE-2001-0995
PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.
2002-03-09
2002-02-06
CVE-2001-0995
http://www.securityfocus.com/bid/3239
BID:3239
http://www.securityfocus.com/archive/1/210349
BUGTRAQ:20010826 security hole in os groupware suite PHProjekt
http://www.phprojekt.com/ChangeLog
MISC:http://www.phprojekt.com/ChangeLog
https://exchange.xforce.ibmcloud.com/vulnerabilities/7035
XF:phprojekt-id-modify(7035)
CVE-2001-0996
POP3Lite before 0.2.4 does not properly quote a . (dot) in an email message, which could allow a remote attacker to append arbitrary text to the end of an email message, which could then be interpreted by various mail clients as valid POP server responses or other input that could cause clients to crash or otherwise behave unexpectedly.
2002-02-02
2017-12-18
CVE-2001-0996
http://www.securityfocus.com/bid/3278
BID:3278
http://archives.neohapsis.com/archives/bugtraq/2001-08/0436.html
BUGTRAQ:20010902 POP3Lite 0.2.3b minor client side DoS and message injection
https://exchange.xforce.ibmcloud.com/vulnerabilities/7075
XF:pop3lite-dot-message-injection(7075)
CVE-2001-0997
Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter.
2002-02-02
2017-12-18
CVE-2001-0997
http://archives.neohapsis.com/archives/bugtraq/2001-09/0096.html
BUGTRAQ:20010911 Textor Webmasters Ltd (listrec.pl)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7117
XF:listrecpl-remote-command-execution(7117)
CVE-2001-0998
IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd.
2002-03-09
2002-02-06
CVE-2001-0998
http://www-1.ibm.com/support/search.wss?rs=0&q=IY17630&apar=only
AIXAPAR:IY17630
http://www-1.ibm.com/support/search.wss?rs=0&q=IY20943&apar=only
AIXAPAR:IY20943
http://www.securityfocus.com/bid/3358
BID:3358
http://www.securityfocus.com/archive/1/216105
BUGTRAQ:20010924 HACMP and port scans
http://www.securityfocus.com/archive/1/217910
BUGTRAQ:20011002 Vulnerability 3358, "IBM HACMP Port Scan Denial of Service Vulnerability"
https://exchange.xforce.ibmcloud.com/vulnerabilities/7165
XF:hacmp-portscan-dos(7165)
CVE-2001-0999
Outlook Express 6.00 allows remote attackers to execute arbitrary script by embedding SCRIPT tags in a message whose MIME content type is text/plain, contrary to the expected behavior that text/plain messages will not run script.
2002-02-02
2017-12-18
CVE-2001-0999
http://www.securityfocus.com/bid/3334
BID:3334
http://www.securityfocus.com/archive/1/213754
BUGTRAQ:20010912 FREAK SHOW: Outlook Express 6.00
http://www.securityfocus.com/archive/1/214453
BUGTRAQ:20010915 Proof-Of-Concept Perl Script for Bugtraq-ID: #3334
https://exchange.xforce.ibmcloud.com/vulnerabilities/7118
XF:outlook-express-text-script-execution(7118)
CVE-2001-1000
rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file.
2002-02-02
2017-12-18
CVE-2001-1000
http://www.securityfocus.com/bid/3302
BID:3302
http://archives.neohapsis.com/archives/bugtraq/2001-09/0036.html
BUGTRAQ:20010907 rlmadmin v3.8M view file symlink vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/7096
XF:radius-rlmadmin-help-symlink(7096)
CVE-2001-1002
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.
2002-06-25
2002-06-15
CVE-2001-1002
http://www.securityfocus.com/bid/3241
BID:3241
http://marc.info/?l=bugtraq&m=99892644616749&w=2
BUGTRAQ:20010827 LPRng/rhs-printfilters - remote execution of commands
http://www.redhat.com/support/errata/RHSA-2001-102.html
REDHAT:RHSA-2001:102
https://exchange.xforce.ibmcloud.com/vulnerabilities/16509
XF:dvips-lpd-command-execution(16509)
CVE-2001-1003
Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges.
2002-02-02
2016-10-17
CVE-2001-1003
http://marc.info/?l=bugtraq&m=99859557930285&w=2
BUGTRAQ:20010823 Respondus v1.1.2 stores passwords using weak encryption
CVE-2001-1004
Cross-site scripting (CSS) vulnerability in gnut Gnutella client before 0.4.27 allows remote attackers to execute arbitrary script on other clients by sharing a file whose name contains the script tags.
2002-02-02
2002-02-06
CVE-2001-1004
http://archives.neohapsis.com/archives/bugtraq/2001-08/0415.html
BUGTRAQ:20010830 gnut gnutella client html injection
http://www.gnutelliums.com/linux_unix/gnut/ChangeLog.txt
MISC:http://www.gnutelliums.com/linux_unix/gnut/ChangeLog.txt
CVE-2001-1005
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges.
2002-02-02
2002-02-06
CVE-2001-1005
http://www.securityfocus.com/bid/3231
BID:3231
http://www.securityfocus.com/archive/1/210067
BUGTRAQ:20010824 Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities
CVE-2001-1006
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application.
2002-02-02
2002-02-06
CVE-2001-1006
http://www.securityfocus.com/bid/3232
BID:3232
http://www.securityfocus.com/archive/1/210067
BUGTRAQ:20010824 Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities
CVE-2001-1007
Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack.
2002-02-02
2002-02-06
CVE-2001-1007
http://www.securityfocus.com/archive/1/210067
BUGTRAQ:20010824 Starfish Truesync Desktop + REX 5000 Pro multiple vulnerabilities
CVE-2001-1008
Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.
2003-04-02
2003-03-24
CVE-2001-1008
http://www.securityfocus.com/bid/3245
BID:3245
http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html
BUGTRAQ:20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.
http://www.iss.net/security_center/static/7048.php
XF:javaplugin-jre-expired-certificate(7048)
CVE-2001-1009
Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request.
2002-02-02
2002-08-16
CVE-2001-1009
http://www.securityfocus.com/bid/3164
BID:3164
http://www.securityfocus.com/bid/3166
BID:3166
http://archives.neohapsis.com/archives/bugtraq/2001-08/0118.html
BUGTRAQ:20010809 Fetchmail security advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000419
CONECTIVA:CLA-2001:419
http://www.debian.org/security/2001/dsa-071
DEBIAN:DSA-071
http://www.linuxsecurity.com/advisories/other_advisory-1555.html
ENGARDE:ESA-20010816-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-072.php3
MANDRAKE:MDKSA-2001:072
http://www.redhat.com/support/errata/RHSA-2001-103.html
REDHAT:RHSA-2001:103
http://www.novell.com/linux/security/advisories/2001_026_fetchmail_txt.html
SUSE:SuSE-SA:2001:026
http://www.iss.net/security_center/static/6965.php
XF:fetchmail-signed-integer-index(6965)
CVE-2001-1010
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter.
2002-03-09
2002-02-06
CVE-2001-1010
http://www.securityfocus.com/bid/3092
BID:3092
http://archives.neohapsis.com/archives/bugtraq/2001-07/0565.html
BUGTRAQ:20010721 Sambar Web Server pagecount exploit code
http://www.sambar.com/security.htm
CONFIRM:http://www.sambar.com/security.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/6916
XF:sambar-pagecount-overwrite-files(6916)
CVE-2001-1011
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
2002-03-09
2002-02-06
CVE-2001-1011
http://www.securityfocus.com/bid/3093
BID:3093
http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html
BUGTRAQ:20010725 Serious security hole in Mambo Site Server version 3.0.X
http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz
CONFIRM:http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz
http://www.osvdb.org/1911
OSVDB:1911
https://exchange.xforce.ibmcloud.com/vulnerabilities/6910
XF:mambo-phpsessid-gain-privileges(6910)
CVE-2001-1012
Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/.
2002-02-02
2017-12-18
CVE-2001-1012
http://www.novell.com/linux/security/advisories/2001_030_screen_txt.html
SUSE:SuSE-SA:2001:030
https://exchange.xforce.ibmcloud.com/vulnerabilities/7134
XF:screen-local-privilege-elevation(7134)
CVE-2001-1013
Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
2002-02-02
2017-12-18
CVE-2001-1013
http://www.securityfocus.com/bid/3335
BID:3335
http://www.securityfocus.com/archive/1/213667
BUGTRAQ:20010912 Is there user Anna at your host ?
http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0083.html
VULN-DEV:20000707 (no subject)
http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0087.html
VULN-DEV:20000707 Re: apache and 404/404 status codes
http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0094.html
VULN-DEV:20000707 Re: your mail
https://exchange.xforce.ibmcloud.com/vulnerabilities/7129
XF:linux-apache-username-exists(7129)
CVE-2001-1014
eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter.
2002-02-02
2017-12-18
CVE-2001-1014
http://www.securityfocus.com/bid/3340
BID:3340
http://www.securityfocus.com/archive/1/214456
BUGTRAQ:20010915 advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7128
XF:eshop-script-execute-commands(7128)
CVE-2001-1015
Buffer overflow in Snes9x 1.37, when installed setuid root, allows local users to gain root privileges via a long command line argument.
2002-02-02
2002-02-06
CVE-2001-1015
http://www.securityfocus.com/bid/3437
BID:3437
http://archives.neohapsis.com/archives/bugtraq/2001-10/0107.html
BUGTRAQ:20011016 [ ** Snes9x buffer overflow vulnerability ** ]
CVE-2001-1016
PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability."
2002-03-09
2002-02-06
CVE-2001-1016
http://www.securityfocus.com/bid/3280
BID:3280
http://www.securityfocus.com/archive/1/211806
BUGTRAQ:20010904 PGPsdk Key Validity Vulnerability
http://www.pgp.com/support/product-advisories/pgpsdk.asp
CONFIRM:http://www.pgp.com/support/product-advisories/pgpsdk.asp
http://www.osvdb.org/1946
OSVDB:1946
https://exchange.xforce.ibmcloud.com/vulnerabilities/7081
XF:pgp-invalid-key-display(7081)
CVE-2001-1017
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.
2002-03-09
2002-02-06
CVE-2001-1017
http://www.securityfocus.com/bid/3282
BID:3282
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc
FREEBSD:FreeBSD-SA-01:59
http://www.osvdb.org/1947
OSVDB:1947
https://exchange.xforce.ibmcloud.com/vulnerabilities/7086
XF:rmuser-insecure-password-file(7086)
CVE-2001-1018
Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters.
2002-02-02
2017-12-18
CVE-2001-1018
http://www.securityfocus.com/bid/3350
BID:3350
http://marc.info/?l=bugtraq&m=100094373621813&w=2
BUGTRAQ:20010919 lotus domino server 5.08 is very gabby
https://exchange.xforce.ibmcloud.com/vulnerabilities/7180
XF:lotus-domino-ip-reveal(7180)
CVE-2001-1019
Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter.
2002-02-02
2017-12-18
CVE-2001-1019
http://www.securityfocus.com/bid/3309
BID:3309
http://www.securityfocus.com/archive/1/212825
BUGTRAQ:20010908 sglMerchant Version 1.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/7100
XF:sglmerchant-dot-directory-traversal(7100)
CVE-2001-1020
edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.
2002-03-09
2002-02-06
CVE-2001-1020
http://www.securityfocus.com/bid/3288
BID:3288
http://archives.neohapsis.com/archives/bugtraq/2001-09/0013.html
BUGTRAQ:20010905 directorymanager bug
http://sourceforge.net/project/shownotes.php?release_id=51589
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=51589
https://exchange.xforce.ibmcloud.com/vulnerabilities/7079
XF:directory-manager-execute-commands(7079)
CVE-2001-1021
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
2002-02-02
2017-12-18
CVE-2001-1021
http://archives.neohapsis.com/archives/bugtraq/2001-07/0610.html
BUGTRAQ:20010726 def-2001-28 - WS_FTP server 2.0.2 Buffer Overflow and possible DOS
http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html
MISC:http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6911
XF:wsftp-long-command-bo(6911)
CVE-2001-1022
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
2002-06-25
2002-02-06
CVE-2001-1022
http://www.securityfocus.com/bid/3103
BID:3103
http://www.securityfocus.com/archive/1/199706
BUGTRAQ:20010727 ADV/EXP:pic/lpd remote exploit - RH 7.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000428
CONECTIVA:CLA-2001:428
http://www.debian.org/security/2001/dsa-072
DEBIAN:DSA-072
http://www.debian.org/security/2002/dsa-107
DEBIAN:DSA-107
http://www.osvdb.org/1914
OSVDB:1914
http://www.redhat.com/support/errata/RHSA-2002-004.html
REDHAT:RHSA-2002:004
https://exchange.xforce.ibmcloud.com/vulnerabilities/6918
XF:linux-groff-format-string(6918)
CVE-2001-1023
Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header.
2002-02-02
2017-12-18
CVE-2001-1023
http://www.securityfocus.com/bid/3352
BID:3352
http://archives.neohapsis.com/archives/bugtraq/2001-09/0182.html
BUGTRAQ:20010921 IRM Security Advisory: Xcache Path Disclosure Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/7159
XF:xcache-path-disclosure(7159)
CVE-2001-1024
login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument.
2002-02-02
2017-12-18
CVE-2001-1024
http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html
BUGTRAQ:20010727 Entrust - getAccess
https://exchange.xforce.ibmcloud.com/vulnerabilities/6915
XF:entrust-getaccess-execute-commands(6915)
CVE-2001-1025
PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.
2002-02-02
2002-02-06
CVE-2001-1025
http://www.securityfocus.com/bid/3149
BID:3149
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0019.html
VULNWATCH:20010803 [VulnWatch] 3 phpnuke bugs (2 possibly lead to admin privs)
CVE-2001-1026
Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address.
2002-02-02
2017-12-18
CVE-2001-1026
http://www.securityfocus.com/bid/2996
BID:2996
http://www.securityfocus.com/bid/2998
BID:2998
http://www.securityfocus.com/bid/3000
BID:3000
http://archives.neohapsis.com/archives/bugtraq/2001-07/0129.html
BUGTRAQ:20010709 Various problems in Ternd Micro AppletTrap URL filtering
https://exchange.xforce.ibmcloud.com/vulnerabilities/6818
XF:applettrap-bypass-ip-restrictions(6818)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6817
XF:applettrap-unicode-bypass-filter(6817)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6819
XF:applettrap-zero-bypass-restrictions(6819)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6816
XF:content-slash-bypass-filter(6816)
CVE-2001-1027
Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.
2002-06-25
2002-06-15
CVE-2001-1027
http://www.securityfocus.com/bid/3177
BID:3177
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000411
CONECTIVA:CLA-2001:411
http://www.windowmaker.org/src/ChangeLog
CONFIRM:http://www.windowmaker.org/src/ChangeLog
http://www.debian.org/security/2001/dsa-074
DEBIAN:DSA-074
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-074.php3
MANDRAKE:MDKSA-2001:074
http://www.novell.com/linux/security/advisories/2001_032_wmaker_txt.html
SUSE:SuSE-SA:2001:032
https://exchange.xforce.ibmcloud.com/vulnerabilities/6969
XF:windowmaker-title-bo(6969)
CVE-2001-1028
Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.
2003-04-02
2002-08-16
CVE-2001-1028
http://www.redhat.com/support/errata/RHSA-2001-072.html
REDHAT:RHSA-2001:072
http://www.iss.net/security_center/static/8622.php
XF:man-ultimate-source-bo(8622)
CVE-2001-1029
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
2004-09-01
2004-08-17
CVE-2001-1029
http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html
BUGTRAQ:20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)
http://www.osvdb.org/6073
OSVDB:6073
https://exchange.xforce.ibmcloud.com/vulnerabilities/8697
XF:bsd-libutil-privilege-dropping(8697)
CVE-2001-1030
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
2002-06-25
2002-02-06
CVE-2001-1030
http://www.securityfocus.com/archive/1/197727
BUGTRAQ:20010718 Squid httpd acceleration acl bug enables portscanning
http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html
BUGTRAQ:20010719 TSLSA-2001-0013 - Squid
http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt
CALDERA:CSSA-2001-029.0
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01
IMMUNIX:IMNX-2001-70-031-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3
MANDRAKE:MDKSA-2001:066
http://www.redhat.com/support/errata/RHSA-2001-097.html
REDHAT:RHSA-2001:097
https://exchange.xforce.ibmcloud.com/vulnerabilities/6862
XF:squid-http-accelerator-portscanning(6862)
CVE-2001-1031
Directory traversal vulnerability in Meteor FTP 1.0 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the ls/LIST command, or (2) a ... in the cd/CWD command.
2002-02-02
2017-12-18
CVE-2001-1031
http://www.securityfocus.com/bid/3374
BID:3374
http://archives.neohapsis.com/archives/bugtraq/2001-09/0231.html
BUGTRAQ:20010927 CARTSA-2001-03 Meteor FTPD 1.0 Directory Traversal
http://207.202.218.172/
MISC:http://207.202.218.172/
https://exchange.xforce.ibmcloud.com/vulnerabilities/7176
XF:meteor-ftpd-directory-traversal(7176)
CVE-2001-1032
admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy.
2002-06-25
2002-06-15
CVE-2001-1032
http://www.securityfocus.com/bid/3361
BID:3361
http://archives.neohapsis.com/archives/bugtraq/2001-09/0203.html
BUGTRAQ:20010924 twlc advisory: all versions of php nuke are vulnerable...
http://sourceforge.net/forum/forum.php?forum_id=113892
CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=113892
https://exchange.xforce.ibmcloud.com/vulnerabilities/7170
XF:php-nuke-admin-file-overwrite(7170)
CVE-2001-1033
Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state.
2002-02-02
2017-12-18
CVE-2001-1033
http://www.securityfocus.com/bid/3362
BID:3362
http://www.securityfocus.com/archive/1/216323
BUGTRAQ:20010925 Re: HACMP and port scans
https://exchange.xforce.ibmcloud.com/vulnerabilities/7171
XF:trucluster-portscan-dos(7171)
CVE-2001-1034
Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.
2002-02-02
2017-12-18
CVE-2001-1034
http://www.securityfocus.com/bid/3357
BID:3357
http://www.securityfocus.com/archive/1/215984
BUGTRAQ:20010923 hylafax
https://exchange.xforce.ibmcloud.com/vulnerabilities/7164
XF:hylafax-hostname-format-string(7164)
CVE-2001-1035
Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post.
2002-03-09
2002-02-06
CVE-2001-1035
http://www.securityfocus.com/bid/3364
BID:3364
http://www.debian.org/security/2001/dsa-078
DEBIAN:DSA-078
https://exchange.xforce.ibmcloud.com/vulnerabilities/7166
XF:slrn-decode-script-execution(7166)
CVE-2001-1036
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.
2003-04-02
2002-02-06
CVE-2001-1036
http://www.securityfocus.com/bid/3127
BID:3127
http://www.securityfocus.com/archive/1/200991
BUGTRAQ:20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate
http://www.osvdb.org/5477
OSVDB:5477
https://exchange.xforce.ibmcloud.com/vulnerabilities/6932
XF:locate-command-execution(6932)
CVE-2001-1037
Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged.
2002-03-09
2002-02-06
CVE-2001-1037
http://www.securityfocus.com/bid/3131
BID:3131
http://www.cisco.com/warp/public/707/SN-kernel-pub.html
CISCO:20010711 Vulnerabilities in Cisco SN 5420 Storage Routers
http://www.osvdb.org/1917
OSVDB:1917
https://exchange.xforce.ibmcloud.com/vulnerabilities/6827
XF:cisco-sn-gain-access(6827)
CVE-2001-1038
Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023.
2002-03-09
2002-02-27
CVE-2001-1038
http://www.securityfocus.com/bid/3014
BID:3014
http://www.ciac.org/ciac/bulletins/l-112.shtml
CIAC:L-112
http://www.cisco.com/warp/public/707/SN-kernel-pub.html
CISCO:20010711 Vulnerabilities in Cisco SN 5420 Storage Routers
http://www.osvdb.org/1899
OSVDB:1899
https://exchange.xforce.ibmcloud.com/vulnerabilities/6826
XF:cisco-sn-dos(6826)
CVE-2001-1039
The JetAdmin web interface for HP JetDirect does not set a password for the telnet interface when the admin password is changed, which allows remote attackers to gain access to the printer.
2002-02-02
2002-02-06
CVE-2001-1039
http://www.securityfocus.com/bid/3132
BID:3132
http://www.securityfocus.com/archive/1/201160
BUGTRAQ:20010801 HP Jetdirect passwords don't sync
CVE-2001-1040
HP LaserJet, and possibly other JetDirect devices, resets the admin password when the device is turned off, which could allow remote attackers to access the device without the password.
2002-02-02
2002-02-06
CVE-2001-1040
http://www.securityfocus.com/bid/3132
BID:3132
http://www.securityfocus.com/archive/1/201224
BUGTRAQ:20010802 Re: HP Jetdirect passwords don't sync
CVE-2001-1041
oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable.
2002-02-02
2016-10-17
CVE-2001-1041
http://www.securityfocus.com/bid/3135
BID:3135
http://marc.info/?l=bugtraq&m=99677282117387&w=2
BUGTRAQ:20010802 vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6
http://marc.info/?l=bugtraq&m=100395579811880&w=2
BUGTRAQ:20011024 Oracle File Overwrite Security Vulnerability
http://otn.oracle.com/deploy/security/pdf/oracle_race.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/oracle_race.pdf
CVE-2001-1042
Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
2002-02-02
2017-12-18
CVE-2001-1042
http://www.securityfocus.com/bid/2960
BID:2960
http://www.securityfocus.com/archive/1/194443
BUGTRAQ:20010701 Broker 5.9.5.0 Directory Traversal
https://exchange.xforce.ibmcloud.com/vulnerabilities/6760
XF:ftp-lnk-directory-traversal(6760)
CVE-2001-1043
ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
2002-06-25
2002-02-06
CVE-2001-1043
http://www.securityfocus.com/bid/2961
BID:2961
http://www.securityfocus.com/archive/1/194445
BUGTRAQ:20010701 ArGoSoft 1.2.2.2 *.lnk upload Directory Traversal
http://www.osvdb.org/1886
OSVDB:1886
https://exchange.xforce.ibmcloud.com/vulnerabilities/6760
XF:ftp-lnk-directory-traversal(6760)
CVE-2001-1044
Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file.
2002-02-02
2017-12-18
CVE-2001-1044
http://www.securityfocus.com/bid/2198
BID:2198
http://www.securityfocus.com/archive/1/155897
BUGTRAQ:20010112 Basilix Webmail System *.class *.inc Permission Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/5934
XF:basilix-webmail-retrieve-files(5934)
CVE-2001-1045
Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.
2002-02-02
2017-12-18
CVE-2001-1045
http://www.securityfocus.com/bid/2995
BID:2995
http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html
BUGTRAQ:20010706 basilix bug
https://exchange.xforce.ibmcloud.com/vulnerabilities/6873
XF:basilix-webmail-view-files(6873)
CVE-2001-1046
Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.
2002-06-25
2017-07-11
CVE-2001-1046
http://www.securityfocus.com/bid/2811
BID:2811
http://www.securityfocus.com/archive/1/188267
BUGTRAQ:20010602 Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd)
http://archives.neohapsis.com/archives/linux/caldera/2001-q3/0006.html
CALDERA:CSSA-2001-SCO.8
http://marc.info/?l=vuln-dev&m=98777649031406&w=2
VULN-DEV:20010420 Qpopper 4.0 Buffer Overflow
https://exchange.xforce.ibmcloud.com/vulnerabilities/6647
XF:qpopper-username-bo(6647)
CVE-2001-1047
Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork.
2002-02-02
2017-12-18
CVE-2001-1047
http://www.securityfocus.com/bid/2817
BID:2817
http://www.securityfocus.com/bid/2818
BID:2818
http://seclists.org/bugtraq/2001/Jun/0020.html
BUGTRAQ:20010602 Locally exploitable races in OpenBSD VFS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6660
XF:openbsd-dup2-race-dos(6660)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6661
XF:openbsd-pipe-race-dos(6661)
CVE-2001-1048
AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
2002-03-09
2002-02-27
CVE-2001-1048
http://www.securityfocus.com/bid/3387
BID:3387
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
http://www.gospelcom.net/mnn/topher/awol/changelog.php
CONFIRM:http://www.gospelcom.net/mnn/topher/awol/changelog.php
http://www.geocrawler.com/archives/3/14414/2001/9/0/6668723/
MISC:http://www.geocrawler.com/archives/3/14414/2001/9/0/6668723/
http://www.iss.net/security_center/static/7215.php
XF:php-includedir-code-execution(7215)
CVE-2001-1049
Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
2002-03-09
2002-02-06
CVE-2001-1049
http://www.securityfocus.com/bid/3388
BID:3388
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
http://phorecast.org/
CONFIRM:http://phorecast.org/
http://www.iss.net/security_center/static/7215.php
XF:php-includedir-code-execution(7215)
CVE-2001-1050
CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
2002-02-02
2017-12-18
CVE-2001-1050
http://www.securityfocus.com/bid/3389
BID:3389
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
https://exchange.xforce.ibmcloud.com/vulnerabilities/7215
XF:php-includedir-code-execution(7215)
CVE-2001-1051
Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
2002-02-02
2017-12-18
CVE-2001-1051
http://www.securityfocus.com/bid/3390
BID:3390
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
http://sourceforge.net/tracker/index.php?func=detail&aid=440666&group_id=20971&atid=120971
MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=440666&group_id=20971&atid=120971
https://exchange.xforce.ibmcloud.com/vulnerabilities/7215
XF:php-includedir-code-execution(7215)
CVE-2001-1052
Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
2002-02-02
2017-12-18
CVE-2001-1052
http://www.securityfocus.com/bid/3391
BID:3391
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
https://exchange.xforce.ibmcloud.com/vulnerabilities/7215
XF:php-includedir-code-execution(7215)
CVE-2001-1053
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
2002-06-25
2002-06-15
CVE-2001-1053
http://www.securityfocus.com/bid/3032
BID:3032
http://archives.neohapsis.com/archives/bugtraq/2001-07/0249.html
BUGTRAQ:20010713 AdCycle SQL Command Insertion Vulnerability - qDefense Advisory Number QDAV-2001-7-2
http://www.adcycle.com/cgi-bin/download.cgi?type=UNIX&version=1.17
CONFIRM:http://www.adcycle.com/cgi-bin/download.cgi?type=UNIX&version=1.17
https://exchange.xforce.ibmcloud.com/vulnerabilities/6837
XF:adcycle-insert-sql-command(6837)
CVE-2001-1054
PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
2002-03-09
2002-02-06
CVE-2001-1054
http://www.securityfocus.com/bid/3392
BID:3392
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
http://sourceforge.net/forum/forum.php?forum_id=117952
CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=117952
http://sourceforge.net/forum/forum.php?thread_id=148900&forum_id=117952
CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=148900&forum_id=117952
http://www.iss.net/security_center/static/7215.php
XF:php-includedir-code-execution(7215)
CVE-2001-1055
The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.
2004-09-01
2004-07-22
CVE-2001-1055
http://www.securityfocus.com/bid/3113
BID:3113
http://www.securityfocus.com/archive/1/200323
BUGTRAQ:20010730 ARPNuke - 80 kb/s kills a whole subnet
https://exchange.xforce.ibmcloud.com/vulnerabilities/6924
XF:win-arp-packet-flooding-dos(6924)
CVE-2001-1056
IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.
2002-03-09
2002-02-27
CVE-2001-1056
http://www.securityfocus.com/bid/3117
BID:3117
http://archives.neohapsis.com/archives/bugtraq/2001-07/0750.html
BUGTRAQ:20010730 Re: [RAZOR] Linux kernel IP masquerading vulnerability (_actual_ patch)
http://archives.neohapsis.com/archives/bugtraq/2001-07/0733.html
BUGTRAQ:20010730 [RAZOR] Linux kernel IP masquerading vulnerability
http://www.osvdb.org/1916
OSVDB:1916
http://www.iss.net/security_center/static/6923.php
XF:linux-ipmasqirc-bypass-protection(6923)
CVE-2001-1057
The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests.
2002-02-02
2017-12-18
CVE-2001-1057
http://www.securityfocus.com/bid/3120
BID:3120
http://www.securityfocus.com/archive/1/200462
BUGTRAQ:20010730 a couple minor issues with mathematica license manager
https://exchange.xforce.ibmcloud.com/vulnerabilities/6926
XF:mathematica-license-dos(6926)
CVE-2001-1058
The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license.
2002-02-02
2017-12-18
CVE-2001-1058
http://www.securityfocus.com/bid/3118
BID:3118
http://www.securityfocus.com/archive/1/200462
BUGTRAQ:20010730 a couple minor issues with mathematica license manager
https://exchange.xforce.ibmcloud.com/vulnerabilities/6927
XF:mathematica-license-retrieval(6927)
CVE-2001-1059
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.
2003-04-02
2002-02-06
CVE-2001-1059
http://www.securityfocus.com/bid/3119
BID:3119
http://www.securityfocus.com/archive/1/200455
BUGTRAQ:20010730 vmware bug?
http://www.osvdb.org/5475
OSVDB:5475
https://exchange.xforce.ibmcloud.com/vulnerabilities/6925
XF:vmware-obtain-license-info(6925)
CVE-2001-1060
phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php.
2002-02-02
2002-02-06
CVE-2001-1060
http://www.securityfocus.com/bid/3121
BID:3121
http://www.securityfocus.com/archive/1/200596
BUGTRAQ:20010731 New command execution vulnerability in myPhpAdmin
http://freshmeat.net/redir/phpmyadmin/8001/url_changelog/
MISC:http://freshmeat.net/redir/phpmyadmin/8001/url_changelog/
CVE-2001-1061
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error.
2002-02-02
2002-02-06
CVE-2001-1061
http://archives.neohapsis.com/archives/aix/2001-q3/0003.html
AIXAPAR:IY22255
CVE-2001-1062
Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code.
2002-06-25
2002-02-27
CVE-2001-1062
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.12/CSSA-2001-SCO.12.txt
CALDERA:CSSA-2001-SCO.12
http://www.iss.net/security_center/static/7034.php
XF:openserver-mana-bo(7034)
CVE-2001-1063
Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument.
2002-03-09
2002-02-06
CVE-2001-1063
http://www.securityfocus.com/bid/3244
BID:3244
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.14/CSSA-2001-SCO.14.txt
CALDERA:CSSA-2001-SCO.14
https://exchange.xforce.ibmcloud.com/vulnerabilities/7036
XF:unixware-openunix-uidadmin-bo(7036)
CVE-2001-1064
Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets.
2002-02-02
2017-12-18
CVE-2001-1064
http://www.securityfocus.com/bid/3236
BID:3236
http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml
CISCO:20010823 CBOS Web-based Configuration Utility Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/7026
XF:cisco-cbos-http-dos(7026)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7025
XF:cisco-cbos-telnet-dos(7025)
CVE-2001-1065
Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.
2002-02-02
2017-12-18
CVE-2001-1065
http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml
CISCO:20010823 CBOS Web-based Configuration Utility Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/7027
XF:cisco-cbos-web-config(7027)
CVE-2001-1066
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
2004-09-01
2004-07-24
CVE-2001-1066
http://www.securityfocus.com/bid/3243
BID:3243
http://marc.info/?l=bugtraq&m=99893667921216&w=2
BUGTRAQ:20010827 Dangerous temp file creation during installation of Netscape 6.
SUNBUG:4633888
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0036.html
VULNWATCH:20010827 Dangerous temp file creation during installation of Netscape 6.
https://exchange.xforce.ibmcloud.com/vulnerabilities/7042
XF:netscape-install-tmpfile-symlink(7042)
CVE-2001-1067
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.
2002-03-09
2002-02-06
CVE-2001-1067
http://www.securityfocus.com/bid/3230
BID:3230
http://archives.neohapsis.com/archives/bugtraq/2001-08/0325.html
BUGTRAQ:20010822 AOLserver 3.0 vulnerability
http://www.securityfocus.com/archive/1/213041
BUGTRAQ:20010906 AOLserver exploit code
https://exchange.xforce.ibmcloud.com/vulnerabilities/7030
XF:aolserver-long-password-dos(7030)
CVE-2001-1068
qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system.
2002-02-02
2017-12-18
CVE-2001-1068
http://www.securityfocus.com/bid/3242
BID:3242
http://archives.neohapsis.com/archives/bugtraq/2001-08/0363.html
BUGTRAQ:20010825 qpopper and pam.d
https://exchange.xforce.ibmcloud.com/vulnerabilities/7047
XF:qpopper-pam-auth-error(7047)
CVE-2001-1069
libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior.
2004-09-01
2002-02-06
CVE-2001-1069
http://www.securityfocus.com/bid/3225
BID:3225
http://marc.info/?l=bugtraq&m=99849121502399&w=2
BUGTRAQ:20010822 Adobe Acrobat creates world writable ~/AdobeFnt.lst files
http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html
MISC:http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7024
XF:adobe-acrobat-insecure-permissions(7024)
CVE-2001-1070
Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters.
2002-02-02
2017-12-18
CVE-2001-1070
http://www.securityfocus.com/bid/3221
BID:3221
http://archives.neohapsis.com/archives/bugtraq/2001-08/0312.html
BUGTRAQ:20010821 Bug in MAS90 Accounting Platform remote access?
https://exchange.xforce.ibmcloud.com/vulnerabilities/7020
XF:mas-telnet-connect-dos(7020)
CVE-2001-1071
Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements.
2002-06-25
2009-03-01
CVE-2001-1071
http://www.securityfocus.com/bid/3412
BID:3412
http://www.securityfocus.com/archive/1/219257
BUGTRAQ:20011009 Cisco CDP attacks
http://www.securityfocus.com/archive/1/219305
BUGTRAQ:20011009 Cisco Systems - Vulnerability in CDP
http://www.kb.cert.org/vuls/id/139491
CERT-VN:VU#139491
http://www.osvdb.org/1969
OSVDB:1969
https://exchange.xforce.ibmcloud.com/vulnerabilities/7242
XF:cisco-ios-cdp-dos(7242)
CVE-2001-1072
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
2002-06-25
2002-06-15
CVE-2001-1072
http://www.securityfocus.com/bid/3176
BID:3176
http://www.securityfocus.com/archive/1/203955
BUGTRAQ:20010812 Are your mod_rewrite rules doing what you expect?
http://www.apacheweek.com/issues/02-02-01#security
CONFIRM:http://www.apacheweek.com/issues/02-02-01#security
https://exchange.xforce.ibmcloud.com/vulnerabilities/8633
XF:apache-rewrite-bypass-directives(8633)
CVE-2001-1073
Webridge PX Application Suite allows remote attackers to obtain sensitive information via a malformed request that generates a server error message, which includes full pathname or internal IP address information in the variables (1) APPL_PHYSICAL_PATH, (2) PATH_TRANSLATED, and (3) LOCAL_ADDR.
2002-02-02
2017-12-18
CVE-2001-1073
http://www.securityfocus.com/bid/3182
BID:3182
http://www.securityfocus.com/archive/1/204725
BUGTRAQ:20010815 webridge application suite gives up too much error information on Internal Server Error
https://exchange.xforce.ibmcloud.com/vulnerabilities/6993
XF:webridge-px-reveal-information(6993)
CVE-2001-1074
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
2002-06-25
2002-02-06
CVE-2001-1074
http://www.securityfocus.com/bid/2795
BID:2795
http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html
BUGTRAQ:20010526 Webmin Doesn't Clean Env (root exploit)
http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt
CALDERA:CSSA-2001-019.1
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3
MANDRAKE:MDKSA-2001:059
https://exchange.xforce.ibmcloud.com/vulnerabilities/6627
XF:webmin-gain-information(6627)
CVE-2001-1075
poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.
2002-03-09
2002-02-06
CVE-2001-1075
http://www.securityfocus.com/bid/2986
BID:2986
http://archives.neohapsis.com/archives/bugtraq/2001-07/0064.html
BUGTRAQ:20010703 poprelayd and sendmail relay authentication problem (Cobalt Raq3)
http://archives.neohapsis.com/archives/bugtraq/2001-07/0150.html
BUGTRAQ:20010709 Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6806
XF:cobalt-poprelayd-mail-relay(6806)
CVE-2001-1076
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.
2002-02-02
2017-12-18
CVE-2001-1076
http://www.securityfocus.com/bid/2935
BID:2935
http://archives.neohapsis.com/archives/bugtraq/2001-07/0076.html
BUGTRAQ:20010705 Solaris whodo Vulnerability
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A34
OVAL:oval:org.mitre.oval:def:34
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A47
OVAL:oval:org.mitre.oval:def:47
https://exchange.xforce.ibmcloud.com/vulnerabilities/6802
XF:solaris-whodo-bo(6802)
CVE-2001-1077
Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument.
2002-02-02
2017-12-18
CVE-2001-1077
http://www.securityfocus.com/bid/2878
BID:2878
http://www.securityfocus.com/archive/1/191510
BUGTRAQ:20010615 Rxvt vulnerability
http://www.debian.org/security/2001/dsa-062
DEBIAN:DSA-062
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-028-01
IMMUNIX:IMNX-2001-70-028-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-060.php
MANDRAKE:MDKSA-2001:060
https://exchange.xforce.ibmcloud.com/vulnerabilities/6701
XF:rxvt-ttprintf-bo(6701)
CVE-2001-1078
Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.
2002-02-02
2017-12-18
CVE-2001-1078
http://www.securityfocus.com/bid/2908
BID:2908
http://archives.neohapsis.com/archives/bugtraq/2001-06/0291.html
BUGTRAQ:20010622 eXtremail Remote Format String ('s)
http://www.extremail.com/history.htm
CONFIRM:http://www.extremail.com/history.htm
http://www.extremail.com/news.htm
CONFIRM:http://www.extremail.com/news.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/6733
XF:extremail-flog-format-string(6733)
CVE-2001-1079
create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service.
2002-06-25
2002-06-15
CVE-2001-1079
http://archives.neohapsis.com/archives/aix/2001-q3/0000.html
AIXAPAR:IY19069
http://www.osvdb.org/5473
OSVDB:5473
https://exchange.xforce.ibmcloud.com/vulnerabilities/8923
XF:aix-keyfile-world-writable(8923)
CVE-2001-1080
diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program.
2002-03-09
2002-02-27
CVE-2001-1080
http://www.securityfocus.com/bid/2916
BID:2916
http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2001.225.1/$file/oar225.txt
IBM:MSS-OAR-E01-2001:225.1
https://exchange.xforce.ibmcloud.com/vulnerabilities/6734
XF:aix-diagrpt-root-shell(6734)
CVE-2001-1081
Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages.
2004-09-01
2004-07-24
CVE-2001-1081
http://www.securityfocus.com/bid/2994
BID:2994
http://freshmeat.net/releases/52020/
CONFIRM:http://freshmeat.net/releases/52020/
http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html
MLIST:[fm-news] 20010713 Newsletter for Friday, July 13th 2001
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html
VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
CVE-2001-1082
Directory traversal vulnerability in Livingston/Lucent RADIUS before 2.1.va.1 may allow attackers to read arbitrary files via a .. (dot dot) attack.
2002-02-02
2002-02-06
CVE-2001-1082
http://freshmeat.net/releases/52020/
CONFIRM:http://freshmeat.net/releases/52020/
CVE-2001-1083
Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).
2002-06-25
2002-06-15
CVE-2001-1083
http://www.securityfocus.com/bid/2933
BID:2933
http://www.securityfocus.com/archive/1/193516
BUGTRAQ:20010626 Advisory
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-020.0.txt
CALDERA:CSSA-2002-020.0
http://www.icecast.org/releases/icecast-1.3.11.tar.gz
CONFIRM:http://www.icecast.org/releases/icecast-1.3.11.tar.gz
http://www.debian.org/security/2001/dsa-089
DEBIAN:DSA-089
http://www.icecast.org/index.html
MISC:http://www.icecast.org/index.html
http://www.redhat.com/support/errata/RHSA-2001-105.html
REDHAT:RHSA-2001:105
http://www.redhat.com/support/errata/RHSA-2002-063.html
REDHAT:RHSA-2002:063
https://exchange.xforce.ibmcloud.com/vulnerabilities/6751
XF:icecast-http-remote-dos(6751)
CVE-2001-1084
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.
2002-06-25
2002-03-22
CVE-2001-1084
http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full
ALLAIRE:MPSB01-06
http://www.securityfocus.com/bid/2983
BID:2983
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html
BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability
http://www.kb.cert.org/vuls/id/654643
CERT-VN:VU#654643
http://www.osvdb.org/1891
OSVDB:1891
https://exchange.xforce.ibmcloud.com/vulnerabilities/6793
XF:java-servlet-crosssite-scripting(6793)
CVE-2001-1085
Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
2002-06-25
2002-03-22
CVE-2001-1085
http://www.securityfocus.com/bid/2984
BID:2984
http://www.securityfocus.com/archive/1/195022
BUGTRAQ:20010705 lmail local root exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/6809
XF:lmail-tmpfile-symlink(6809)
CVE-2001-1086
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force attack.
2002-03-15
2017-12-18
CVE-2001-1086
http://www.securityfocus.com/bid/2985
BID:2985
http://www.securityfocus.com/archive/1/194907
BUGTRAQ:20010704 xdm cookies fast brute force
http://online.securityfocus.com/archive/1/195008
BUGTRAQ:20010705 Re: xdm cookies fast brute force
https://exchange.xforce.ibmcloud.com/vulnerabilities/6808
XF:xdm-cookie-brute-force(6808)
CVE-2001-1087
The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device.
2002-03-15
2017-12-18
CVE-2001-1087
http://www.securityfocus.com/bid/2990
BID:2990
http://www.securityfocus.com/archive/1/195176
BUGTRAQ:20010705 RE: Tunnel ports allowed on NetApp NetCaches
https://exchange.xforce.ibmcloud.com/vulnerabilities/6807
XF:netcache-tunnel-default-configuration(6807)
CVE-2001-1088
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
2002-06-25
2002-03-22
CVE-2001-1088
http://www.securityfocus.com/bid/2823
BID:2823
http://www.securityfocus.com/archive/1/188752
BUGTRAQ:20010605 SECURITY.NNOV: Outlook Express address book spoofing
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241
CONFIRM:http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241
https://exchange.xforce.ibmcloud.com/vulnerabilities/6655
XF:outlook-address-book-spoofing(6655)
CVE-2001-1089
libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
2002-06-25
2002-03-22
CVE-2001-1089
http://www.securityfocus.com/bid/3314
BID:3314
http://www.securityfocus.com/archive/1/213331
BUGTRAQ:20010910 RUS-CERT Advisory 2001-09:01
https://exchange.xforce.ibmcloud.com/vulnerabilities/7111
XF:postgresql-nss-authentication-modules(7111)
CVE-2001-1090
nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
2002-03-15
2017-12-18
CVE-2001-1090
http://www.securityfocus.com/bid/3315
BID:3315
http://www.securityfocus.com/archive/1/213331
BUGTRAQ:20010910 RUS-CERT Advisory 2001-09:01
https://exchange.xforce.ibmcloud.com/vulnerabilities/7111
XF:postgresql-nss-authentication-modules(7111)
CVE-2001-1091
The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.
2002-03-15
2017-12-18
CVE-2001-1091
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-014.txt.asc
NETBSD:NetBSD-SA2001-014
https://exchange.xforce.ibmcloud.com/vulnerabilities/7037
XF:bsd-dump-tty-privileges(7037)
CVE-2001-1092
msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file.
2002-03-15
2017-12-18
CVE-2001-1092
http://www.securityfocus.com/bid/3320
BID:3320
http://www.securityfocus.com/archive/1/213238
BUGTRAQ:20010910 Digital Unix 4.0x msgchk multiple vulnerabilities
http://www.kb.cert.org/vuls/id/440539
CERT-VN:VU#440539
https://exchange.xforce.ibmcloud.com/vulnerabilities/7102
XF:du-msgchk-symlink(7102)
CVE-2001-1093
Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument.
2002-03-15
2017-12-18
CVE-2001-1093
http://www.securityfocus.com/bid/3311
BID:3311
http://www.securityfocus.com/archive/1/213238
BUGTRAQ:20010910 Digital Unix 4.0x msgchk multiple vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/7101
XF:du-msgchk-bo(7101)
CVE-2001-1094
NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version.
2002-03-15
2017-12-18
CVE-2001-1094
http://www.securityfocus.com/bid/3321
BID:3321
http://www.securityfocus.com/archive/1/213516
BUGTRAQ:20010911 NetOP School Admin Vulnerability for Windows 2000 Terminal Services and NT4
https://exchange.xforce.ibmcloud.com/vulnerabilities/7120
XF:netop-school-bypass-authentication(7120)
CVE-2001-1095
Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter.
2002-06-25
2016-09-15
CVE-2001-1095
http://archives.neohapsis.com/archives/aix/2001-q4/0000.html
AIXAPAR:IY23401
http://www-1.ibm.com/support/search.wss?rs=0&q=IY24231&apar=only
AIXAPAR:IY24231
http://www.osvdb.org/5469
OSVDB:5469
CVE-2001-1096
Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code.
2002-06-25
2002-03-22
CVE-2001-1096
http://archives.neohapsis.com/archives/aix/2001-q4/0000.html
AIXAPAR:IY23402
http://www.osvdb.org/5470
OSVDB:5470
CVE-2001-1097
Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.
2002-03-15
2017-12-18
CVE-2001-1097
http://www.securityfocus.com/bid/3096
BID:3096
http://www.securityfocus.com/archive/1/199558
BUGTRAQ:20010724 UDP packet handling weird behaviour of various operating systems
http://marc.info/?l=bugtraq&m=99749327219189&w=2
BUGTRAQ:20010811 Re: UDP packet handling weird behaviour of various operating systems
https://exchange.xforce.ibmcloud.com/vulnerabilities/6913
XF:cisco-ios-udp-dos(6319)
CVE-2001-1098
Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file.
2004-09-01
2004-07-24
CVE-2001-1098
http://www.securityfocus.com/bid/3419
BID:3419
http://archives.neohapsis.com/archives/bugtraq/2001-10/0071.html
BUGTRAQ:20011010 Vulnerability: Cisco PIX Firewall Manager
http://www.kb.cert.org/vuls/id/639507
CERT-VN:VU#639507
https://exchange.xforce.ibmcloud.com/vulnerabilities/7265
XF:cisco-pfm-plaintext-password(7265)
CVE-2001-1099
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
2002-06-25
2002-03-22
CVE-2001-1099
http://www.securityfocus.com/bid/3305
BID:3305
http://www.securityfocus.com/archive/1/212724
BUGTRAQ:20010907 Microsoft Exchange + Norton AntiVirus leak local information
http://www.securityfocus.com/archive/1/213762
BUGTRAQ:20010912 Re: Microsoft Exchange + Norton AntiVirus leak local information
https://exchange.xforce.ibmcloud.com/vulnerabilities/7093
XF:nav-exchange-reveal-information(7093)
CVE-2001-1100
sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.
2002-06-25
2002-03-22
CVE-2001-1100
http://www.securityfocus.com/bid/3673
BID:3673
http://www.securityfocus.com/archive/1/218921
BUGTRAQ:20011007 Bug found at W3Mail Webmail
http://www.w3mail.org/ChangeLog
CONFIRM:http://www.w3mail.org/ChangeLog
https://exchange.xforce.ibmcloud.com/vulnerabilities/7230
XF:w3mail-metacharacters-command-execution(7230)
CVE-2001-1101
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of '.log' files when saving files, which allows (1) remote authenticated users to overwrite arbitrary files ending in '.log', or (2) local users to overwrite arbitrary files via a symlink attack.
2002-03-15
2017-12-18
CVE-2001-1101
http://www.securityfocus.com/bid/3303
BID:3303
http://www.securityfocus.com/archive/1/212826
BUGTRAQ:20010908 Bug in remote GUI access in CheckPoint Firewall
https://exchange.xforce.ibmcloud.com/vulnerabilities/7095
XF:fw1-log-file-overwrite(7095)
CVE-2001-1102
Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable.
2002-03-15
2017-12-18
CVE-2001-1102
http://www.securityfocus.com/bid/3300
BID:3300
http://www.securityfocus.com/archive/1/212824
BUGTRAQ:20010908 Bug in compile portion for older versions of CheckPoint Firewalls
https://exchange.xforce.ibmcloud.com/vulnerabilities/7094
XF:fw1-tmp-file-symlink(7094)
CVE-2001-1103
FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands.
2004-09-01
2002-03-22
CVE-2001-1103
http://www.kb.cert.org/vuls/id/320944
CERT-VN:VU#320944
https://exchange.xforce.ibmcloud.com/vulnerabilities/7119
XF:ftp-voyager-embedded-script-execution(7119)
CVE-2001-1104
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.
2002-03-15
2002-03-22
CVE-2001-1104
http://www.securityfocus.com/bid/3098
BID:3098
http://www.securityfocus.com/archive/1/199632
BUGTRAQ:20010725 Weak TCP Sequence Numbers in Sonicwall SOHO Firewall
CVE-2001-1105
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure.
2002-03-15
2017-12-18
CVE-2001-1105
http://www.securityfocus.com/bid/3329
BID:3329
http://www.ciac.org/ciac/bulletins/l-141.shtml
CIAC:L-141
http://www.cisco.com/warp/public/707/SSL-J-pub.html
CISCO:20010912 Vulnerable SSL Implementation in iCDN
http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html
CONFIRM:http://www.rsasecurity.com/products/bsafe/bulletins/BSAFE_SSL-J_3.x.SecurityBulletin.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7112
XF:bsafe-ssl-bypass-authentication(7112)
CVE-2001-1106
The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.
2003-04-02
2002-03-22
CVE-2001-1106
http://www.securityfocus.com/bid/3095
BID:3095
http://www.securityfocus.com/archive/1/199418
BUGTRAQ:20010725 Sambar Server password decryption
https://exchange.xforce.ibmcloud.com/vulnerabilities/6909
XF:sambar-insecure-passwords(6909)
CVE-2001-1107
SnapStream PVS 1.2a stores its passwords in plaintext in the file SSD.ini, which could allow a remote attacker to gain privileges on the server.
2002-03-15
2017-12-18
CVE-2001-1107
http://www.securityfocus.com/bid/3101
BID:3101
http://archives.neohapsis.com/archives/bugtraq/2001-07/0606.html
BUGTRAQ:20010726 Snapstream PVS vulnerability
http://discuss.snapstream.com/ubb/Forum1/HTML/000216.html
CONFIRM:http://discuss.snapstream.com/ubb/Forum1/HTML/000216.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6917
XF:snapstream-dot-directory-traversal(6917)
CVE-2001-1108
Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. (dot dot) attack in the requested URL.
2002-06-25
2002-03-22
CVE-2001-1108
http://www.securityfocus.com/bid/3100
BID:3100
http://archives.neohapsis.com/archives/bugtraq/2001-07/0606.html
BUGTRAQ:20010726 Snapstream PVS vulnerability
http://discuss.snapstream.com/ubb/Forum1/HTML/000216.html
CONFIRM:http://discuss.snapstream.com/ubb/Forum1/HTML/000216.html
http://www.osvdb.org/2080
OSVDB:2080
https://exchange.xforce.ibmcloud.com/vulnerabilities/6917
XF:snapstream-dot-directory-traversal(6917)
CVE-2001-1109
Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands.
2002-03-15
2017-12-18
CVE-2001-1109
http://www.securityfocus.com/bid/3331
BID:3331
http://www.securityfocus.com/bid/3333
BID:3333
http://www.securityfocus.com/archive/1/213647
BUGTRAQ:20010912 EFTP Version 2.0.7.337 vulnerabilities
http://www.eftp.org/releasehistory.html
MISC:http://www.eftp.org/releasehistory.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7113
XF:eftp-list-directory-traversal(7113)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7114
XF:eftp-quote-reveal-information(7114)
CVE-2001-1110
EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection.
2002-03-15
2002-03-22
CVE-2001-1110
http://www.securityfocus.com/archive/1/213647
BUGTRAQ:20010912 EFTP Version 2.0.7.337 vulnerabilities
CVE-2001-1111
EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file.
2002-03-15
2017-12-18
CVE-2001-1111
http://www.securityfocus.com/bid/3332
BID:3332
http://www.securityfocus.com/archive/1/213647
BUGTRAQ:20010912 EFTP Version 2.0.7.337 vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/7116
XF:eftp-plaintext-password(7116)
CVE-2001-1112
Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters.
2002-03-15
2017-12-18
CVE-2001-1112
http://www.securityfocus.com/bid/3330
BID:3330
http://www.securityfocus.com/archive/1/213647
BUGTRAQ:20010912 EFTP Version 2.0.7.337 vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/7115
XF:eftp-lnk-bo(7115)
CVE-2001-1113
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command.
2002-06-25
2002-03-22
CVE-2001-1113
http://www.securityfocus.com/bid/3174
BID:3174
http://www.securityfocus.com/archive/1/203874
BUGTRAQ:20010813 Local exploit for TrollFTPD-1.26
ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz
CONFIRM:ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz
https://exchange.xforce.ibmcloud.com/vulnerabilities/6974
XF:trollftpd-long-path-bo(6974)
CVE-2001-1114
book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter.
2002-03-15
2017-12-18
CVE-2001-1114
http://www.securityfocus.com/bid/3178
BID:3178
http://www.securityfocus.com/archive/1/204094
BUGTRAQ:20010813 NetCode NC Book 0.2b remote command execution vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6986
XF:netcode-book-pipes-command(6986)
CVE-2001-1115
generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter.
2002-03-15
2017-12-18
CVE-2001-1115
http://www.securityfocus.com/bid/3175
BID:3175
http://www.securityfocus.com/archive/1/204053
BUGTRAQ:20010813 SIX-webboard 2.01 "show files" vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6975
XF:sixwebboard-dot-directory-traversal(6975)
CVE-2001-1116
Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display.
2002-06-25
2002-03-22
CVE-2001-1116
http://www.securityfocus.com/bid/3140
BID:3140
http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=IND0108&L=NTBUGTRAQ&F=P&S=&P=71
NTBUGTRAQ:20010802 Identix BioLogon Client security bug
http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind0108&L=ntbugtraq&F=P&S=&P=724
NTBUGTRAQ:20010808 Response to Identix BioLogon Client security bug
http://www.osvdb.org/5453
OSVDB:5453
https://exchange.xforce.ibmcloud.com/vulnerabilities/6948
XF:identix-biologon-auth-bypass(6948)
CVE-2001-1117
LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.
2002-06-25
2002-03-22
CVE-2001-1117
http://www.securityfocus.com/bid/3141
BID:3141
http://www.securityfocus.com/archive/1/201390
BUGTRAQ:20010802 Advisory Update: Design Flaw in Linksys EtherFast 4-Port
http://www.securityfocus.com/archive/1/203302
BUGTRAQ:20010810 Linksys router security fix
ftp://ftp.linksys.com/pub/befsr41/befsr-fw1402.zip
CONFIRM:ftp://ftp.linksys.com/pub/befsr41/befsr-fw1402.zip
http://www.osvdb.org/1920
OSVDB:1920
http://www.osvdb.org/5467
OSVDB:5467
https://exchange.xforce.ibmcloud.com/vulnerabilities/6949
XF:linksys-etherfast-reveal-passwords(6949)
CVE-2001-1118
A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.
2002-06-25
2002-03-22
CVE-2001-1118
http://www.securityfocus.com/bid/3145
BID:3145
http://www.securityfocus.com/archive/1/201499
BUGTRAQ:20010802 FW: Security alert: Remote user can access any file
http://www.securityfocus.com/archive/1/201476
BUGTRAQ:20010802 Roxen security alert: URL decoding vulnerable
http://download.roxen.com/2.0/patch/security-notice.html
CONFIRM:http://download.roxen.com/2.0/patch/security-notice.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6937
XF:roxen-urlrectifier-retrieve-files(6937)
CVE-2001-1119
cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack.
2002-06-25
2002-03-22
CVE-2001-1119
http://www.securityfocus.com/bid/3148
BID:3148
http://www.kb.cert.org/vuls/id/105347
CERT-VN:VU#105347
http://www.novell.com/linux/security/advisories/2001_025_xmcd_txt.html
SUSE:SuSE-SA:2001:025
https://exchange.xforce.ibmcloud.com/vulnerabilities/6941
XF:xmcd-cda-symlink(6941)
CVE-2001-1120
Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates.
2002-03-15
2017-12-18
CVE-2001-1120
http://www.securityfocus.com/bid/3018
BID:3018
http://www.securityfocus.com/archive/1/196452
BUGTRAQ:20010712 New Cold Fusion vulnerability
http://www.kb.cert.org/vuls/id/135531
CERT-VN:VU#135531
http://www.allaire.com/handlers/index.cfm?id=21566
CONFIRM:http://www.allaire.com/handlers/index.cfm?id=21566
https://exchange.xforce.ibmcloud.com/vulnerabilities/6839
XF:coldfusion-unauthorized-file-access(6839)
CVE-2001-1121
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-1084. Reason: This candidate is a duplicate of CVE-2001-1084. Notes: All CVE users should reference CVE-2001-1084 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2002-06-25
2022-08-16
CVE-2001-1121
CVE-2001-1122
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
2002-03-15
2017-12-18
CVE-2001-1122
http://www.securityfocus.com/bid/3144
BID:3144
http://www.securityfocus.com/archive/1/201722
BUGTRAQ:20010803 REPOST: A damaging local DoS in WinNT SP6a
https://exchange.xforce.ibmcloud.com/vulnerabilities/6943
XF:winnt-nt4all-dos(6943)
CVE-2001-1123
Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID.
2002-03-15
2017-12-18
CVE-2001-1123
http://www.securityfocus.com/bid/3399
BID:3399
http://www.kb.cert.org/vuls/id/782155
CERT-VN:VU#782155
http://www.securityfocus.com/advisories/3585
HP:HPSBUX0110-170
http://www.securityfocus.com/advisories/3723
HP:HPSBUX0112-177
https://exchange.xforce.ibmcloud.com/vulnerabilities/7222
XF:openview-nmm-gain-privileges(7222)
CVE-2001-1124
rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow.
2002-03-15
2017-12-18
CVE-2001-1124
http://www.securityfocus.com/bid/3400
BID:3400
http://www.ciac.org/ciac/bulletins/m-003.shtml
CIAC:M-003
http://www.securityfocus.com/advisories/3586
HP:HPSBUX0110-169
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5683
OVAL:oval:org.mitre.oval:def:5683
https://exchange.xforce.ibmcloud.com/vulnerabilities/7221
XF:hp-rpcbind-dos(7221)
CVE-2001-1125
Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site.
2002-03-15
2017-12-18
CVE-2001-1125
http://www.securityfocus.com/bid/3403
BID:3403
http://www.securityfocus.com/archive/1/218717
BUGTRAQ:20011005 Symantec LiveUpdate attacks
http://www.sarc.com/avcenter/security/Content/2001.10.05.html
CONFIRM:http://www.sarc.com/avcenter/security/Content/2001.10.05.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7235
XF:liveupdate-host-verification(7235)
CVE-2001-1126
Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site.
2002-03-15
2017-12-18
CVE-2001-1126
http://www.securityfocus.com/bid/3413
BID:3413
http://www.securityfocus.com/archive/1/218717
BUGTRAQ:20011005 Symantec LiveUpdate attacks
http://www.sarc.com/avcenter/security/Content/2001.10.05.html
CONFIRM:http://www.sarc.com/avcenter/security/Content/2001.10.05.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7235
XF:liveupdate-host-verification(7235)
CVE-2001-1127
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
2002-03-15
2017-12-18
CVE-2001-1127
http://www.securityfocus.com/bid/3404
BID:3404
http://www.securityfocus.com/archive/1/218833
BUGTRAQ:20011005 Progress Database vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/7236
XF:progress-strcpy-bo(7236)
CVE-2001-1128
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.
2002-03-15
2017-12-18
CVE-2001-1128
http://www.securityfocus.com/bid/3414
BID:3414
http://www.securityfocus.com/archive/1/219174
BUGTRAQ:20011008 Progress TERM (protermcap) overflows and PROMSGS overflows
https://exchange.xforce.ibmcloud.com/vulnerabilities/7264
XF:progress-protermcap-bo(7264)
CVE-2001-1129
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.
2002-03-15
2017-12-18
CVE-2001-1129
http://www.securityfocus.com/bid/3502
BID:3502
http://www.securityfocus.com/archive/1/224395
BUGTRAQ:20011102 Progres Databse PROMSGS Format strings issue.
https://exchange.xforce.ibmcloud.com/vulnerabilities/7457
XF:progress-promsgs-format-string(7457)
CVE-2001-1130
Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.
2002-06-25
2002-03-22
CVE-2001-1130
http://www.securityfocus.com/archive/1/201216
BUGTRAQ:20010802 suse: sdbsearch.cgi vulnerability
http://www.novell.com/linux/security/advisories/2001_027_sdb_txt.html
SUSE:SuSE-SA:2001:027
https://exchange.xforce.ibmcloud.com/vulnerabilities/7003
XF:sdbsearch-cgi-command-execution(7003)
CVE-2001-1131
Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command.
2002-03-15
2002-03-22
CVE-2001-1131
http://www.securiteam.com/windowsntfocus/5RP0L0055O.html
MISC:http://www.securiteam.com/windowsntfocus/5RP0L0055O.html
CVE-2001-1132
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
2002-06-25
2002-03-22
CVE-2001-1132
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000420
CONECTIVA:CLA-2001:420
http://www.osvdb.org/5455
OSVDB:5455
https://exchange.xforce.ibmcloud.com/vulnerabilities/7091
XF:mailman-blank-passwords(7091)
CVE-2001-1133
Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users to cause a denial of service (reboot) in the kernel via a particular sequence of instructions.
2002-03-15
2002-03-22
CVE-2001-1133
http://www.securityfocus.com/bid/3220
BID:3220
http://www.securityfocus.com/archive/1/209192
BUGTRAQ:20010821 BSDi (3.0/3.1) reboot machine code as any user (non-specific)
http://www.iss.net/security_center/static/7023.php
XF:bsd-kernel-dos(7023)
CVE-2001-1134
Xerox DocuPrint N40 Printers allow remote attackers to cause a denial of service via malformed data, such as that produced by the Code Red worm.
2002-03-15
2002-03-22
CVE-2001-1134
http://www.securityfocus.com/bid/3170
BID:3170
http://www.securityfocus.com/archive/1/198381
BUGTRAQ:20010720 Re: Two birds with one worm
http://www.securityfocus.com/archive/1/203025
BUGTRAQ:20010809 Xerox N40 printers and Code Red worm
http://www.iss.net/security_center/static/6976.php
XF:xerox-docuprint-dos(6976)
CVE-2001-1135
ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known.
2002-03-15
2017-12-18
CVE-2001-1135
http://www.securityfocus.com/bid/3346
BID:3346
http://www.securityfocus.com/archive/1/203022
BUGTRAQ:20010809 ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password
http://www.securityfocus.com/archive/1/203592
BUGTRAQ:20010810 Re: ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password
http://www.securityfocus.com/archive/1/204439
BUGTRAQ:20010814 Fwd: ZyXEL Prestige 642 Router Administration Interface Vulnerability
http://www.securityfocus.com/archive/1/214971
BUGTRAQ:20010918 SECURITY RISK: ZyXEL ADSL Router 642R - WAN filter bypass from internal network
https://exchange.xforce.ibmcloud.com/vulnerabilities/7146
XF:prestige-wan-bypass-filter(7146)
CVE-2001-1136
The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.
2002-03-15
2017-12-18
CVE-2001-1136
http://www.securityfocus.com/bid/3338
BID:3338
http://www.ciac.org/ciac/bulletins/l-143.shtml
CIAC:L-143
http://archives.neohapsis.com/archives/hp/2001-q3/0063.html
HP:HPSBUX0109-166
https://exchange.xforce.ibmcloud.com/vulnerabilities/7124
XF:hp-virtualvault-libsecurity-dos(7124)
CVE-2001-1137
D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows remote attackers to cause a denial of service (reboot) via malformed IP datagram fragments.
2002-03-15
2017-12-18
CVE-2001-1137
http://www.securityfocus.com/bid/3306
BID:3306
http://www.securityfocus.com/archive/1/212532
BUGTRAQ:20010906 Malformed Fragmented Packets DoS Dlink Firewall/Routers
https://exchange.xforce.ibmcloud.com/vulnerabilities/7090
XF:dlink-fragmented-packet-dos(7090)
CVE-2001-1138
Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter.
2002-03-15
2017-12-18
CVE-2001-1138
http://www.securityfocus.com/bid/3304
BID:3304
http://www.securityfocus.com/archive/1/212679
BUGTRAQ:20010907 *** Security Advisory *** Power UP HTML
https://exchange.xforce.ibmcloud.com/vulnerabilities/7092
XF:powerup-rcgi-directory-traversal(7092)
CVE-2001-1139
Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request.
2002-03-15
2002-03-22
CVE-2001-1139
http://www.securityfocus.com/bid/3219
BID:3219
http://www.securityfocus.com/archive/1/209414
BUGTRAQ:20010822 [SNS Advisory No.39] WinWrapper Professional 2.0 Remote Arbitrary File Disclosure Vulnerability
http://www.tsc.ant.co.jp/products/download.htm
MISC:http://www.tsc.ant.co.jp/products/download.htm
http://www.iss.net/security_center/static/7015.php
XF:winwrapper-dot-directory-traversal(7015)
CVE-2001-1140
BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request.
2002-03-15
2017-12-18
CVE-2001-1140
http://www.securityfocus.com/bid/3222
BID:3222
http://www.securityfocus.com/archive/1/209545
BUGTRAQ:20010822 -- [ iSecureLabs BadBlue v1.02 beta for Windows 98, ME and 2000 Advisory ] --
https://exchange.xforce.ibmcloud.com/vulnerabilities/7021
XF:badblue-file-source-disclosure(7021)
CVE-2001-1141
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
2002-06-25
2002-06-15
CVE-2001-1141
http://www.securityfocus.com/bid/3004
BID:3004
http://www.securityfocus.com/archive/1/195829
BUGTRAQ:20010710 OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418
CONECTIVA:CLA-2001:418
http://www.linuxsecurity.com/advisories/other_advisory-1483.html
ENGARDE:ESA-20010709-01
http://www.securityfocus.com/advisories/3475
FREEBSD:FreeBSD-SA-01:51
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0
MANDRAKE:MDKSA-2001:065
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc
NETBSD:NetBSD-SA2001-013
http://www.osvdb.org/853
OSVDB:853
http://www.redhat.com/support/errata/RHSA-2001-051.html
REDHAT:RHSA-2001:051
https://exchange.xforce.ibmcloud.com/vulnerabilities/6823
XF:openssl-prng-brute-force(6823)
CVE-2001-1142
ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, which allows an attacker with access to the password file to gain privileges.
2002-03-15
2002-03-22
CVE-2001-1142
http://www.securityfocus.com/bid/3029
BID:3029
http://www.securityfocus.com/archive/1/196968
BUGTRAQ:20010712 ArGoSoft FTP Server 1.2.2.2 Weak password encryption
http://www.iss.net/security_center/static/6848.php
XF:argosoft-ftp-weak-encryption(6848)
CVE-2001-1143
IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.
2002-03-15
2002-03-22
CVE-2001-1143
http://www.securityfocus.com/bid/3010
BID:3010
http://www.securityfocus.com/archive/1/196140
BUGTRAQ:20010711 IBM Windows DB2 DoS
http://www.iss.net/security_center/static/6832.php
XF:ibm-db2-ccs-dos(6832)
http://www.iss.net/security_center/static/6833.php
XF:ibm-db2-jds-dos(6833)
CVE-2001-1144
Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.
2002-06-25
2002-03-22
CVE-2001-1144
http://www.securityfocus.com/bid/3020
BID:3020
http://www.securityfocus.com/archive/1/196272
BUGTRAQ:20010711 McAfee ASaP Virusscan - myCIO HTTP Server Directory Traversal Vulnerabilty
http://www.kb.cert.org/vuls/id/190267
CERT-VN:VU#190267
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1558
NTBUGTRAQ:20010716 McAfee ASaP Virusscan - MyCIO HTTP Server Directory Traversal Vul nerability
http://www.osvdb.org/584
OSVDB:584
http://www.iss.net/security_center/static/6834.php
XF:mcafee-mycio-directory-traversal(6834)
CVE-2001-1145
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.
2003-04-02
2003-03-17
CVE-2001-1145
http://www.securityfocus.com/bid/3205
BID:3205
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc
FREEBSD:FreeBSD-SA-01:40
http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html
NETBSD:NetBSD-SA2001-016
http://www.openbsd.org/errata28.html
OPENBSD:20010530 029: SECURITY FIX: May 30, 2001
http://www.osvdb.org/5466
OSVDB:5466
http://www.iss.net/security_center/static/8715.php
XF:bsd-fts-race-condition(8715)
CVE-2001-1146
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.
2002-06-25
2002-06-15
CVE-2001-1146
http://www.securityfocus.com/bid/3016
BID:3016
http://www.linuxsecurity.com/advisories/other_advisory-1492.html
ENGARDE:ESA-20010711-01
https://exchange.xforce.ibmcloud.com/vulnerabilities/6830
XF:allcommerce-temp-symlink(6830)
CVE-2001-1147
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
2002-06-25
2002-03-22
CVE-2001-1147
http://www.securityfocus.com/bid/3415
BID:3415
http://www.securityfocus.com/archive/1/219175
BUGTRAQ:20011008 pam_limits.so Bug!!
http://www.ciac.org/ciac/bulletins/m-009.shtml
CIAC:M-009
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3
MANDRAKE:MDKSA-2001:084
http://www.redhat.com/support/errata/RHSA-2001-132.html
REDHAT:RHSA-2001:132
http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html
SUSE:SuSE-SA:2001:034
http://www.iss.net/security_center/static/7266.php
XF:utillinux-pamlimits-gain-privileges(7266)
CVE-2001-1148
Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) sysadm.menu, or (7) termsh.
2002-03-15
2017-07-10
CVE-2001-1148
http://www.securityfocus.com/archive/1/219966
CALDERA:CSSA-2001-SCO.25
http://www.securityfocus.com/archive/82/191216
VULN-DEV:20010613 SCO atcronsh auditsh termsh overflows
https://exchange.xforce.ibmcloud.com/vulnerabilities/7281
XF:openserver-scoadmin-sysadm-bo(7281)
CVE-2001-1149
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.
2002-06-25
2002-03-22
CVE-2001-1149
http://www.osvdb.org/5456
OSVDB:5456
http://www.securityfocus.com/archive/82/209328
VULN-DEV:20010821 RE: Bug report -- Incident number 240649
CVE-2001-1150
Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.5.2 through 3.5.4 allows remote attackers to read arbitrary files.
2002-03-15
2002-03-22
CVE-2001-1150
http://www.securityfocus.com/bid/3216
BID:3216
http://www.securityfocus.com/archive/1/209375
BUGTRAQ:20010822 [SNS Advisory No.38] Trend Micro Virus Buster (Ver.3.5x) Remote
http://www.securityfocus.com/archive/1/210087
BUGTRAQ:20010824 [SNS Advisory No.40] TrendMicro OfficeScan Corp Edition ver.3.54 Remote read file of IUSER authority Vulnerability
http://www.iss.net/security_center/static/7014.php
XF:officescan-iuser-read-files(7014)
CVE-2001-1151
Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password.
2002-03-15
2017-12-18
CVE-2001-1151
http://www.securityfocus.com/archive/1/220666
BUGTRAQ:20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition)
http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318
MISC:http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318
https://exchange.xforce.ibmcloud.com/vulnerabilities/7286
XF:officescan-config-file-access(7286)
CVE-2001-1152
Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.
2002-03-15
2002-03-22
CVE-2001-1152
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3296
BID:3296
http://www.securityfocus.com/archive/1/212283
BUGTRAQ:20010905 Various problems in Baltimore WebSweeper URL filtering
http://www.mimesweeper.com/support/technotes/notes/1043.asp
MISC:http://www.mimesweeper.com/support/technotes/notes/1043.asp
CVE-2001-1153
lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument.
2002-06-25
2002-03-22
CVE-2001-1153
http://www.securityfocus.com/bid/3248
BID:3248
http://archives.neohapsis.com/archives/bugtraq/2001-08/0391.html
CALDERA:CSSA-2001-SCO.15
http://www.iss.net/security_center/static/7041.php
XF:openunix-lpsystem-bo(7041)
CVE-2001-1154
Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.
2002-03-15
2017-12-18
CVE-2001-1154
http://www.securityfocus.com/bid/3260
BID:3260
http://www.securityfocus.com/archive/1/211056
BUGTRAQ:20010830 Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2
https://exchange.xforce.ibmcloud.com/vulnerabilities/7053
XF:cyrus-imap-php-dos(7053)
CVE-2001-1155
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
2002-06-25
2002-03-22
CVE-2001-1155
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc
FREEBSD:FreeBSD-SA-01:56
http://www.osvdb.org/5454
OSVDB:5454
CVE-2001-1156
TYPSoft FTP 0.95 allows remote attackers to cause a denial of service (CPU consumption) via a "../../*" argument to (1) STOR or (2) RETR.
2002-03-15
2002-03-22
CVE-2001-1156
http://www.securityfocus.com/bid/3409
BID:3409
http://www.securityfocus.com/archive/1/219167
BUGTRAQ:20011008 [ASGUARD-LABS] TYPSoft FTP Server v0.95 STOR/RETR Denial of Service Vulnerability
http://membres.lycos.fr/typsoft/eng/history.html
CONFIRM:http://membres.lycos.fr/typsoft/eng/history.html
http://www.iss.net/security_center/static/7247.php
XF:typsoft-ftp-retr-stor-dos(7247)
CVE-2001-1157
Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode.
2002-03-15
2002-03-22
CVE-2001-1157
http://www.securityfocus.com/bid/3172
BID:3172
http://www.securityfocus.com/bid/3173
BID:3173
http://www.securityfocus.com/archive/1/203821
BUGTRAQ:20010812 Various problems in Baltimore's WEBSweeper Script filter ing
CVE-2001-1158
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.
2002-06-25
2002-03-22
CVE-2001-1158
http://www.securityfocus.com/bid/2952
BID:2952
http://archives.neohapsis.com/archives/bugtraq/2001-07/0128.html
BUGTRAQ:20010709 Check Point FireWall-1 RDP Bypass Vulnerability
http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-11&end=2002-03-17&mid=195647&threads=1
BUGTRAQ:20010709 Check Point response to RDP Bypass
http://www.cert.org/advisories/CA-2001-17.html
CERT:CA-2001-17
http://www.kb.cert.org/vuls/id/310295
CERT-VN:VU#310295
http://www.checkpoint.com/techsupport/alerts/rdp.html
CHECKPOINT:20010712 RDP Bypass workaround for VPN-1/FireWall 4.1 SPx
http://ciac.llnl.gov/ciac/bulletins/l-109.shtml
CIAC:L-109
http://www.osvdb.org/1884
OSVDB:1884
https://exchange.xforce.ibmcloud.com/vulnerabilities/6815
XF:fw1-rdp-bypass(6815)
CVE-2001-1159
load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.
2002-03-15
2002-03-22
CVE-2001-1159
http://www.securityfocus.com/bid/2968
BID:2968
http://archives.neohapsis.com/archives/bugtraq/2001-07/0029.html
BUGTRAQ:20010702 (SRADV00010) Remote command execution vulnerabilities in SquirrelMail
http://www.squirrelmail.org/changelog.php
MISC:http://www.squirrelmail.org/changelog.php
http://www.iss.net/security_center/static/6775.php
XF:squirrelmail-loadprefs-execute-code(6775)
CVE-2001-1160
udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the category_file field.
2002-06-25
2002-03-22
CVE-2001-1160
http://www.securityfocus.com/bid/2884
BID:2884
http://www.securityfocus.com/archive/1/191829
BUGTRAQ:20010618 udirectory from Microburst Technologies remote command execution
https://exchange.xforce.ibmcloud.com/vulnerabilities/6706
XF:udirectory-remote-command-execution(6706)
CVE-2001-1161
Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.
2002-06-25
2002-03-22
CVE-2001-1161
http://www.securityfocus.com/bid/2962
BID:2962
http://www.securityfocus.com/archive/1/194465
BUGTRAQ:20010702 Lotus Domino Server Cross-Site Scripting Vulnerability
http://www.securityfocus.com/archive/1/194609
BUGTRAQ:20010702 Re: Lotus Domino Server Cross-Site Scripting Vulnerability
http://www.kb.cert.org/vuls/id/642239
CERT-VN:VU#642239
http://www.osvdb.org/1887
OSVDB:1887
http://www.iss.net/security_center/static/6789.php
XF:lotus-domino-css(6789)
CVE-2001-1162
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
2002-06-25
2002-03-22
CVE-2001-1162
http://www.securityfocus.com/bid/2928
BID:2928
http://www.securityfocus.com/archive/1/193027
BUGTRAQ:20010623 smbd remote file creation vulnerability
http://www.calderasystems.com/support/security/advisories/CSSA-2001-024.0.txt
CALDERA:CSSA-2001-024.0
http://ciac.llnl.gov/ciac/bulletins/l-105.shtml
CIAC:L-105
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000405
CONECTIVA:CLA-2001:405
http://us1.samba.org/samba/whatsnew/macroexploit.html
CONFIRM:http://us1.samba.org/samba/whatsnew/macroexploit.html
http://www.debian.org/security/2001/dsa-065
DEBIAN:DSA-065
http://www.securityfocus.com/advisories/3423
HP:HPSBUX0107-157
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-027-01
IMMUNIX:IMNX-2001-70-027-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-062.php3
MANDRAKE:MDKSA-2001-062
http://www.redhat.com/support/errata/RHSA-2001-086.html
REDHAT:RHSA-2001:086
ftp://patches.sgi.com/support/free/security/advisories/20011002-01-P
SGI:20011002-01-P
https://exchange.xforce.ibmcloud.com/vulnerabilities/6731
XF:samba-netbios-file-creation(6731)
CVE-2001-1163
Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500.
2002-03-15
2002-03-22
CVE-2001-1163
http://www.securityfocus.com/bid/2885
BID:2885
CVE-2001-1164
Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.
2002-03-15
2002-03-22
CVE-2001-1164
ftp://stage.caldera.com/pub/security/unixware/CSSA-2001-SCO.4/CSSA-2001-SCO.4.txt
CALDERA:CSSA-2001-SCO.4
CVE-2001-1165
Intego FileGuard 4.0 uses weak encryption to store user information and passwords, which allows local users to gain privileges by decrypting the information, e.g., with the Disengage tool.
2002-03-15
2002-03-22
CVE-2001-1165
http://www.securityfocus.com/bid/3213
BID:3213
http://www.securemac.com/fileguard.php#disengage
MISC:http://www.securemac.com/fileguard.php#disengage
http://www.iss.net/security_center/static/7018.php
XF:fileguard-weak-password-encryption(7018)
CVE-2001-1166
linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.
2002-06-25
2002-03-22
CVE-2001-1166
http://www.securityfocus.com/bid/3217
BID:3217
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:55.procfs.asc
FREEBSD:FreeBSD-SA-01:55
http://www.osvdb.org/1938
OSVDB:1938
http://www.iss.net/security_center/static/7017.php
XF:linprocfs-process-memory-leak(7017)
CVE-2001-1167
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-0976. Reason: This candidate is a duplicate of CVE-2001-0976. Notes: CVE-2001-0976 should be used instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2002-03-15
2002-03-22
CVE-2001-1167
CVE-2001-1168
Directory traversal vulnerability in index.php in PhpMyExplorer before 1.2.1 allows remote attackers to read arbitrary files via a ..%2F (modified dot dot) in the chemin parameter.
2002-03-15
2002-03-22
CVE-2001-1168
http://archives.neohapsis.com/archives/bugtraq/2001-08/0408.html
BUGTRAQ:20010829 eRisk Security Advisory: PhpMyExplorer vulnerable to directory traversal.
http://archives.neohapsis.com/archives/bugtraq/2001-08/0418.html
BUGTRAQ:20010830 Re: eRisk Security Advisory: PhpMyExplorer vulnerable to directory traversal.
CVE-2001-1169
keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo.
2002-03-15
2002-03-22
CVE-2001-1169
http://archives.neohapsis.com/archives/bugtraq/2001-08/0441.html
BUGTRAQ:20010902 S/Key keyinit(1) authentication (lack thereof) + sudo(1)
CVE-2001-1170
AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers.
2002-03-15
2017-12-18
CVE-2001-1170
http://www.securityfocus.com/bid/3370
BID:3370
http://archives.neohapsis.com/archives/bugtraq/2001-09/0235.html
BUGTRAQ:20010929 Vulnerability in Amtote International homebet self service wagering system.
https://exchange.xforce.ibmcloud.com/vulnerabilities/7186
XF:homebet-view-logfile(7186)
CVE-2001-1171
Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and creates a world-writable temporary .cpp file when compiling Policy rules, which could allow local users to gain privileges or modify the firewall policy.
2002-03-15
2002-03-22
CVE-2001-1171
http://archives.neohapsis.com/archives/bugtraq/2001-09/0046.html
BUGTRAQ:20010907 Bug in compile portion for older versions of CheckPoint Firewalls
CVE-2001-1172
OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file.
2002-06-25
2002-03-22
CVE-2001-1172
http://archives.neohapsis.com/archives/bugtraq/2001-07/0357.html
BUGTRAQ:20010719 [SNS Advisory No.37] HTTProtect allows attackers to change the protected file using a symlink
http://www.omnisecure.com/security-alert.html
CONFIRM:http://www.omnisecure.com/security-alert.html
http://www.osvdb.org/5452
OSVDB:5452
https://exchange.xforce.ibmcloud.com/vulnerabilities/6880
XF:httprotect-protected-file-symlink(6880)
CVE-2001-1173
Vulnerability in MasqMail before 0.1.15 allows local users to gain privileges via piped aliases.
2002-03-15
2002-03-22
CVE-2001-1173
ftp://innominate.org/oku/masqmail/ChangeLog-stable
CONFIRM:ftp://innominate.org/oku/masqmail/ChangeLog-stable
CVE-2001-1174
Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header.
2002-06-25
2002-03-22
CVE-2001-1174
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-067.php
MANDRAKE:MDKSA-2001:067
http://www.osvdb.org/5451
OSVDB:5451
http://www.redhat.com/support/errata/RHSA-2001-091.html
REDHAT:RHSA-2001:091
https://exchange.xforce.ibmcloud.com/vulnerabilities/6852
XF:elm-messageid-bo(6852)
CVE-2001-1175
vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing.
2002-06-25
2002-03-22
CVE-2001-1175
http://www.securityfocus.com/bid/3036
BID:3036
http://www.redhat.com/support/errata/RHSA-2001-095.html
REDHAT:RHSA-2001:095
http://www.redhat.com/support/errata/RHSA-2001-132.html
REDHAT:RHSA-2001:132
https://exchange.xforce.ibmcloud.com/vulnerabilities/6851
XF:vipw-world-readable-files(6851)
CVE-2001-1176
Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.
2002-06-25
2002-03-22
CVE-2001-1176
http://www.securityfocus.com/bid/3021
BID:3021
http://archives.neohapsis.com/archives/bugtraq/2001-07/0209.html
BUGTRAQ:20010712 VPN-1/FireWall-1 Format Strings Vulnerability
http://www.checkpoint.com/techsupport/alerts/format_strings.html
CONFIRM:http://www.checkpoint.com/techsupport/alerts/format_strings.html
http://www.osvdb.org/1901
OSVDB:1901
https://exchange.xforce.ibmcloud.com/vulnerabilities/6849
XF:fw1-management-format-string(6849)
CVE-2001-1177
ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
2002-06-25
2002-06-15
CVE-2001-1177
http://www.securityfocus.com/bid/3008
BID:3008
http://archives.neohapsis.com/archives/bugtraq/2001-07/0284.html
BUGTRAQ:20010717 Samsung ML-85G Printer Linux Helper/Driver Binary Exploit (Mandrake: ghostscript package)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6845
XF:samsung-printer-temp-symlink(6845)
CVE-2001-1178
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
2002-03-15
2017-12-18
CVE-2001-1178
http://www.securityfocus.com/bid/3030
BID:3030
http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html
BUGTRAQ:20010711 suid xman 3.1.6 overflows
https://exchange.xforce.ibmcloud.com/vulnerabilities/6853
XF:xfree86-xman-manpath-bo(6853)
CVE-2001-1179
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters.
2002-03-15
2002-03-22
CVE-2001-1179
http://www.securityfocus.com/archive/1/197498
BUGTRAQ:20010717 xman (suid) exploit, made easier.
CVE-2001-1180
FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.
2002-06-25
2002-03-22
CVE-2001-1180
http://www.securityfocus.com/bid/3007
BID:3007
http://archives.neohapsis.com/archives/bugtraq/2001-07/0179.html
BUGTRAQ:20010710 FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows
http://www.kb.cert.org/vuls/id/943633
CERT-VN:VU#943633
http://ciac.llnl.gov/ciac/bulletins/l-111.shtml
CIAC:L-111
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:42.signal.v1.1.asc
FREEBSD:FreeBSD-SA-01:42
http://www.osvdb.org/1897
OSVDB:1897
https://exchange.xforce.ibmcloud.com/vulnerabilities/6829
XF:bsd-rfork-signal-handlers(6829)
CVE-2001-1181
Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges.
2002-03-15
2017-12-18
CVE-2001-1181
http://ciac.llnl.gov/ciac/bulletins/l-115.shtml
CIAC:L-115
http://archives.neohapsis.com/archives/hp/2001-q3/0013.html
HP:HPSBUX0107-159
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5479
OVAL:oval:org.mitre.oval:def:5479
https://exchange.xforce.ibmcloud.com/vulnerabilities/6861
XF:hpux-dlkm-gain-privileges(6861)
CVE-2001-1182
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges.
2002-03-15
2017-10-09
CVE-2001-1182
http://archives.neohapsis.com/archives/hp/2001-q3/0014.html
HP:HPSBUX0107-160
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5657
OVAL:oval:org.mitre.oval:def:5657
CVE-2001-1183
PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.
2002-06-25
2009-03-01
CVE-2001-1183
http://www.securityfocus.com/bid/3022
BID:3022
http://www.kb.cert.org/vuls/id/656315
CERT-VN:VU#656315
http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html
CISCO:20010712 Cisco IOS PPTP Vulnerability
http://www.osvdb.org/802
OSVDB:802
https://exchange.xforce.ibmcloud.com/vulnerabilities/6835
XF:cisco-ios-pptp-dos(6835)
CVE-2001-1184
wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number, which causes a connection attempt to that port and all ports below 1024, and (2) in 2.21.00, a port number of 1024.
2002-03-15
2002-03-22
CVE-2001-1184
http://www.securityfocus.com/bid/3659
BID:3659
http://www.securityfocus.com/archive/1/244580
BUGTRAQ:20011208 Winsock RSHD/NT 2.20.00 CPU overusage when invalid data is send
http://online.securityfocus.com/archive/1/245405
BUGTRAQ:20011213 WRSHDNT 2.21.00 CPU overusage
http://www.denicomp.com/rshdnt.htm
CONFIRM:http://www.denicomp.com/rshdnt.htm
http://www.iss.net/security_center/static/7694.php
XF:winsock-rshdnt-error-dos(7694)
CVE-2001-1185
Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.
2002-06-25
2002-03-22
CVE-2001-1185
http://www.securityfocus.com/bid/3661
BID:3661
http://www.securityfocus.com/archive/1/244583
BUGTRAQ:20011210 AIO vulnerability
http://www.osvdb.org/2001
OSVDB:2001
http://www.iss.net/security_center/static/7693.php
XF:bsd-aio-overwrite-memory(7693)
CVE-2001-1186
Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.
2004-09-01
2002-03-22
CVE-2001-1186
http://www.securityfocus.com/bid/3667
BID:3667
http://online.securityfocus.com/archive/1/244931
BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug Memory attack
http://www.securityfocus.com/archive/1/244892
BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug.
http://online.securityfocus.com/archive/1/245100
BUGTRAQ:20011212 Microsoft IIS/5.0 Content-Length DoS (proved)
http://www.iss.net/security_center/static/7691.php
XF:iis-false-content-length-dos(7691)
CVE-2001-1187
csvform.pl 0.1 allows remote attackers to execute arbitrary commands via metacharacters in the file parameter.
2002-03-15
2002-03-22
CVE-2001-1187
http://www.securityfocus.com/bid/3668
BID:3668
http://online.securityfocus.com/archive/1/244908
BUGTRAQ:20011211 CSVForm (Perl CGI) Remote Execution Vulnerability
http://www.iss.net/security_center/static/7692.php
XF:csvform-cgi-execute-commands(7692)
CVE-2001-1188
mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields.
2002-03-15
2002-03-22
CVE-2001-1188
http://www.securityfocus.com/bid/3669
BID:3669
http://www.securityfocus.com/archive/1/244909
BUGTRAQ:20011211 SPAMMERS DELIGHT: as feeble as feeble can be
CVE-2001-1189
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.
2002-03-15
2002-03-22
CVE-2001-1189
http://www.securityfocus.com/bid/3682
BID:3682
http://www.securityfocus.com/archive/1/245324
BUGTRAQ:20011213 IBM WebSphere on UNIX security alert !
http://www.iss.net/security_center/static/7698.php
XF:websphere-java-plaintext-passwords(7698)
CVE-2001-1190
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.
2002-03-15
2002-03-22
CVE-2001-1190
http://www.securityfocus.com/bid/3683
BID:3683
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-091.php3
MANDRAKE:MDKSA-2001:091
http://www.iss.net/security_center/static/7706.php
XF:linux-passwd-weak-encryption(7706)
CVE-2001-1191
WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e.
2002-03-15
2002-03-22
CVE-2001-1191
http://www.securityfocus.com/bid/3685
BID:3685
http://www.securityfocus.com/archive/1/245283
BUGTRAQ:20011211 Webseal 3.8
CVE-2001-1192
Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client.
2002-03-15
2017-07-10
CVE-2001-1192
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3688
BID:3688
http://www.securityfocus.com/archive/1/245342
BUGTRAQ:20011213 Kikkert Security Advisory: Potentially serious security flaw in Citrix Client
https://exchange.xforce.ibmcloud.com/vulnerabilities/7697
XF:citrix-ica-gain-root(7697)
CVE-2001-1193
Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command.
2002-06-25
2002-06-15
CVE-2001-1193
http://www.securityfocus.com/bid/3691
BID:3691
http://www.securityfocus.com/archive/1/245393
BUGTRAQ:20011213 EFTP 2.0.8.346 directory content disclosure
http://www.kb.cert.org/vuls/id/413875
CERT-VN:VU#413875
http://www.eftp.org/releasehistory.html
CONFIRM:http://www.eftp.org/releasehistory.html
http://www.osvdb.org/2003
OSVDB:2003
https://exchange.xforce.ibmcloud.com/vulnerabilities/7699
XF:eftp-dot-directory-traversal(7699)
CVE-2001-1194
Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly.
2002-03-15
2017-07-10
CVE-2001-1194
http://www.securityfocus.com/bid/3695
BID:3695
http://archives.neohapsis.com/archives/bugtraq/2001-12/0140.html
BUGTRAQ:20011214 Zyxel Prestige 681 and 1600 (possibly other?) remote DoS
http://archives.neohapsis.com/archives/bugtraq/2001-12/0190.html
BUGTRAQ:20011218 Re: Zyxel Prestige 681 and 1600 (possibly other?) remote DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/7704
XF:prestige-dsl-packet-length-dos(7704)
CVE-2001-1195
Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges.
2002-03-15
2002-03-22
CVE-2001-1195
http://www.securityfocus.com/bid/3697
BID:3697
http://www.securityfocus.com/archive/1/245871
BUGTRAQ:20011215 Novell Groupwise servlet gateway default username and password
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm
CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/10067329.htm
http://www.iss.net/security_center/static/7701.php
XF:groupwise-servlet-manager-default(7701)
CVE-2001-1196
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
2002-03-15
2016-10-17
CVE-2001-1196
http://www.securityfocus.com/bid/3698
BID:3698
http://www.securityfocus.com/archive/1/245980
BUGTRAQ:20011217 webmin 0.91 ../.. problem
http://marc.info/?l=webmin-l&m=100865390306103&w=2
BUGTRAQ:20011218 Re: webmin 0.91 ../.. problem
http://www.iss.net/security_center/static/7711.php
XF:webmin-dot-directory-traversal(7711)
CVE-2001-1197
klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file.
2002-03-15
2017-07-10
CVE-2001-1197
http://www.securityfocus.com/bid/3694
BID:3694
http://marc.info/?l=bugtraq&m=100837486611350&w=2
BUGTRAQ:20011214 Re: klprfax_filter symlink vulnerability
http://www.securityfocus.com/archive/1/245500
BUGTRAQ:20011214 klprfax_filter symlink vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/7700
XF:kdeutils-klprfax-symlink(7700)
CVE-2001-1198
RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite arbitrary files and gain privileges by specifying the target file in the -L option.
2002-03-15
2017-10-09
CVE-2001-1198
http://www.securityfocus.com/bid/3701
BID:3701
http://www.securityfocus.com/archive/1/245690
BUGTRAQ:20011215 HP-UX setuid rlpdaemon induced to make illicit file writes
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5763
OVAL:oval:org.mitre.oval:def:5763
http://www.iss.net/security_center/static/7729.php
XF:hp-rlpd-create-log(7729)
CVE-2001-1199
Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
2002-06-25
2002-03-22
CVE-2001-1199
http://www.securityfocus.com/bid/3702
BID:3702
http://www.securityfocus.com/archive/1/246044
BUGTRAQ:20011217 Agoracgi v3.3e Cross Site Scripting Vulnerability
http://www.agoracgi.com/security.html
CONFIRM:http://www.agoracgi.com/security.html
http://www.osvdb.org/698
OSVDB:698
http://www.iss.net/security_center/static/7708.php
XF:agora-cgi-css(7708)
CVE-2001-1200
Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys.
2004-09-01
2002-03-22
CVE-2001-1200
http://www.securityfocus.com/bid/3703
BID:3703
http://www.securityfocus.com/archive/1/246014
BUGTRAQ:20011217 Hot keys permissions bypass under XP
http://www.iss.net/security_center/static/7713.php
XF:winxp-hotkey-execute-programs(7713)
CVE-2001-1201
Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file.
2002-06-25
2002-03-22
CVE-2001-1201
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3706
BID:3706
http://marc.info/?l=bugtraq&m=100863301405266&w=2
BUGTRAQ:20011217 New Advisory + Exploit
http://online.securityfocus.com/archive/1/246273
BUGTRAQ:20011218 wmcube-gdk is vulnerable to a local exploit
http://www.ne.jp/asahi/linux/timecop/software/wmcube-gdk-0.98p2.tar.gz
CONFIRM:http://www.ne.jp/asahi/linux/timecop/software/wmcube-gdk-0.98p2.tar.gz
http://www.iss.net/security_center/static/7720.php
XF:wmcubegdk-object-file-bo(7720)
CVE-2001-1202
Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.
2002-03-15
2016-10-17
CVE-2001-1202
http://www.securityfocus.com/bid/3749
BID:3749
http://marc.info/?l=bugtraq&m=100956050432351&w=2
BUGTRAQ:20011228 DeleGate Cross Site Scripting Vulnerability
http://www.iss.net/security_center/static/7745.php
XF:delegate-proxy-css(7745)
CVE-2001-1203
Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges.
2002-06-25
2002-06-15
CVE-2001-1203
http://www.securityfocus.com/bid/3750
BID:3750
http://www.debian.org/security/2001/dsa-095
DEBIAN:DSA-095
https://exchange.xforce.ibmcloud.com/vulnerabilities/7748
XF:linux-gpm-format-string(7748)
CVE-2001-1204
Directory traversal vulnerability in phprocketaddin in Total PC Solutions PHP Rocket Add-in for FrontPage 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.
2002-03-15
2017-07-10
CVE-2001-1204
http://www.securityfocus.com/bid/3751
BID:3751
http://www.securityfocus.com/archive/1/247559
BUGTRAQ:20011228 PHP Rocket Add-in (file transversal vulnerability)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7749
XF:phprocket-directory-traversal(7749)
CVE-2001-1205
Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable.
2002-03-15
2016-10-17
CVE-2001-1205
http://www.securityfocus.com/bid/3754
BID:3754
http://marc.info/?l=bugtraq&m=100975978324723&w=2
BUGTRAQ:20011230 lastlines.cgi path traversal and command execution vulns
CVE-2001-1206
Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $error_log variable.
2002-03-15
2016-10-17
CVE-2001-1206
http://www.securityfocus.com/bid/3755
BID:3755
http://marc.info/?l=bugtraq&m=100975978324723&w=2
BUGTRAQ:20011230 lastlines.cgi path traversal and command execution vulns
CVE-2001-1207
Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote attackers to possibly execute arbitrary code via the control codes (1) ~#MC, (2) ~#TF, or (3) ~#RA.
2002-03-15
2002-03-22
CVE-2001-1207
http://www.securityfocus.com/bid/3757
BID:3757
http://www.securityfocus.com/archive/1/247708
BUGTRAQ:20011230 DayDream BBS buffer overflows
http://www.cs.uku.fi/~hlyytine/daydream-2.11/ChangeLog
CONFIRM:http://www.cs.uku.fi/~hlyytine/daydream-2.11/ChangeLog
http://www.iss.net/security_center/static/7755.php
XF:daydream-bbs-control-code-bo(7755)
CVE-2001-1208
Format string vulnerability in DayDream BBS allows remote attackers to execute arbitrary code via format string specifiers in a file containing a ~#RA control code.
2002-03-15
2016-10-17
CVE-2001-1208
http://marc.info/?l=bugtraq&m=100977623710528&w=2
BUGTRAQ:20011231 Daydream BBS Format strings issue.
CVE-2001-1209
Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
2002-03-15
2002-03-22
CVE-2001-1209
http://www.securityfocus.com/bid/3759
BID:3759
http://seclists.org/bugtraq/2001/Dec/0306.html
BUGTRAQ:20011231 blackshell2: zml.cgi remote exploit
http://www.jero.cc/zml/zml.html
MISC:http://www.jero.cc/zml/zml.html
http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0086.html
VULNWATCH:20011231 [VulnWatch] blackshell2: zml.cgi remote exploit
http://www.iss.net/security_center/static/7751.php
XF:zml-cgi-directory-traversal(7751)
CVE-2001-1210
Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings.
2002-03-15
2005-07-02
CVE-2001-1210
http://www.securityfocus.com/bid/3758
BID:3758
http://archives.neohapsis.com/archives/bugtraq/2001-12/0297.html
BUGTRAQ:20011230 Possible security problem with Cisco ubr900 series routers
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0002.html
VULNWATCH:20020103 Security Problem in Cisco ubr900 Series Routers
http://www.iss.net/security_center/static/7806.php
XF:cisco-docsis-default-strings(7806)
CVE-2001-1211
Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.
2002-03-15
2002-03-22
CVE-2001-1211
http://www.securityfocus.com/bid/3766
BID:3766
http://www.securityfocus.com/archive/1/247786
BUGTRAQ:20011231 IMail Web Service User Aliases / Mailing Lists Admin Vulnerability
http://support.ipswitch.com/kb/IM-20011219-DM01.htm
MISC:http://support.ipswitch.com/kb/IM-20011219-DM01.htm
http://support.ipswitch.com/kb/IM-20020301-DM02.htm
MISC:http://support.ipswitch.com/kb/IM-20020301-DM02.htm
http://www.iss.net/security_center/static/7752.php
XF:imail-admin-domain-change(7752)
CVE-2001-1212
Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.
2002-03-15
2002-03-22
CVE-2001-1212
http://www.securityfocus.com/bid/3714
BID:3714
http://www.securityfocus.com/archive/1/246274
BUGTRAQ:20011218 Aktivate Shopping System Cross Site Scripting Vulnerability
http://www.iss.net/security_center/static/7717.php
XF:aktivate-shopping-css(7717)
CVE-2001-1213
The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a default username and password, which allows remote attackers to read and write arbitrary files in the root folder.
2002-03-15
2002-03-22
CVE-2001-1213
http://www.securityfocus.com/bid/3716
BID:3716
http://www.securityfocus.com/archive/1/246285
BUGTRAQ:20011218 FTPXQ default install read/write capabilities
http://www.iss.net/security_center/static/7715.php
XF:ftpxq-default-permissions(7715)
CVE-2001-1214
manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters.
2002-03-15
2005-05-09
CVE-2001-1214
http://www.securityfocus.com/bid/3718
BID:3718
http://www.securityfocus.com/archive/1/247332
BUGTRAQ:20011215 *ALERT* "Unix Manual" PHP-Script allows arbitrary code execution
http://www.kb.cert.org/vuls/id/672419
CERT-VN:VU#672419
http://www.iss.net/security_center/static/7719.php
XF:unixmanual-php-command-execution(7719)
CVE-2001-1215
Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.
2002-06-25
2002-03-22
CVE-2001-1215
http://www.securityfocus.com/bid/3725
BID:3725
http://www.securityfocus.com/archive/1/246656
BUGTRAQ:20011220 [CERT-intexxia] pfinger Format String Vulnerability
http://www.xelia.ch/unix/pfinger/ChangeLog
CONFIRM:http://www.xelia.ch/unix/pfinger/ChangeLog
http://www.iss.net/security_center/static/7742.php
XF:pfinger-plan-format-string(7742)
CVE-2001-1216
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
2002-03-15
2002-03-22
CVE-2001-1216
http://www.securityfocus.com/bid/3726
BID:3726
http://www.securityfocus.com/archive/1/246663
BUGTRAQ:20011221 Buffer Overflow in Oracle 9iAS (#NISR20122001)
http://www.kb.cert.org/vuls/id/500203
CERT-VN:VU#500203
http://otn.oracle.com/deploy/security/pdf/modplsql.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/modplsql.pdf
http://www.iss.net/security_center/static/7727.php
XF:oracle-appserver-modplsql-bo(7727)
CVE-2001-1217
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
2002-03-15
2002-03-22
CVE-2001-1217
http://www.securityfocus.com/bid/3727
BID:3727
http://www.securityfocus.com/archive/1/246663
BUGTRAQ:20011221 Buffer Overflow in Oracle 9iAS (#NISR20122001)
http://www.kb.cert.org/vuls/id/758483
CERT-VN:VU#758483
http://otn.oracle.com/deploy/security/pdf/modplsql.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/modplsql.pdf
http://www.iss.net/security_center/static/7728.php
XF:oracle-appserver-modplsql-traversal(7728)
CVE-2001-1218
Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
2002-03-15
2002-03-22
CVE-2001-1218
http://www.securityfocus.com/bid/3729
BID:3729
http://www.securityfocus.com/archive/1/246611
BUGTRAQ:20011220 E5 (SP1) crash the X server on Solaris2.6 chinese edition
CVE-2001-1219
Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location.
2002-03-15
2002-03-22
CVE-2001-1219
http://www.securityfocus.com/bid/3730
BID:3730
http://www.securityfocus.com/archive/1/246649
BUGTRAQ:20011220 MSIE DoS Using javascript
CVE-2001-1220
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.
2002-03-15
2002-03-22
CVE-2001-1220
http://www.securityfocus.com/bid/3735
BID:3735
http://www.securityfocus.com/archive/1/246849
BUGTRAQ:20011221 D-Link DWL-1000AP can be compromised because of SNMP configuration
http://www.iss.net/security_center/static/7733.php
XF:dlink-ap-public-mib(7733)
CVE-2001-1221
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of 'public' which allows remote attackers to gain sensitive information.
2002-03-15
2002-03-22
CVE-2001-1221
http://www.securityfocus.com/bid/3736
BID:3736
http://www.securityfocus.com/archive/1/246849
BUGTRAQ:20011221 D-Link DWL-1000AP can be compromised because of SNMP configuration
CVE-2001-1222
Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target's IP address and a valid account name for the domain.
2002-03-15
2002-03-22
CVE-2001-1222
http://www.securityfocus.com/bid/3737
BID:3737
http://www.securityfocus.com/archive/1/246861
BUGTRAQ:20011221 twlc advisory: plesk (psa) allows reading of .php files
http://www.iss.net/security_center/static/7735.php
XF:psa-php-reveal-source(7735)
CVE-2001-1223
The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server.
2002-03-15
2002-03-22
CVE-2001-1223
http://www.securityfocus.com/bid/3746
BID:3746
http://www.securityfocus.com/archive/1/247274
BUGTRAQ:20011226 Phoenix Sistemi Security Advisory: ELSA Lancom 1100 Office Security Problems
http://www.iss.net/security_center/static/7739.php
XF:elsa-lancom-web-administration(7739)
CVE-2001-1224
get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack.
2002-03-15
2002-03-22
CVE-2001-1224
http://www.securityfocus.com/bid/3739
BID:3739
http://www.securityfocus.com/archive/1/246994
BUGTRAQ:20011223 GOBBLES CGI MARATHON #001
http://www.iss.net/security_center/static/7736.php
XF:adrotate-sql-execute-commands(7736)
CVE-2001-1225
Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is queried.
2002-03-15
2002-03-22
CVE-2001-1225
http://www.securityfocus.com/bid/3742
BID:3742
http://www.securityfocus.com/archive/1/247222
BUGTRAQ:20011226 msql DoS
http://www.iss.net/security_center/static/7746.php
XF:msql-char-array-dos(7746)
CVE-2001-1226
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.
2002-03-15
2002-03-22
CVE-2001-1226
http://www.securityfocus.com/bid/3741
BID:3741
http://www.securityfocus.com/archive/1/247126
BUGTRAQ:20011225 GOBBLES CGI MARATHON #002
http://www.iss.net/security_center/static/7762.php
XF:adcycle-modify-sql-query(7762)
CVE-2001-1227
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
2002-06-25
2002-06-15
CVE-2001-1227
http://www.securityfocus.com/bid/3425
BID:3425
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3
MANDRAKE:MDKSA-2001:080
http://www.redhat.com/support/errata/RHSA-2001-072.html
REDHAT:RHSA-2001:072
http://www.redhat.com/support/errata/RHSA-2001-115.html
REDHAT:RHSA-2001:115
https://exchange.xforce.ibmcloud.com/vulnerabilities/7271
XF:zope-fmt-access-methods(7271)
CVE-2001-1228
Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow attackers to execute code via a long file name, possibly remotely if gzip is run on an FTP server.
2002-04-12
2002-08-16
CVE-2001-1228
http://www.securityfocus.com/bid/3712
BID:3712
http://online.securityfocus.com/archive/1/247717
BUGTRAQ:20011230 gzip bug w/ patch..
DEBIAN:DSA-100
MANDRAKE:MDKSA-2002:011
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-002.txt.asc
NETBSD:NetBSD-SA2002-002
SGI:20020401-01-P
VULN-DEV:20011118 New bugs discovered!
VULN-DEV:20011119 Killing Thread (New bugs discovered!)
VULN-DEV:20011120 New bugs, old bugs
http://www.iss.net/security_center/static/7882.php
XF:gzip-long-filename-bo(7882)
CVE-2001-1229
Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
2002-04-18
2016-10-17
CVE-2001-1229
http://marc.info/?l=bugtraq&m=98438880622976&w=2
BUGTRAQ:20010312 Icecast / Libshout remote vulnerabilities
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000387
CONECTIVA:CLA-2001:387
http://www.xiph.org/archives/icecast/0074.html
CONFIRM:http://www.xiph.org/archives/icecast/0074.html
http://www.redhat.com/support/errata/RHSA-2002-063.html
REDHAT:RHSA-2002:063
CVE-2001-1230
Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code.
2002-04-18
2016-10-17
CVE-2001-1230
http://marc.info/?l=bugtraq&m=98455723123298&w=2
BUGTRAQ:20010313 More Icecast remote vulnerabilities
http://www.debian.org/security/2001/dsa-089
DEBIAN:DSA-089
http://www.redhat.com/support/errata/RHSA-2002-063.html
REDHAT:RHSA-2002:063
CVE-2001-1231
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
2002-06-25
2002-05-09
CVE-2001-1231
http://www.securityfocus.com/bid/3189
BID:3189
http://www.securityfocus.com/archive/1/204672
BUGTRAQ:20010814 Fwd: Security Alert: Groupwise - Action Required
http://support.novell.com/padlock/details.htm
CONFIRM:http://support.novell.com/padlock/details.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/6998
XF:novell-groupwise-admin-privileges(6998)
CVE-2001-1232
GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get".
2002-05-03
2017-12-18
CVE-2001-1232
http://www.securityfocus.com/bid/3188
BID:3188
http://www.securityfocus.com/archive/1/204875
BUGTRAQ:20010815 Groupwise Webaccess, NetWare web server, and Novell
https://exchange.xforce.ibmcloud.com/vulnerabilities/6988
XF:netware-get-directory-listing(6988)
CVE-2001-1233
Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm.
2002-05-03
2017-12-18
CVE-2001-1233
http://www.securityfocus.com/archive/1/204875
BUGTRAQ:20010815 Groupwise Webaccess, NetWare web server, and Novell
https://exchange.xforce.ibmcloud.com/vulnerabilities/6987
XF:netware-nds-information-leak(6987)
CVE-2001-1234
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
2002-06-25
2002-05-09
CVE-2001-1234
http://www.securityfocus.com/bid/3397
BID:3397
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz
CONFIRM:http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz
http://www.osvdb.org/1967
OSVDB:1967
http://www.iss.net/security_center/static/7215.php
XF:php-includedir-code-execution(7215)
CVE-2001-1235
pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
2002-06-25
2002-05-09
CVE-2001-1235
http://www.securityfocus.com/bid/3395
BID:3395
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
http://www.kb.cert.org/vuls/id/847803
CERT-VN:VU#847803
http://www.iss.net/security_center/static/7215.php
XF:php-includedir-code-execution(7215)
CVE-2001-1236
myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
2002-06-25
2002-05-09
CVE-2001-1236
http://www.securityfocus.com/bid/3394
BID:3394
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
http://www.kb.cert.org/vuls/id/847803
CERT-VN:VU#847803
http://www.iss.net/security_center/static/7215.php
XF:php-includedir-code-execution(7215)
CVE-2001-1237
Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.
2002-06-25
2002-05-09
CVE-2001-1237
http://www.securityfocus.com/bid/3393
BID:3393
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
http://www.kb.cert.org/vuls/id/847803
CERT-VN:VU#847803
http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz
CONFIRM:http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz
http://www.iss.net/security_center/static/7215.php
XF:php-includedir-code-execution(7215)
CVE-2001-1238
Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local users to install Trojan horses that cannot be stopped with the Task Manager.
2002-05-03
2017-12-18
CVE-2001-1238
http://www.securityfocus.com/bid/3033
BID:3033
http://www.securityfocus.com/archive/1/197195
BUGTRAQ:20010716 W2k: Unkillable Applications
https://exchange.xforce.ibmcloud.com/vulnerabilities/6919
XF:win2k-taskmanager-unkillable-process(6919)
CVE-2001-1239
PowerNet IX allows remote attackers to cause a denial of service via a port scan.
2002-05-03
2002-05-09
CVE-2001-1239
http://www.securityfocus.com/bid/2992
BID:2992
CVE-2001-1240
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
2002-06-25
2002-05-09
CVE-2001-1240
http://www.linuxsecurity.com/advisories/other_advisory-1493.html
ENGARDE:ESA-20010711-02
CVE-2001-1241
Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that begins with "#!" and the desired program name.
2002-05-03
2002-05-09
CVE-2001-1241
http://www.securityfocus.com/bid/3057
BID:3057
http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html
BUGTRAQ:20010717 multiple vulnerabilities in un-cgi
http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html
BUGTRAQ:20010718 Re: [Khamba Staring <purrcat@edoropolis.org>] multiple
http://www.midwinter.com/~koreth/uncgi-changes.html
CONFIRM:http://www.midwinter.com/~koreth/uncgi-changes.html
http://www.midwinter.com/~koreth/uncgi.html
CONFIRM:http://www.midwinter.com/~koreth/uncgi.html
http://www.iss.net/security_center/static/6847.php
XF:uncgi-unexecutable-cgi(6847)
CVE-2001-1242
Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form.
2002-05-03
2002-05-09
CVE-2001-1242
http://www.securityfocus.com/bid/3056
BID:3056
http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html
BUGTRAQ:20010717 multiple vulnerabilities in un-cgi
http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html
BUGTRAQ:20010718 Re: [Khamba Staring <purrcat@edoropolis.org>] multiple vulnerabilities in un-cgi
http://www.midwinter.com/~koreth/uncgi-changes.html
CONFIRM:http://www.midwinter.com/~koreth/uncgi-changes.html
http://www.iss.net/security_center/static/6846.php
XF:uncgi-dot-directory-traversal(6846)
CVE-2001-1243
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or (2) remotely injecting the device name into ASP programs that internally use Scripting.FileSystemObject.
2002-05-03
2002-05-09
CVE-2001-1243
http://www.securityfocus.com/bid/2973
BID:2973
http://www.securityfocus.com/archive/1/194919
BUGTRAQ:20010704 NERF Advisory #4: MS IIS local and remote DoS
http://www.iss.net/security_center/static/6800.php
XF:iis-device-asp-dos(6800)
CVE-2001-1244
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
2002-05-03
2017-12-18
CVE-2001-1244
http://www.securityfocus.com/bid/2997
BID:2997
http://www.securityfocus.com/archive/1/195457
BUGTRAQ:20010708 Small TCP packets == very large overhead == DoS?
https://exchange.xforce.ibmcloud.com/vulnerabilities/6824
XF:tcp-mss-dos(6824)
CVE-2001-1245
Opera 5.0 for Linux does not properly handle malformed HTTP headers, which allows remote attackers to cause a denial of service, possibly with a header whose value is the same as a MIME header name.
2002-05-03
2002-05-09
CVE-2001-1245
http://www.securityfocus.com/bid/3012
BID:3012
http://online.securityfocus.com/archive/1/196980
BUGTRAQ:20010712 Re: Opera Browser Heap Overflow (Session Replay Attack)
http://www.iss.net/security_center/static/6838.php
XF:opera-browser-header-bo(6838)
CVE-2001-1246
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
2002-06-25
2010-01-21
CVE-2001-1246
http://www.securityfocus.com/bid/2954
BID:2954
http://online.securityfocus.com/archive/1/194425
BUGTRAQ:20010630 php breaks safe mode
http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz
CONFIRM:http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz
http://www.redhat.com/support/errata/RHSA-2002-102.html
REDHAT:RHSA-2002:102
http://www.redhat.com/support/errata/RHSA-2002-129.html
REDHAT:RHSA-2002:129
http://www.redhat.com/support/errata/RHSA-2003-159.html
REDHAT:RHSA-2003:159
http://www.iss.net/security_center/static/6787.php
XF:php-safemode-elevate-privileges(6787)
CVE-2001-1247
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
2002-06-25
2002-06-15
CVE-2001-1247
http://online.securityfocus.com/archive/1/194425
BUGTRAQ:20010630 php breaks safe mode
http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz
CONFIRM:http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz
http://www.osvdb.org/5440
OSVDB:5440
http://www.redhat.com/support/errata/RHSA-2002-035.html
REDHAT:RHSA-2002:035
CVE-2001-1248
vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).
2002-05-03
2002-05-09
CVE-2001-1248
http://www.securityfocus.com/bid/2975
BID:2975
http://online.securityfocus.com/archive/1/194418
BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP
http://www.iss.net/security_center/static/6769.php
XF:vwebserver-asp-reveal-source(6769)
CVE-2001-1249
vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.
2002-05-03
2002-05-09
CVE-2001-1249
http://www.securityfocus.com/bid/2978
BID:2978
http://online.securityfocus.com/archive/1/194418
BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP
CVE-2001-1250
vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow.
2002-05-03
2002-05-09
CVE-2001-1250
http://www.securityfocus.com/bid/2979
BID:2979
http://online.securityfocus.com/archive/1/194418
BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP
http://www.iss.net/security_center/static/6771.php
XF:vwebserver-long-url-dos(6771)
CVE-2001-1251
SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests.
2003-04-02
2002-05-09
CVE-2001-1251
http://www.securityfocus.com/bid/2980
BID:2980
http://online.securityfocus.com/archive/1/194418
BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP
http://www.iss.net/security_center/static/6771.php
XF:vwebserver-long-url-dos(6771)
CVE-2001-1252
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
2002-06-25
2002-05-09
CVE-2001-1252
http://www.securityfocus.com/bid/3375
BID:3375
http://archives.neohapsis.com/archives/bugtraq/2001-09/0230.html
BUGTRAQ:20010928 SNS-43: PGP Keyserver Permissions Misconfiguration
http://www.pgp.com/support/product-advisories/keyserver.asp
CONFIRM:http://www.pgp.com/support/product-advisories/keyserver.asp
http://www.osvdb.org/1955
OSVDB:1955
http://www.osvdb.org/4193
OSVDB:4193
http://www.iss.net/security_center/static/7203.php
XF:pgp-keyserver-http-dos(7203)
CVE-2001-1253
Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users.
2002-05-03
2002-05-09
CVE-2001-1253
http://online.securityfocus.com/archive/1/217200
BUGTRAQ:20010927 Two problems with Alexis/InternetPBX from COM2001
http://www.iss.net/security_center/static/7205.php
XF:alexis-http-plaintext-information(7205)
CVE-2001-1254
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.
2002-05-03
2002-05-09
CVE-2001-1254
http://www.securityfocus.com/bid/3373
BID:3373
http://online.securityfocus.com/archive/1/217200
BUGTRAQ:20010927 Two problems with Alexis/InternetPBX from COM2001
CVE-2001-1255
WinMySQLadmin 1.1 stores the MySQL password in plain text in the my.ini file, which allows local users to obtain unathorized access the MySQL database.
2002-05-03
2002-05-09
CVE-2001-1255
http://www.securityfocus.com/bid/3381
BID:3381
http://online.securityfocus.com/archive/1/217848
BUGTRAQ:20011002 WinMySQLadmin 1.1 Store MySQL password in clear text
http://www.iss.net/security_center/static/7206.php
XF:winmysqladmin-password-plaintext(7206)
CVE-2001-1256
kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.
2002-05-03
2017-12-18
CVE-2001-1256
http://www.securityfocus.com/bid/2821
BID:2821
http://www.securityfocus.com/archive/1/188568
BUGTRAQ:20010604 yet another sym link followers
http://www.kb.cert.org/vuls/id/127435
CERT-VN:VU#127435
http://ciac.llnl.gov/ciac/bulletins/l-093.shtml
CIAC:L-093
http://www.kb.cert.org/vuls/id/TJSL-4Z5Q92
CONFIRM:http://www.kb.cert.org/vuls/id/TJSL-4Z5Q92
http://online.securityfocus.com/advisories/3354
HP:HPSBUX0106-153
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5628
OVAL:oval:org.mitre.oval:def:5628
https://exchange.xforce.ibmcloud.com/vulnerabilities/6656
XF:hpux-kmmodreg-symlink(6656)
CVE-2001-1257
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
2002-05-03
2002-05-09
CVE-2001-1257
http://www.securityfocus.com/bid/3082
BID:3082
http://online.securityfocus.com/archive/1/198495
BUGTRAQ:20010721 IMP 2.2.6 (SECURITY) released
http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt
CALDERA:CSSA-2001-027.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
CONECTIVA:CLA-2001:410
http://online.securityfocus.com/archive/1/198495
CONFIRM:http://online.securityfocus.com/archive/1/198495
http://www.debian.org/security/2001/dsa-073
DEBIAN:DSA-073
http://www.iss.net/security_center/static/6905.php
XF:imp-cross-site-scripting(6905)
CVE-2001-1258
Horde Internet Messaging Program (IMP) before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server.
2002-05-03
2002-05-09
CVE-2001-1258
http://www.securityfocus.com/bid/3083
BID:3083
http://online.securityfocus.com/archive/1/198495
BUGTRAQ:20010721 IMP 2.2.6 (SECURITY) released
http://www.caldera.com/support/security/advisories/CSSA-2001-027.0.txt
CALDERA:CSSA-2001-027.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
CONECTIVA:CLA-2001:410
http://online.securityfocus.com/archive/1/198495
CONFIRM:http://online.securityfocus.com/archive/1/198495
http://www.debian.org/security/2001/dsa-073
DEBIAN:DSA-073
http://www.iss.net/security_center/static/6906.php
XF:imp-prefslang-gain-privileges(6906)
CVE-2001-1259
Avaya Argent Office allows remote attackers to cause a denial of service by sending UDP packets to port 53 with no payload.
2002-05-03
2002-05-09
CVE-2001-1259
http://online.securityfocus.com/archive/1/202344
BUGTRAQ:20010807 Multiple vulnerabilities in Avaya Argent Office
http://www.iss.net/security_center/static/6953.php
XF:argent-office-udp-dos(6953)
CVE-2001-1260
Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator privileges by sniffing and decrypting the sniffing the passwords during a system reboot.
2002-05-03
2002-05-09
CVE-2001-1260
http://online.securityfocus.com/archive/1/202344
BUGTRAQ:20010807 Multiple vulnerabilities in Avaya Argent Office
http://www.iss.net/security_center/static/6954.php
XF:argent-office-weak-encryption(6954)
CVE-2001-1261
Avaya Argent Office 2.1 may allow remote attackers to change hold music by spoofing a legitimate server's response to a TFTP broadcast and providing an alternate HoldMusic file.
2002-05-03
2002-05-09
CVE-2001-1261
http://online.securityfocus.com/archive/1/202344
BUGTRAQ:20010807 Multiple vulnerabilities in Avaya Argent Office
http://www.iss.net/security_center/static/6956.php
XF:argent-office-change-music(6956)
CVE-2001-1262
Avaya Argent Office 2.1 compares a user-provided SNMP community string with the correct string only up to the length of the user-provided string, which allows remote attackers to bypass authentication with a 0 length community string.
2002-05-03
2002-05-09
CVE-2001-1262
http://online.securityfocus.com/archive/1/202344
BUGTRAQ:20010807 Multiple vulnerabilities in Avaya Argent Office
http://www.iss.net/security_center/static/6955.php
XF:argent-office-community-string(6955)
CVE-2001-1263
telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers to cause a denial of service (crash) via a large number of characters to port 23, possibly due to a buffer overflow.
2002-05-03
2017-12-18
CVE-2001-1263
http://www.securityfocus.com/bid/2834
BID:2834
http://online.securityfocus.com/archive/1/189327
BUGTRAQ:20010606 advisory for Pragma Interaccess
https://exchange.xforce.ibmcloud.com/vulnerabilities/6658
XF:pragma-interaccess-dos(6658)
CVE-2001-1264
Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating System (VVOS) 4.0 and 4.5 allows attackers to elevate privileges.
2002-05-03
2017-12-18
CVE-2001-1264
http://www.securityfocus.com/bid/3072
BID:3072
http://www.kb.cert.org/vuls/id/420475
CERT-VN:VU#420475
http://ciac.llnl.gov/ciac/bulletins/l-119.shtml
CIAC:L-119
http://www.securityfocus.com/advisories/3459
HP:HPSBUX0107-161
https://exchange.xforce.ibmcloud.com/vulnerabilities/6867
XF:hp-virtualvault-mkacct-privilege-elevation(6867)
CVE-2001-1265
Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack.
2002-05-03
2017-12-18
CVE-2001-1265
http://www.securityfocus.com/bid/3076
BID:3076
http://online.securityfocus.com/archive/1/198297
BUGTRAQ:20010720 IBM TFTP Server for Java vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/6864
XF:ibm-tftp-directory-traversal(6864)
CVE-2001-1266
Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'.
2002-06-25
2002-05-09
CVE-2001-1266
http://dnhttpd.sourceforge.net/changelog.html
CONFIRM:http://dnhttpd.sourceforge.net/changelog.html
http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0002.html
MISC:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0002.html
CVE-2001-1267
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
2004-09-01
2010-05-20
CVE-2001-1267
http://www.securityfocus.com/bid/3024
BID:3024
http://online.securityfocus.com/archive/1/196445
BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538
CONECTIVA:CLA-2002:538
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz
CONFIRM:ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz
http://online.securityfocus.com/advisories/4514
HP:HPSBTL0209-068
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066
MANDRAKE:MDKSA-2002:066
http://www.redhat.com/support/errata/RHSA-2002-096.html
REDHAT:RHSA-2002:096
http://www.redhat.com/support/errata/RHSA-2002-138.html
REDHAT:RHSA-2002:138
http://www.redhat.com/support/errata/RHSA-2003-218.html
REDHAT:RHSA-2003:218
http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1
SUNALERT:47800
http://www.iss.net/security_center/static/10224.php
XF:archive-extraction-directory-traversal(10224)
CVE-2001-1268
Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.
2002-05-03
2010-05-20
CVE-2001-1268
http://online.securityfocus.com/archive/1/196445
BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
http://www.info-zip.org/pub/infozip/UnZip.html
CONFIRM:http://www.info-zip.org/pub/infozip/UnZip.html
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1
SUNALERT:1000928
http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1
SUNALERT:47800
CVE-2001-1269
Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' (slash) character.
2002-05-03
2010-05-20
CVE-2001-1269
http://online.securityfocus.com/archive/1/196445
BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
http://www.info-zip.org/pub/infozip/UnZip.html
CONFIRM:http://www.info-zip.org/pub/infozip/UnZip.html
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1
SUNALERT:1000928
http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1
SUNALERT:47800
CVE-2001-1270
Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files.
2002-05-03
2002-05-09
CVE-2001-1270
http://online.securityfocus.com/archive/1/196445
BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
http://www.security.nnov.ru/advisories/archdt.asp
MISC:http://www.security.nnov.ru/advisories/archdt.asp
CVE-2001-1271
Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.
2002-05-03
2002-05-09
CVE-2001-1271
http://online.securityfocus.com/archive/1/196445
BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
http://www.security.nnov.ru/advisories/archdt.asp
MISC:http://www.security.nnov.ru/advisories/archdt.asp
CVE-2001-1272
wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.
2002-05-03
2002-05-09
CVE-2001-1272
http://www.securityfocus.com/bid/3658
BID:3658
http://www.debian.org/security/2001/dsa-092
DEBIAN:DSA-092
http://www.iss.net/security_center/static/7669.php
XF:wmtv-execute-commands(7669)
CVE-2001-1273
The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).
2002-05-03
2002-05-09
CVE-2001-1273
http://ciac.llnl.gov/ciac/bulletins/l-045.shtml
CIAC:L-045
http://www.redhat.com/support/errata/RHSA-2001-013.html
REDHAT:RHSA-2001:013
CVE-2001-1274
Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.
2002-05-03
2016-10-17
CVE-2001-1274
BUGTRAQ:20010118 Buffer overflow in MySQL < 3.23.31
BUGTRAQ:20010119 Re: MySQL < 3.23.31 Overflow [exploit]
BUGTRAQ:20010119 Re: MySQL Overflow + exploit [ops..sent a broken exploit :P]
http://www.calderasystems.com/support/security/advisories/CSSA-2001-006.0.txt
CALDERA:CSSA-2001-006.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000375
CONECTIVA:CLA-2001:375
http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.3
CONFIRM:http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.3
http://www.debian.org/security/2001/dsa-013
DEBIAN:DSA-013
http://marc.info/?l=bugtraq&m=98089552030459&w=2
FREEBSD:FreeBSD-SA-01:16
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-014.php3
MANDRAKE:MDKSA-2001:014
http://www.redhat.com/support/errata/RHSA-2001-003.html
REDHAT:RHSA-2001:003
CVE-2001-1275
MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
2002-05-03
2016-10-17
CVE-2001-1275
http://www.calderasystems.com/support/security/advisories/CSSA-2001-006.0.txt
CALDERA:CSSA-2001-006.0
http://marc.info/?l=bugtraq&m=98089552030459&w=2
FREEBSD:FreeBSD-SA-01:16
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-014.php3
MANDRAKE:MDKSA-2001:014
http://www.redhat.com/support/errata/RHSA-2001-003.html
REDHAT:RHSA-2001:003
CVE-2001-1276
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.
2002-06-25
2002-05-09
CVE-2001-1276
http://marc.info/?l=bugtraq&m=99317439131174&w=2
BUGTRAQ:20010621 ispell update -- Immunix OS 6.2
http://download.immunix.org/ImmunixOS/6.2/updates/IMNX-2001-62-004-01
IMMUNIX:IMNX-2001-62-004-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-058.php3
MANDRAKE:MDKSA-2001:058
http://www.redhat.com/support/errata/RHSA-2001-074.html
REDHAT:RHSA-2001:074
CVE-2001-1277
makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.
2002-06-25
2002-06-15
CVE-2001-1277
http://marc.info/?l=bugtraq&m=99227597227747&w=2
BUGTRAQ:20010611 man 1.5h10 + man 1.5i-4 exploits
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=41805
MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=41805
http://www.redhat.com/support/errata/RHSA-2001-072.html
REDHAT:RHSA-2001:072
CVE-2001-1278
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
2002-05-03
2002-05-09
CVE-2001-1278
http://www.securityfocus.com/bid/3425
BID:3425
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3
MANDRAKE:MDKSA-2001:080
http://www.redhat.com/support/errata/RHSA-2001-115.html
REDHAT:RHSA-2001:115
CVE-2001-1279
Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.
2004-09-01
2003-03-17
CVE-2001-1279
http://www.securityfocus.com/bid/3065
BID:3065
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt
CALDERA:CSSA-2002-025.0
http://www.kb.cert.org/vuls/id/797201
CERT-VN:VU#797201
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480
CONECTIVA:CLA-2002:480
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc
FREEBSD:FreeBSD-SA-01:48
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-032.php
MANDRAKE:MDKSA-2002:032
http://www.redhat.com/support/errata/RHSA-2001-089.html
REDHAT:RHSA-2001:089
http://www.iss.net/security_center/static/7006.php
XF:tcpdump-afs-rpc-bo(7006)
CVE-2001-1280
POP3 Server for Ipswitch IMail 7.04 and earlier generates different responses to valid and invalid user names, which allows remote attackers to determine users on the system.
2002-05-03
2002-05-09
CVE-2001-1280
http://www.securityfocus.com/bid/3424
BID:3424
http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html
BUGTRAQ:20011011 Vulnerabilities in Ipswitch IMail Server 7.04
http://www.ipswitch.com/Support/IMail/news.html
MISC:http://www.ipswitch.com/Support/IMail/news.html
CVE-2001-1281
Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form.
2002-05-03
2002-05-09
CVE-2001-1281
http://www.securityfocus.com/bid/3429
BID:3429
http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html
BUGTRAQ:20011011 Vulnerabilities in Ipswitch IMail Server 7.04
http://www.ipswitch.com/Support/IMail/news.html
MISC:http://www.ipswitch.com/Support/IMail/news.html
CVE-2001-1282
Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information.
2002-05-03
2002-05-09
CVE-2001-1282
http://www.securityfocus.com/bid/3426
BID:3426
http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html
BUGTRAQ:20011011 Ipswitch Imail 7.04 vulnerabilities
http://www.ipswitch.com/Support/IMail/news.html
MISC:http://www.ipswitch.com/Support/IMail/news.html
CVE-2001-1283
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.
2002-05-03
2002-05-09
CVE-2001-1283
http://www.securityfocus.com/bid/3427
BID:3427
http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html
BUGTRAQ:20011011 Ipswitch Imail 7.04 vulnerabilities
http://www.ipswitch.com/Support/IMail/news.html
MISC:http://www.ipswitch.com/Support/IMail/news.html
CVE-2001-1284
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
2002-05-03
2002-05-09
CVE-2001-1284
http://www.securityfocus.com/bid/3428
BID:3428
http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html
BUGTRAQ:20011011 Ipswitch Imail 7.04 vulnerabilities
http://www.ipswitch.com/Support/IMail/news.html
MISC:http://www.ipswitch.com/Support/IMail/news.html
CVE-2001-1285
Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter.
2002-05-03
2002-05-09
CVE-2001-1285
http://www.securityfocus.com/bid/3432
BID:3432
http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html
BUGTRAQ:20011011 Ipswitch Imail 7.04 vulnerabilities
http://www.ipswitch.com/Support/IMail/news.html
MISC:http://www.ipswitch.com/Support/IMail/news.html
CVE-2001-1286
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
2002-05-03
2002-05-09
CVE-2001-1286
http://www.securityfocus.com/bid/3432
BID:3432
http://archives.neohapsis.com/archives/bugtraq/2001-10/0082.html
BUGTRAQ:20011011 Ipswitch Imail 7.04 vulnerabilities
http://online.securityfocus.com/archive/1/261096
BUGTRAQ:20020310 IMail Account hijack through the Web Interface
http://www.ipswitch.com/Support/IMail/news.html
MISC:http://www.ipswitch.com/Support/IMail/news.html
CVE-2001-1287
Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
2002-05-03
2002-05-09
CVE-2001-1287
http://www.securityfocus.com/bid/3431
BID:3431
http://archives.neohapsis.com/archives/bugtraq/2001-10/0083.html
BUGTRAQ:20011012 def-2001-29
http://www.ipswitch.com/Support/IMail/news.html
MISC:http://www.ipswitch.com/Support/IMail/news.html
CVE-2001-1288
Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling error in csrss.exe.
2002-05-03
2016-10-17
CVE-2001-1288
http://www.securityfocus.com/bid/3115
BID:3115
http://online.securityfocus.com/archive/1/200118
BUGTRAQ:20010727 bug w2k
http://marc.info/?l=bugtraq&m=99640583014377&w=2
BUGTRAQ:20010729 Re: w2k dos
http://online.securityfocus.com/archive/1/200985
BUGTRAQ:20010731 NT TS / Win 2K and F7 - Enter bug
http://online.securityfocus.com/archive/1/201151
BUGTRAQ:20010801 F7-Enter bug details & workaround
http://marc.info/?l=vuln-dev&m=99651044701417&w=2
VULN-DEV:20010730 RE: bug w2k
CVE-2001-1289
Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters.
2002-05-03
2002-05-09
CVE-2001-1289
http://www.securityfocus.com/bid/3123
BID:3123
http://archives.neohapsis.com/archives/bugtraq/2001-07/0748.html
BUGTRAQ:20010730 ADV: Quake 3 Arena 1.29f/g Vulnerability
CVE-2001-1290
admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter.
2002-05-03
2017-12-18
CVE-2001-1290
http://www.securityfocus.com/bid/2942
BID:2942
http://archives.neohapsis.com/archives/bugtraq/2001-06/0386.html
BUGTRAQ:20010627 Active Web Classifieds failure to authenticate leads to arbitrary code execution
http://www.osvdb.org/12326
OSVDB:12326
https://exchange.xforce.ibmcloud.com/vulnerabilities/6754
XF:active-classifieds-admin-access(6754)
CVE-2001-1291
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
2003-04-02
2002-05-09
CVE-2001-1291
http://www.securityfocus.com/bid/3034
BID:3034
http://www.securityfocus.com/archive/1/196957
BUGTRAQ:20010712 3Com TelnetD
https://exchange.xforce.ibmcloud.com/vulnerabilities/6855
XF:3com-telnetd-brute-force(6855)
CVE-2001-1292
Sambar Telnet Proxy/Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long password.
2002-05-03
2002-05-09
CVE-2001-1292
http://archives.neohapsis.com/archives/bugtraq/2001-08/0160.html
BUGTRAQ:20010813 Sambar Telnet Proxy/Server multiple vulnerablietis
http://www.iss.net/security_center/static/6973.php
XF:sambar-telnet-bo(6973)
CVE-2001-1293
Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request.
2002-05-03
2002-05-09
CVE-2001-1293
http://www.securityfocus.com/bid/3366
BID:3366
http://archives.neohapsis.com/archives/bugtraq/2001-09/0217.html
BUGTRAQ:20010926 3Com(r) HomeConnect(r) Cable Modem Denial of Service
http://www.kb.cert.org/vuls/id/500027
CERT-VN:VU#500027
CVE-2001-1294
Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password.
2002-05-03
2002-05-09
CVE-2001-1294
http://www.securityfocus.com/bid/3224
BID:3224
BUGTRAQ:20010822 AVTronics InetServer DoS and BoF Vulnerabilities
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0001&L=ntbugtraq&F=P&S=&P=4592
NTBUGTRAQ:20000117 Remote Buffer Exploit - InetServ 3.0
http://www.iss.net/security_center/static/7022.php
XF:inetserv-webmail-bo(7022)
CVE-2001-1295
Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command.
2002-06-25
2002-05-09
CVE-2001-1295
http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes
CONFIRM:http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes
http://www.securiteam.com/windowsntfocus/5SP0M0055W.html
MISC:http://www.securiteam.com/windowsntfocus/5SP0M0055W.html
http://www.iss.net/security_center/static/7004.php
XF:cerberus-ftp-directory-traversal(7004)
CVE-2001-1296
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
2003-04-02
2002-05-09
CVE-2001-1296
http://www.securityfocus.com/bid/3383
BID:3383
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
http://www.moregroupware.org/index.php?action=detail&news_id=24
MISC:http://www.moregroupware.org/index.php?action=detail&news_id=24
http://www.iss.net/security_center/static/7215.php
XF:php-includedir-code-execution(7215)
CVE-2001-1297
PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.
2002-06-25
2002-05-09
CVE-2001-1297
http://www.securityfocus.com/bid/3384
BID:3384
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
http://sourceforge.net/project/shownotes.php?release_id=58331
CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=58331
http://www.osvdb.org/1960
OSVDB:1960
http://www.iss.net/security_center/static/7215.php
XF:php-includedir-code-execution(7215)
CVE-2001-1298
Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
2002-05-03
2002-05-09
CVE-2001-1298
http://www.securityfocus.com/bid/3385
BID:3385
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
http://www.iss.net/security_center/static/7215.php
XF:php-includedir-code-execution(7215)
CVE-2001-1299
Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
2002-06-25
2002-05-09
CVE-2001-1299
http://www.securityfocus.com/bid/3386
BID:3386
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
BUGTRAQ:20011002 results of semi-automatic source code audit
http://www.kb.cert.org/vuls/id/847803
CERT-VN:VU#847803
http://www.come.to/zorbat/
CONFIRM:http://www.come.to/zorbat/
http://www.kb.cert.org/vuls/id/JARL-53RJKV
CONFIRM:http://www.kb.cert.org/vuls/id/JARL-53RJKV
http://www.iss.net/security_center/static/7215.php
XF:php-includedir-code-execution(7215)
CVE-2001-1300
Directory traversal vulnerability in Dynu FTP server 1.05 and earlier allows remote attackers to read arbitrary files via a .. in the CD (CWD) command.
2002-05-03
2002-05-09
CVE-2001-1300
http://www.securiteam.com/windowsntfocus/5KP0N0A55M.html
MISC:http://www.securiteam.com/windowsntfocus/5KP0N0A55M.html
http://www.iss.net/security_center/static/7045.php
XF:dynuftp-dot-directory-traversal(7045)
CVE-2001-1301
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
2003-04-02
2003-03-24
CVE-2001-1301
http://archives.neohapsis.com/archives/bugtraq/2001-08/0093.html
BUGTRAQ:20010807 rcs2log
http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95
CONFIRM:http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95
http://www.iss.net/security_center/static/11210.php
XF:rcs2log-tmp-symlink(11210)
CVE-2001-1302
The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.
2004-09-01
2002-05-09
CVE-2001-1302
http://www.securityfocus.com/bid/3063
BID:3063
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1911
NTBUGTRAQ:20010718 Changing NT/2000 accounts password from the command line
https://exchange.xforce.ibmcloud.com/vulnerabilities/6876
XF:win2k-change-network-passwords(6876)
CVE-2001-1303
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.
2003-04-02
2002-05-09
CVE-2001-1303
http://www.securityfocus.com/bid/3058
BID:3058
http://www.securityfocus.com/archive/1/197566
BUGTRAQ:20010718 Firewall-1 Information leak
http://www.osvdb.org/588
OSVDB:588
https://exchange.xforce.ibmcloud.com/vulnerabilities/6857
XF:fw1-securemote-gain-information(6857)
CVE-2001-1304
Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to cause a denial of service (crash) via several HTTP requests with a long (1) user-agent or (2) host HTTP header.
2002-05-03
2002-05-09
CVE-2001-1304
http://archives.neohapsis.com/archives/bugtraq/2001-08/0048.html
BUGTRAQ:20010803 Denial of Service in SHOUTcast Server 1.8.2 Linux/w32/?
http://www.iss.net/security_center/static/6938.php
XF:shoutcast-http-field-bo(6938)
CVE-2001-1305
ICQ 2001a Alpha and earlier allows remote attackers to automatically add arbitrary UINs to an ICQ user's contact list via a URL to a web page with a Content-Type of application/x-icq, which is processed by Internet Explorer.
2002-05-03
2016-10-17
CVE-2001-1305
http://www.securityfocus.com/bid/3226
BID:3226
http://marc.info/?l=bugtraq&m=99851887024728&w=2
BUGTRAQ:20010822 Hexyn / Securax Advisory #22 - ICQ Forced Auto-Add Users
http://www.iss.net/security_center/static/7028.php
XF:icq-auto-add-user(7028)
CVE-2001-1306
iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2002-05-09
CVE-2001-1306
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/276944
CERT-VN:VU#276944
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
http://www.kb.cert.org/vuls/id/JPLA-4WESMM
MISC:http://www.kb.cert.org/vuls/id/JPLA-4WESMM
ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I
SGI:20011102-01-I
CVE-2001-1307
Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2017-12-18
CVE-2001-1307
http://www.securityfocus.com/bid/3038
BID:3038
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/276944
CERT-VN:VU#276944
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
http://www.kb.cert.org/vuls/id/JPLA-4WESMM
MISC:http://www.kb.cert.org/vuls/id/JPLA-4WESMM
ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I
SGI:20011102-01-I
https://exchange.xforce.ibmcloud.com/vulnerabilities/6893
XF:iplanet-ldap-protos-bo(6893)
CVE-2001-1308
Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2017-12-18
CVE-2001-1308
http://www.securityfocus.com/bid/3039
BID:3039
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/276944
CERT-VN:VU#276944
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
http://www.kb.cert.org/vuls/id/JPLA-4WESMM
MISC:http://www.kb.cert.org/vuls/id/JPLA-4WESMM
ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I
SGI:20011102-01-I
https://exchange.xforce.ibmcloud.com/vulnerabilities/6898
XF:iplanet-ldap-protos-format-string(6898)
CVE-2001-1309
Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2017-12-18
CVE-2001-1309
http://www.securityfocus.com/bid/3040
BID:3040
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/505564
CERT-VN:VU#505564
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
http://www.kb.cert.org/vuls/id/CFCR-4YQ33Y
MISC:http://www.kb.cert.org/vuls/id/CFCR-4YQ33Y
https://exchange.xforce.ibmcloud.com/vulnerabilities/6894
XF:secureway-ldap-protos-dos(6894)
CVE-2001-1310
IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2017-12-18
CVE-2001-1310
http://www.securityfocus.com/bid/3040
BID:3040
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/505564
CERT-VN:VU#505564
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
http://www.kb.cert.org/vuls/id/CFCR-4YQ33Y
MISC:http://www.kb.cert.org/vuls/id/CFCR-4YQ33Y
https://exchange.xforce.ibmcloud.com/vulnerabilities/6894
XF:secureway-ldap-protos-dos(6894)
CVE-2001-1311
Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2018-10-19
CVE-2001-1311
http://www.securityfocus.com/bid/3041
BID:3041
http://www.securityfocus.com/archive/1/314909/30/25520/threaded
BUGTRAQ:20030313 R7-0012: Lotus Notes/Domino R6-beta PROTOS LDAP Denial of Service Regression
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/583184
CERT-VN:VU#583184
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.notes.net/r5fixlist.nsf/Search%21SearchView&Query=DWUU4W6NC8
CONFIRM:http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
https://exchange.xforce.ibmcloud.com/vulnerabilities/6895
XF:domino-ldap-protos-bo(6895)
CVE-2001-1312
Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2017-12-18
CVE-2001-1312
http://www.securityfocus.com/bid/3042
BID:3042
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/583184
CERT-VN:VU#583184
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.notes.net/r5fixlist.nsf/Search%21SearchView&Query=DWUU4W6NC8
CONFIRM:http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
https://exchange.xforce.ibmcloud.com/vulnerabilities/6896
XF:domino-ldap-protos-format-string(6896)
CVE-2001-1313
Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2002-05-09
CVE-2001-1313
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/583184
CERT-VN:VU#583184
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.notes.net/r5fixlist.nsf/Search%21SearchView&Query=DWUU4W6NC8
CONFIRM:http://www.notes.net/r5fixlist.nsf/Search!SearchView&Query=DWUU4W6NC8
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
CVE-2001-1314
Buffer overflows in Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2002-05-09
CVE-2001-1314
http://www.securityfocus.com/bid/3124
BID:3124
http://archives.neohapsis.com/archives/bugtraq/2001-07/0770.html
BUGTRAQ:20010731 RE: CERT Advisory CA-2001-18, Critical Path directory products ar e vulnerable
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/657547
CERT-VN:VU#657547
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM
CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
CVE-2001-1315
Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2002-05-09
CVE-2001-1315
http://archives.neohapsis.com/archives/bugtraq/2001-07/0770.html
BUGTRAQ:20010731 RE: CERT Advisory CA-2001-18, Critical Path directory products ar e vulnerable
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/657547
CERT-VN:VU#657547
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM
CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
CVE-2001-1316
Buffer overflows in Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2017-12-18
CVE-2001-1316
http://www.securityfocus.com/bid/3044
BID:3044
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/688960
CERT-VN:VU#688960
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.kb.cert.org/vuls/id/JPLA-4WESNA
CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNA
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
https://exchange.xforce.ibmcloud.com/vulnerabilities/6897
XF:teamware-ldap-protos-bo(6897)
CVE-2001-1317
Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2002-05-09
CVE-2001-1317
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/688960
CERT-VN:VU#688960
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.kb.cert.org/vuls/id/JPLA-4WESNA
CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNA
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
CVE-2001-1318
Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2002-05-09
CVE-2001-1318
http://www.securityfocus.com/bid/3043
BID:3043
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/717380
CERT-VN:VU#717380
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.kb.cert.org/vuls/id/JPLA-4WESNA
CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNA
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
CVE-2001-1319
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2017-12-18
CVE-2001-1319
http://www.securityfocus.com/bid/3045
BID:3045
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/763400
CERT-VN:VU#763400
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.kb.cert.org/vuls/id/CFCN-4YAQC7
CONFIRM:http://www.kb.cert.org/vuls/id/CFCN-4YAQC7
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
https://exchange.xforce.ibmcloud.com/vulnerabilities/6899
XF:exchange-ldap-protos-dos(6899)
CVE-2001-1320
Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2017-12-18
CVE-2001-1320
http://www.securityfocus.com/bid/3046
BID:3046
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/765256
CERT-VN:VU#765256
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.kb.cert.org/vuls/id/JPLA-4WESNK
CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNK
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
https://exchange.xforce.ibmcloud.com/vulnerabilities/6900
XF:pgp-keyserver-ldap-bo(6900)
CVE-2001-1321
Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.
2002-05-03
2002-05-09
CVE-2001-1321
http://www.cert.org/advisories/CA-2001-18.html
CERT:CA-2001-18
http://www.kb.cert.org/vuls/id/869184
CERT-VN:VU#869184
http://ciac.llnl.gov/ciac/bulletins/l-116.shtml
CIAC:L-116
http://www.kb.cert.org/vuls/id/JPLA-4WESNV
CONFIRM:http://www.kb.cert.org/vuls/id/JPLA-4WESNV
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/
CVE-2001-1322
xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.
2002-06-25
2002-05-09
CVE-2001-1322
http://www.securityfocus.com/bid/2826
BID:2826
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404
CONECTIVA:CLA-2001:404
http://www.debian.org/security/2001/dsa-063
DEBIAN:DSA-063
http://www.linuxsecurity.com/advisories/other_advisory-1469.html
ENGARDE:ESA-20010621-01
FREEBSD:FreeBSD-SA-01:47
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01
IMMUNIX:IMNX-2001-70-024-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-055.php3
MANDRAKE:MDKSA-2001:055
http://www.redhat.com/support/errata/RHSA-2001-075.html
REDHAT:RHSA-2001:075
SUSE:SuSE-SA:2001:022
http://www.iss.net/security_center/static/6657.php
XF:xinetd-insecure-permissions(6657)
CVE-2001-1323
Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.
2002-05-03
2016-10-17
CVE-2001-1323
http://marc.info/?l=bugtraq&m=98826223517788&w=2
BUGTRAQ:20010426 Security advisory: krb5 ftpd buffer overflows
http://web.mit.edu/kerberos/www/advisories/ftpbuf.txt
CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftpbuf.txt
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-022-01
IMMUNIX:IMNX-2001-70-022-01
http://www.redhat.com/support/errata/RHSA-2001-060.html
REDHAT:RHSA-2001:060
CVE-2001-1324
cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.
2002-05-03
2005-05-25
CVE-2001-1324
http://www.securityfocus.com/bid/2934
BID:2934
http://multivac.cwru.edu/idtools/admin_idtools.tar.bz2
CONFIRM:http://multivac.cwru.edu/idtools/admin_idtools.tar.bz2
http://securitytracker.com/id?1001839
SECTRACK:1001839
CVE-2001-1325
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
2002-05-03
2017-12-18
CVE-2001-1325
http://www.securityfocus.com/bid/2633
BID:2633
http://www.securityfocus.com/archive/1/3AE02004.57FDF958@guninski.com
BUGTRAQ:20010420 XML scripting in IE, Outlook Express
https://exchange.xforce.ibmcloud.com/vulnerabilities/6448
XF:ie-xml-stylesheets-scripting(6448)
CVE-2001-1326
Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the form and access embedded attachments.
2002-05-03
2002-05-09
CVE-2001-1326
http://www.securityfocus.com/bid/2796
BID:2796
http://www.securityfocus.com/archive/1/187128
BUGTRAQ:20010528 feeble.hey!dora.exploit part.II
CVE-2001-1327
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake.
2003-04-02
2003-03-17
CVE-2001-1327
http://www.turbolinux.com/pipermail/tl-security-announce/2001-May/000313.html
TURBO:TLSA2001024
http://www.iss.net/security_center/static/9988.php
XF:pmake-binary-gain-privileges(9988)
CVE-2001-1328
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.
2004-09-01
2002-05-09
CVE-2001-1328
ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2001.03
AUSCERT:AA-2001.03
http://www.ciac.org/ciac/bulletins/l-103.shtml
CIAC:L-103
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1844
OVAL:oval:org.mitre.oval:def:1844
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/203
SUN:00203
https://exchange.xforce.ibmcloud.com/vulnerabilities/6828
XF:solaris-ypbind-bo(6828)
CVE-2001-1329
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
2002-05-03
2017-04-28
CVE-2001-1329
http://archives.neohapsis.com/archives/bugtraq/2001-06/0133.html
BUGTRAQ:20010611 rsh bufferoverflow on AIX 4.2
CVE-2001-1330
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
2002-05-03
2002-05-09
CVE-2001-1330
http://archives.neohapsis.com/archives/bugtraq/2001-06/0133.html
BUGTRAQ:20010611 rsh bufferoverflow on AIX 4.2
CVE-2001-1331
mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks.
2002-05-03
2002-05-09
CVE-2001-1331
http://www.securityfocus.com/bid/2720
BID:2720
http://online.securityfocus.com/advisories/3307
CONFIRM:http://online.securityfocus.com/advisories/3307
http://www.debian.org/security/2001/dsa-056
DEBIAN:DSA-056
CVE-2001-1332
Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
2002-05-03
2002-05-09
CVE-2001-1332
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000384
CONECTIVA:CLA-2001:384
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000386
CONECTIVA:CLA-2001:386
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-048.php3
MANDRAKE:MDKSA-2001:048
http://lists2.suse.com/archive/suse-security-announce/2001-Mar/0000.html
SUSE:SuSE-SA:2002:005
CVE-2001-1333
Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
2002-05-03
2002-05-09
CVE-2001-1333
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000384
CONECTIVA:CLA-2001:384
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000386
CONECTIVA:CLA-2001:386
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-048.php3
MANDRAKE:MDKSA-2001:048
http://lists2.suse.com/archive/suse-security-announce/2001-Mar/0000.html
SUSE:SuSE-SA:2002:005
CVE-2001-1334
Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.
2003-04-02
2003-03-17
CVE-2001-1334
http://www.securityfocus.com/bid/2724
BID:2724
http://archives.neohapsis.com/archives/bugtraq/2001-05/0126.html
BUGTRAQ:20010515 PHPSlash : potential vulnerability in URL blocks
http://marc.info/?l=phpslash&m=99029398904419&w=2
CONFIRM:http://marc.info/?l=phpslash&m=99029398904419&w=2
http://www.iss.net/security_center/static/9990.php
XF:phpslash-block-read-files(9990)
CVE-2001-1335
Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a ...%5c (modified dot dot).
2002-05-03
2002-05-09
CVE-2001-1335
http://www.securityfocus.com/bid/2786
BID:2786
http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html
BUGTRAQ:20010527 CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption
http://www.iss.net/security_center/static/6606.php
XF:cesarftp-directory-traversal(6606)
CVE-2001-1336
CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.
2002-05-03
2002-05-09
CVE-2001-1336
http://www.securityfocus.com/bid/2785
BID:2785
http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html
BUGTRAQ:20010527 CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption
http://www.iss.net/security_center/static/6608.php
XF:cesarftp-settings-plaintext-password(6608)
CVE-2001-1337
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request.
2002-05-03
2002-05-09
CVE-2001-1337
http://www.securityfocus.com/bid/2774
BID:2774
http://www.securityfocus.com/archive/1/186418
BUGTRAQ:20010524 IPC@Chip Security
http://www.iss.net/security_center/static/6594.php
XF:ipcchip-http-dos(6594)
CVE-2001-1338
Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system.
2002-05-03
2002-05-09
CVE-2001-1338
http://www.securityfocus.com/bid/2773
BID:2773
http://www.securityfocus.com/archive/1/186418
BUGTRAQ:20010524 IPC@Chip Security
http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00010.html
BUGTRAQ:20010602 IPC@Chip - Fixes
http://www.kb.cert.org/vuls/id/198979
CERT-VN:VU#198979
http://www.iss.net/security_center/static/6595.php
XF:ipcchip-telnet-verify-account(6595)
CVE-2001-1339
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks.
2002-05-03
2005-03-22
CVE-2001-1339
http://www.securityfocus.com/bid/2771
BID:2771
http://www.securityfocus.com/archive/1/186418
BUGTRAQ:20010524 IPC@Chip Security
http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00010.html
BUGTRAQ:20010602 IPC@Chip - Fixes
http://www.kb.cert.org/vuls/id/198979
CERT-VN:VU#198979
http://www.iss.net/security_center/static/6605.php
XF:ipcchip-telnet-bruteforce-passwords(6605)
CVE-2001-1340
Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service.
2002-05-03
2002-05-09
CVE-2001-1340
http://www.securityfocus.com/bid/2772
BID:2772
http://www.securityfocus.com/archive/1/186418
BUGTRAQ:20010524 IPC@Chip Security
http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00010.html
BUGTRAQ:20010602 IPC@Chip - Fixes
http://www.kb.cert.org/vuls/id/756019
CERT-VN:VU#756019
http://www.iss.net/security_center/static/6596.php
XF:ipcchip-telnet-admin-lockout(6596)
CVE-2001-1341
The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program.
2002-05-03
2002-05-09
CVE-2001-1341
http://www.securityfocus.com/bid/2767
BID:2767
http://www.securityfocus.com/archive/1/186418
BUGTRAQ:20010524 IPC@Chip Security
http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00010.html
BUGTRAQ:20010602 IPC@Chip - Fixes
http://www.kb.cert.org/vuls/id/574739
CERT-VN:VU#574739
http://www.iss.net/security_center/static/6600.php
XF:ipcchip-chipcfg-gain-information(6600)
CVE-2001-1342
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
2002-06-25
2021-06-06
CVE-2001-1342
http://www.securityfocus.com/bid/2740
BID:2740
http://online.securityfocus.com/archive/1/176144
BUGTRAQ:20010412 Apache Win32 8192 chars string bug
http://marc.info/?l=bugtraq&m=99054258728748&w=2
BUGTRAQ:20010522 [Announce] Apache 1.3.20 Released
http://bugs.apache.org/index.cgi/full/7522
CONFIRM:http://bugs.apache.org/index.cgi/full/7522
http://www.apacheweek.com/issues/01-05-25
CONFIRM:http://www.apacheweek.com/issues/01-05-25
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
http://www.iss.net/security_center/static/6527.php
XF:apache-server-dos(6527)
CVE-2001-1343
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.
2002-05-03
2017-12-18
CVE-2001-1343
http://www.securityfocus.com/bid/2861
BID:2861
http://archives.neohapsis.com/archives/bugtraq/2001-06/0142.html
BUGTRAQ:20010612 bug
https://exchange.xforce.ibmcloud.com/vulnerabilities/6685
XF:webstore-cgi-command-execution(6685)
CVE-2001-1344
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot).
2002-05-03
2017-12-18
CVE-2001-1344
http://www.securityfocus.com/bid/2860
BID:2860
http://archives.neohapsis.com/archives/bugtraq/2001-06/0142.html
BUGTRAQ:20010612 bug
https://exchange.xforce.ibmcloud.com/vulnerabilities/6685
XF:webstore-cgi-command-execution(6685)
CVE-2001-1345
bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a Trojan horse program.
2002-06-25
2002-05-09
CVE-2001-1345
http://www.securityfocus.com/bid/2820
BID:2820
http://archives.neohapsis.com/archives/bugtraq/2001-06/0005.html
BUGTRAQ:20010604 Fatal flaw in BestCrypt <= v0.7 (Linux)
http://www.jetico.com/index.htm#/linux.htm
CONFIRM:http://www.jetico.com/index.htm#/linux.htm
https://exchange.xforce.ibmcloud.com/vulnerabilities/6648
XF:bestcrypt-bctool-gain-privileges(6648)
CVE-2001-1346
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
2002-05-03
2002-05-09
CVE-2001-1346
http://www.securityfocus.com/bid/2741
BID:2741
http://www.securityfocus.com/bid/2748
BID:2748
http://archives.neohapsis.com/archives/bugtraq/2001-05/0184.html
BUGTRAQ:20010518 tmp-races in ARCservIT Unix Client
CVE-2001-1347
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
2004-09-01
2002-05-09
CVE-2001-1347
http://www.securityfocus.com/bid/2764
BID:2764
http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html
BUGTRAQ:20010524 Elevation of privileges with debug registers on Win2K
http://www.iss.net/security_center/static/6590.php
XF:win2k-debug-elevate-privileges(6590)
CVE-2001-1348
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.
2002-05-03
2002-05-09
CVE-2001-1348
http://www.securityfocus.com/bid/2791
BID:2791
http://archives.neohapsis.com/archives/bugtraq/2001-05/0260.html
BUGTRAQ:20010528 TWIG SQL query bugs
http://twig.screwdriver.net/index.php3
MISC:http://twig.screwdriver.net/index.php3
http://www.iss.net/security_center/static/6619.php
XF:twig-webmail-query-modification(6619)
CVE-2001-1349
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.
2003-04-02
2003-03-17
CVE-2001-1349
http://www.securityfocus.com/bid/2794
BID:2794
http://razor.bindview.com/publish/advisories/adv_sm8120.html
BINDVIEW:20010528 Unsafe Signal Handling in Sendmail
http://www.securityfocus.com/archive/1/187127
BUGTRAQ:20010529 sendmail 8.11.4 and 8.12.0.Beta10 available (fwd)
http://archives.neohapsis.com/archives/sendmail/2001-q2/0001.html
CONFIRM:http://archives.neohapsis.com/archives/sendmail/2001-q2/0001.html
http://rhn.redhat.com/errata/RHSA-2001-106.html
REDHAT:RHSA-2001:106
http://www.iss.net/security_center/static/6633.php
XF:sendmail-signal-handling(6633)
CVE-2001-1350
Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter.
2004-09-01
2004-07-24
CVE-2001-1350
http://search.namazu.org/ml/namazu-devel-ja/msg02114.html
MISC:http://search.namazu.org/ml/namazu-devel-ja/msg02114.html
http://marc.info/?l=bugtraq&w=2&r=1&s=namazu&q=b
REDHAT:RHSA-2001:162
CVE-2001-1351
Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers.
2004-09-01
2004-08-17
CVE-2001-1351
http://www.osvdb.org/5690
OSVDB:5690
http://marc.info/?l=bugtraq&w=2&r=1&s=namazu&q=b
REDHAT:RHSA-2001:162
https://exchange.xforce.ibmcloud.com/vulnerabilities/7875
XF:linux-namazu-css(7875)
CVE-2001-1352
Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter.
2004-09-01
2004-08-17
CVE-2001-1352
http://marc.info/?l=bugtraq&m=100947261916155&w=2
BUGTRAQ:20011227 Re: [RHSA-2001:162-04] Updated namazu packages are available
http://marc.info/?l=bugtraq&m=101068116016472&w=2
BUGTRAQ:20020109 Details on the updated namazu packages that are available
http://www.osvdb.org/5691
OSVDB:5691
http://marc.info/?l=bugtraq&m=101060476404565&w=2
REDHAT:RHSA-2001:179
https://exchange.xforce.ibmcloud.com/vulnerabilities/7875
XF:linux-namazu-css(7875)
CVE-2001-1353
ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.
2002-06-05
2016-10-17
CVE-2001-1353
http://archives.neohapsis.com/archives/hp/2001-q4/0069.html
HP:HPSBUX0112-009
http://marc.info/?l=lprng&m=100083210910857&w=2
MISC:http://marc.info/?l=lprng&m=100083210910857&w=2
http://rhn.redhat.com/errata/RHSA-2001-112.html
REDHAT:RHSA-2001:112
http://www.redhat.com/support/errata/RHSA-2001-138.html
REDHAT:RHSA-2001:138
CVE-2001-1354
NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password.
2002-06-11
2017-12-18
CVE-2001-1354
http://www.securityfocus.com/bid/3075
BID:3075
http://online.securityfocus.com/archive/1/198293
BUGTRAQ:20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows
https://exchange.xforce.ibmcloud.com/vulnerabilities/6866
XF:netwin-nwauth-weak-encryption(6866)
CVE-2001-1355
Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and earlier, as implemented in DMail, SurgeFTP, and possibly other packages, could allow attackers to execute arbitrary code via long arguments to (1) the -del command or (2) the -lookup command.
2002-06-11
2017-12-18
CVE-2001-1355
http://www.securityfocus.com/bid/3077
BID:3077
http://online.securityfocus.com/archive/1/198293
BUGTRAQ:20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows
https://exchange.xforce.ibmcloud.com/vulnerabilities/6865
XF:netwin-nwauth-bo(6865)
CVE-2001-1356
NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak hashing, a fixed salt value and modulo 40 calculations, which allows remote attackers to conduct brute force password guessing attacks against the administrator account on port 7021.
2002-06-11
2002-06-15
CVE-2001-1356
http://www.securityfocus.com/bid/3157
BID:3157
http://online.securityfocus.com/archive/1/201951
BUGTRAQ:20010804 SurgeFTP admin account bruteforcable
http://www.iss.net/security_center/static/6961.php
XF:surgeftp-weak-password-encryption(6961)
CVE-2001-1357
Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) input.php3, (2) handle_inputH.php3, or (3) index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables.
2002-06-11
2002-06-15
CVE-2001-1357
http://www.phpheaven.net/projects/phpMyChat/changes.php3
CONFIRM:http://www.phpheaven.net/projects/phpMyChat/changes.php3
CVE-2001-1358
Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly remote attackers to gain privileges by specifying an alternate library file in the L (localization) parameter.
2002-06-11
2002-06-15
CVE-2001-1358
http://www.phpheaven.net/projects/phpMyChat/changes.php3
CONFIRM:http://www.phpheaven.net/projects/phpMyChat/changes.php3
CVE-2001-1359
Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server.
2003-04-02
2002-06-15
CVE-2001-1359
http://www.securityfocus.com/bid/2850
BID:2850
http://www.caldera.com/support/security/advisories/CSSA-2001-021.0.txt
CALDERA:CSSA-2001-021.0
https://exchange.xforce.ibmcloud.com/vulnerabilities/6672
XF:volution-authentication-failure-access(6672)
CVE-2001-1360
Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related to pnm and saned.
2002-06-11
2002-06-15
CVE-2001-1360
ftp://ftp.mostang.com/pub/sane/sane-1.0.8/sane-backends-1.0.8.tar.gz
CONFIRM:ftp://ftp.mostang.com/pub/sane/sane-1.0.8/sane-backends-1.0.8.tar.gz
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html
VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
CVE-2001-1361
Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links.
2002-06-11
2002-06-15
CVE-2001-1361
http://twig.screwdriver.net/file.php3?file=CHANGELOG
CONFIRM:http://twig.screwdriver.net/file.php3?file=CHANGELOG
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html
VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
CVE-2001-1362
Vulnerability in the server for nPULSE before 0.53p4.
2002-06-11
2002-06-15
CVE-2001-1362
http://freshmeat.net/releases/51981/
CONFIRM:http://freshmeat.net/releases/51981/
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html
VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
CVE-2001-1363
Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges.
2002-06-11
2002-06-15
CVE-2001-1363
http://phpwebsite.appstate.edu/downloads/0.7.9/phpWebSite-en-0.7.9.tar.gz
CONFIRM:http://phpwebsite.appstate.edu/downloads/0.7.9/phpWebSite-en-0.7.9.tar.gz
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html
VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
CVE-2001-1364
Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain names that are not fully qualified.
2002-06-11
2002-06-15
CVE-2001-1364
ftp://ftp.earth.li/pub/projectpurple/autodns-0.0.4.tar.gz
CONFIRM:ftp://ftp.earth.li/pub/projectpurple/autodns-0.0.4.tar.gz
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html
VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
CVE-2001-1365
Vulnerability in IntraGnat before 1.4.
2002-06-11
2002-06-15
CVE-2001-1365
http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0011.html
CONFIRM:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0011.html
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html
VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
CVE-2001-1366
netscript before 1.6.3 parses dynamic variables, which could allow remote attackers to alter program behavior or obtain sensitive information.
2002-06-11
2002-06-15
CVE-2001-1366
http://netscript.sourceforge.net/netscript-1.6.2.tgz
CONFIRM:http://netscript.sourceforge.net/netscript-1.6.2.tgz
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html
VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
CVE-2001-1367
The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.
2004-09-01
2004-07-24
CVE-2001-1367
http://phpslice.org/comments.php?aid=1031&
CONFIRM:http://phpslice.org/comments.php?aid=1031&
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html
VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
https://exchange.xforce.ibmcloud.com/vulnerabilities/9649
XF:phpslice-checkaccess-function-privileges(9649)
CVE-2001-1368
Vulnerability in iPlanet Web Server 4 included in Virtualvault Operating System (VVOS) 4.0 running HP-UX 11.04 could allow attackers to corrupt data.
2002-06-11
2017-12-18
CVE-2001-1368
http://archives.neohapsis.com/archives/hp/2001-q2/0059.html
HP:HPSBUX0106-152
https://exchange.xforce.ibmcloud.com/vulnerabilities/6697
XF:hp-virtualvault-iws-corrupt-data(6697)
CVE-2001-1369
Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.
2003-04-02
2002-06-15
CVE-2001-1369
http://www.securityfocus.com/bid/3319
BID:3319
ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:14.pam-pgsql.asc
FREEBSD:FreeBSD-SA-02:14
http://www.iss.net/security_center/static/7110.php
XF:postgresql-pam-authentication-module(7110)
CVE-2001-1370
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
2003-04-02
2002-06-15
CVE-2001-1370
http://www.securityfocus.com/bid/3079
BID:3079
http://online.securityfocus.com/archive/1/198495
BUGTRAQ:20010721 IMP 2.2.6 (SECURITY) released
http://www.securityfocus.com/archive/1/198768
BUGTRAQ:20010722 [SEC] Hole in PHPLib 7.2 prepend.php3
http://marc.info/?l=bugtraq&m=99616122712122&w=2
BUGTRAQ:20010726 TSLSA-2001-0014 - PHPLib
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-027.0.txt
CALDERA:CSSA-2001-027.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
CONECTIVA:CLA-2001:410
http://www.debian.org/security/2001/dsa-073
DEBIAN:DSA-073
http://www.iss.net/security_center/static/6892.php
XF:phplib-script-execution(6892)
CVE-2001-1371
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.
2003-04-02
2003-03-17
CVE-2001-1371
http://www.securityfocus.com/bid/4289
BID:4289
http://marc.info/?l=bugtraq&m=101301813117562&w=2
BUGTRAQ:20020206 Hackproofing Oracle Application Server paper
http://www.cert.org/advisories/CA-2002-08.html
CERT:CA-2002-08
http://www.kb.cert.org/vuls/id/736923
CERT-VN:VU#736923
http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf
CONFIRM:http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf
http://www.nextgenss.com/papers/hpoas.pdf
MISC:http://www.nextgenss.com/papers/hpoas.pdf
http://www.iss.net/security_center/static/8449.php
XF:oracle-appserver-soap-components(8449)
CVE-2001-1372
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.
2003-04-02
2002-06-15
CVE-2001-1372
http://www.securityfocus.com/bid/3341
BID:3341
http://marc.info/?l=bugtraq&m=100074087824021&w=2
BUGTRAQ:20010917 Yet another path disclosure vulnerability
http://marc.info/?l=bugtraq&m=100119633925473&w=2
BUGTRAQ:20010921 Response to "Path disclosure vulnerability in Oracle 9i and 8i
http://www.cert.org/advisories/CA-2002-08.html
CERT:CA-2002-08
http://www.kb.cert.org/vuls/id/278971
CERT-VN:VU#278971
http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf
CONFIRM:http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf
http://www.nii.co.in/research.html
MISC:http://www.nii.co.in/research.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7135
XF:oracle-jsp-reveal-path(7135)
CVE-2001-1373
MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments.
2003-04-02
2002-06-15
CVE-2001-1373
http://www.securityfocus.com/bid/3055
BID:3055
http://www.securityfocus.com/archive/1/197681
BUGTRAQ:20010718 ZoneAlarm Pro
http://www.zonelabs.com/products/zap/rel_history.html#2.6.362
CONFIRM:http://www.zonelabs.com/products/zap/rel_history.html#2.6.362
https://exchange.xforce.ibmcloud.com/vulnerabilities/6877
XF:zonealarm-bypass-mailsafe(6877)
CVE-2001-1374
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
2003-04-02
2003-03-17
CVE-2001-1374
http://www.securityfocus.com/bid/3074
BID:3074
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409
CONECTIVA:CLA-2001:409
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187
CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224
CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:060
MANDRAKE:MDKSA-2002:060
http://www.redhat.com/support/errata/RHSA-2002-148.html
REDHAT:RHSA-2002:148
https://exchange.xforce.ibmcloud.com/vulnerabilities/6870
XF:expect-insecure-library-search(6870)
CVE-2001-1375
tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory.
2003-04-02
2003-03-17
CVE-2001-1375
http://www.securityfocus.com/bid/3073
BID:3073
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409
CONECTIVA:CLA-2001:409
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28226
CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28226
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:060
MANDRAKE:MDKSA-2002:060
http://www.redhat.com/support/errata/RHSA-2002-148.html
REDHAT:RHSA-2002:148
http://www.iss.net/security_center/static/6869.php
XF:tcltk-insecure-library-search(6869)
CVE-2001-1376
Buffer overflow in digest calculation function of multiple RADIUS implementations allows remote attackers to cause a denial of service and possibly execute arbitrary code via shared secret data.
2002-06-11
2017-07-10
CVE-2001-1376
http://www.securityfocus.com/bid/3530
BID:3530
http://online.securityfocus.com/archive/1/239784
BUGTRAQ:20011113 More problems with RADIUS (protocol and implementations)
http://marc.info/?l=bugtraq&m=101537153021792&w=2
BUGTRAQ:20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations
http://www.cert.org/advisories/CA-2002-06.html
CERT:CA-2002-06
http://www.kb.cert.org/vuls/id/589523
CERT-VN:VU#589523
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466
CONECTIVA:CLA-2002:466
http://www.redhat.com/support/errata/RHSA-2002-030.html
REDHAT:RHSA-2002:030
http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html
SUSE:SuSE-SA:2002:013
https://exchange.xforce.ibmcloud.com/vulnerabilities/7534
XF:radius-message-digest-bo(7534)
CVE-2001-1377
Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.
2002-06-11
2016-10-17
CVE-2001-1377
http://www.securityfocus.com/bid/4230
BID:4230
http://marc.info/?l=bugtraq&m=101537153021792&w=2
BUGTRAQ:20020305 SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations
http://www.cert.org/advisories/CA-2002-06.html
CERT:CA-2002-06
http://www.kb.cert.org/vuls/id/936683
CERT-VN:VU#936683
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000466
CONECTIVA:CLA-2002:466
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc
FREEBSD:FreeBSD-SN-02:02
http://www.redhat.com/support/errata/RHSA-2002-030.html
REDHAT:RHSA-2002:030
http://archives.neohapsis.com/archives/linux/suse/2002-q2/0362.html
SUSE:SuSE-SA:2002:013
http://www.iss.net/security_center/static/8354.php
XF:radius-vendor-attribute-dos(8354)
CVE-2001-1378
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
2003-04-02
2002-07-26
CVE-2001-1378
http://lists.ccil.org/pipermail/fetchmail-announce/2001-March/000015.html
MISC:http://lists.ccil.org/pipermail/fetchmail-announce/2001-March/000015.html
http://www.redhat.com/support/errata/RHSA-2001-103.html
REDHAT:RHSA-2001:103
CVE-2001-1379
The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.
2002-07-26
2017-07-10
CVE-2001-1379
http://www.securityfocus.com/bid/3251
BID:3251
http://www.securityfocus.com/bid/3253
BID:3253
http://marc.info/?l=bugtraq&m=99911895901812&w=2
BUGTRAQ:20010829 RUS-CERT Advisory 2001-08:01
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000427
CONECTIVA:CLA-2001:427
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:03.mod_auth_pgsql.asc
FREEBSD:FreeBSD-SA-02:03
http://rhn.redhat.com/errata/RHSA-2001-124.html
REDHAT:RHSA-2001:124
http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0040.html
VULNWATCH:20010829 [VulnWatch] RUS-CERT Advisory 2001-08:01
http://www.iss.net/security_center/static/7054.php
XF:apache-postgresql-authentication-module(7054)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7059
XF:apache-postgresqlsys-authentication-module(7059)
CVE-2001-1380
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
2003-04-02
2002-07-31
CVE-2001-1380
http://www.securityfocus.com/bid/3369
BID:3369
http://marc.info/?l=bugtraq&m=100154541809940&w=2
BUGTRAQ:20010926 OpenSSH Security Advisory (adv.option)
BUGTRAQ:20011017 TSLSA-2001-0023 - OpenSSH
BUGTRAQ:20011018 Immunix OS update for OpenSSH
BUGTRAQ:20011019 TSLSA-2001-0026 - OpenSSH
http://www.kb.cert.org/vuls/id/905795
CERT-VN:VU#905795
http://www.ciac.org/ciac/bulletins/m-010.shtml
CIAC:M-010
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431
CONECTIVA:CLSA-2001:431
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01
IMMUNIX:IMNX-2001-70-034-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.php
MANDRAKE:MDKSA-2001:081
http://www.osvdb.org/642
OSVDB:642
http://rhn.redhat.com/errata/RHSA-2001-114.html
REDHAT:RHSA-2001:114
https://exchange.xforce.ibmcloud.com/vulnerabilities/7179
XF:openssh-access-control-bypass(7179)
CVE-2001-1382
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
2003-04-02
2002-07-31
CVE-2001-1382
http://www.openwall.com/Owl/CHANGES-stable.shtml
CONFIRM:http://www.openwall.com/Owl/CHANGES-stable.shtml
http://www.osvdb.org/5408
OSVDB:5408
CVE-2001-1383
initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.
2003-04-02
2002-07-31
CVE-2001-1383
http://www.securityfocus.com/bid/3367
BID:3367
http://rhn.redhat.com/errata/RHSA-2001-110.html
REDHAT:RHSA-2001:110
http://www.iss.net/security_center/static/7177.php
XF:linux-setserial-initscript-symlink(7177)
CVE-2001-1384
ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows local users to gain root privileges by running ptrace on a setuid or setgid program that itself calls an unprivileged program, such as newgrp.
2002-07-31
2016-10-17
CVE-2001-1384
http://www.securityfocus.com/bid/3447
BID:3447
http://marc.info/?l=bugtraq&m=100343090106914&w=2
BUGTRAQ:20011018 Flaws in recent Linux kernels
http://marc.info/?l=bugtraq&m=100350685431610&w=2
BUGTRAQ:20011019 TSLSA-2001-0028
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt
CALDERA:CSSA-2001-036.0
http://www.linuxsecurity.com/advisories/other_advisory-1650.html
ENGARDE:ESA-20011019-02
http://online.securityfocus.com/advisories/3713
HP:HPSBTL0112-003
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01
IMMUNIX:IMNX-2001-70-035-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-079.php3
MANDRAKE:MDKSA-2001:079
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3
MANDRAKE:MDKSA-2001:082
http://www.redhat.com/support/errata/RHSA-2001-129.html
REDHAT:RHSA-2001:129
http://www.redhat.com/support/errata/RHSA-2001-130.html
REDHAT:RHSA-2001:130
http://www.novell.com/linux/security/advisories/2001_036_kernel_txt.html
SUSE:SuSE-SA:2001:036
http://www.iss.net/security_center/static/7311.php
XF:linux-ptrace-race-condition(7311)
CVE-2001-1385
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
2003-04-02
2002-08-31
CVE-2001-1385
http://www.securityfocus.com/bid/2205
BID:2205
http://marc.info/?l=bugtraq&m=97957961212852
BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373
CONECTIVA:CLA-2001:373
http://www.debian.org/security/2001/dsa-020
DEBIAN:DSA-020
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
MANDRAKE:MDKSA-2001:013
http://www.redhat.com/support/errata/RHSA-2000-136.html
REDHAT:RHSA-2000:136
http://www.iss.net/security_center/static/5939.php
XF:php-view-source-code(5939)
CVE-2001-1386
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.
2004-09-01
2002-09-10
CVE-2001-1386
http://www.securityfocus.com/bid/2957
BID:2957
http://www.securityfocus.com/archive/1/194442
BUGTRAQ:20010701 WFTPD v3.00 R5 Directory Traversal
https://exchange.xforce.ibmcloud.com/vulnerabilities/6760
XF:ftp-lnk-directory-traversal(6760)
CVE-2001-1387
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.
2002-08-31
2002-09-10
CVE-2001-1387
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=50500
CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=50500
http://rhn.redhat.com/errata/RHSA-2001-144.html
REDHAT:RHSA-2001:144
CVE-2001-1388
iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator.
2002-08-31
2002-09-10
CVE-2001-1388
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=53325
CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=53325
http://rhn.redhat.com/errata/RHSA-2001-144.html
REDHAT:RHSA-2001:144
CVE-2001-1389
Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination.
2002-08-31
2016-10-17
CVE-2001-1389
http://www.securityfocus.com/bid/3257
BID:3257
http://marc.info/?l=bugtraq&m=99913751525583&w=2
BUGTRAQ:20010830 xinetd 2.3.0 audit status
CONECTIVA:CLA-2001:416
ENGARDE:ESA-20011019-03
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-033-01
IMMUNIX:IMNX-2001-70-033-01
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-076.php3
MANDRAKE:MDKSA-2001:076
http://rhn.redhat.com/errata/RHSA-2001-109.html
REDHAT:RHSA-2001:109
CVE-2001-1390
Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages.
2002-08-31
2016-12-06
CVE-2001-1390
http://marc.info/?l=bugtraq&m=98653252326445&w=2
BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
http://marc.info/?l=bugtraq&m=98684172109474&w=2
BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
http://marc.info/?l=bugtraq&m=98637996127004&w=2
CALDERA:CSSA-2001-012.0
http://marc.info/?l=bugtraq&m=98775114228203&w=2
CONECTIVA:CLA-2001:394
http://www.linux.org.uk/VERSION/relnotes.2219.html
CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
https://www.debian.org/security/2001/dsa-047
DEBIAN:DSA-047
http://marc.info/?l=bugtraq&m=98575345009963&w=2
IMMUNIX:IMNX-2001-70-010-01
http://marc.info/?l=bugtraq&m=98759029811377&w=2
MANDRAKE:MDKSA-2001:037
http://www.redhat.com/support/errata/RHSA-2001-047.html
REDHAT:RHSA-2001:047
http://marc.info/?l=bugtraq&m=99013830726309&w=2
SUSE:SuSE-SA:2001:18
CVE-2001-1391
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.
2004-09-01
2004-07-24
CVE-2001-1391
http://marc.info/?l=bugtraq&m=98653252326445&w=2
BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
http://marc.info/?l=bugtraq&m=98684172109474&w=2
BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
http://marc.info/?l=bugtraq&m=98637996127004&w=2
CALDERA:CSSA-2001-012.0
http://marc.info/?l=bugtraq&m=98775114228203&w=2
CONECTIVA:CLA-2001:394
http://www.linux.org.uk/VERSION/relnotes.2219.html
CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
https://www.debian.org/security/2001/dsa-047
DEBIAN:DSA-047
http://marc.info/?l=bugtraq&m=98575345009963&w=2
IMMUNIX:IMNX-2001-70-010-01
http://marc.info/?l=bugtraq&m=98759029811377&w=2
MANDRAKE:MDKSA-2001:037
http://www.redhat.com/support/errata/RHSA-2001-047.html
REDHAT:RHSA-2001:047
http://marc.info/?l=bugtraq&m=99013830726309&w=2
SUSE:SuSE-SA:2001:018
https://exchange.xforce.ibmcloud.com/vulnerabilities/11162
XF:linux-cpia-memory-overwrite(11162)
CVE-2001-1392
The Linux kernel before 2.2.19 does not have unregister calls for (1) CPUID and (2) MSR drivers, which could cause a DoS (crash) by unloading and reloading the drivers.
2002-08-31
2016-12-06
CVE-2001-1392
http://marc.info/?l=bugtraq&m=98653252326445&w=2
BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
http://marc.info/?l=bugtraq&m=98684172109474&w=2
BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
http://marc.info/?l=bugtraq&m=98637996127004&w=2
CALDERA:CSSA-2001-012.0
http://marc.info/?l=bugtraq&m=98775114228203&w=2
CONECTIVA:CLA-2001:394
http://www.linux.org.uk/VERSION/relnotes.2219.html
CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
https://www.debian.org/security/2001/dsa-047
DEBIAN:DSA-047
http://marc.info/?l=bugtraq&m=98575345009963&w=2
IMMUNIX:IMNX-2001-70-010-01
http://marc.info/?l=bugtraq&m=98759029811377&w=2
MANDRAKE:MDKSA-2001:037
http://www.redhat.com/support/errata/RHSA-2001-047.html
REDHAT:RHSA-2001:047
http://marc.info/?l=bugtraq&m=99013830726309&w=2
SUSE:SuSE-SA:2001:018
CVE-2001-1393
Unknown vulnerability in classifier code for Linux kernel before 2.2.19 could result in denial of service (hang).
2002-08-31
2016-12-06
CVE-2001-1393
http://marc.info/?l=bugtraq&m=98653252326445&w=2
BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
http://marc.info/?l=bugtraq&m=98684172109474&w=2
BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
http://marc.info/?l=bugtraq&m=98637996127004&w=2
CALDERA:CSSA-2001-012.0
http://marc.info/?l=bugtraq&m=98775114228203&w=2
CONECTIVA:CLA-2001:394
http://www.linux.org.uk/VERSION/relnotes.2219.html
CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
https://www.debian.org/security/2001/dsa-047
DEBIAN:DSA-047
http://marc.info/?l=bugtraq&m=98575345009963&w=2
IMMUNIX:IMNX-2001-70-010-01
http://marc.info/?l=bugtraq&m=98759029811377&w=2
MANDRAKE:MDKSA-2001:037
http://www.redhat.com/support/errata/RHSA-2001-047.html
REDHAT:RHSA-2001:047
http://marc.info/?l=bugtraq&m=99013830726309&w=2
SUSE:SuSE-SA:2001:018
CVE-2001-1394
Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service.
2002-08-31
2016-12-06
CVE-2001-1394
http://marc.info/?l=bugtraq&m=98653252326445&w=2
BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
http://marc.info/?l=bugtraq&m=98684172109474&w=2
BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
http://marc.info/?l=bugtraq&m=98637996127004&w=2
CALDERA:CSSA-2001-012.0
http://marc.info/?l=bugtraq&m=98775114228203&w=2
CONECTIVA:CLA-2001:394
http://www.linux.org.uk/VERSION/relnotes.2219.html
CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
https://www.debian.org/security/2001/dsa-047
DEBIAN:DSA-047
http://marc.info/?l=bugtraq&m=98575345009963&w=2
IMMUNIX:IMNX-2001-70-010-01
http://marc.info/?l=bugtraq&m=98759029811377&w=2
MANDRAKE:MDKSA-2001:037
http://www.redhat.com/support/errata/RHSA-2001-047.html
REDHAT:RHSA-2001:047
http://marc.info/?l=bugtraq&m=99013830726309&w=2
SUSE:SuSE-SA:2001:018
CVE-2001-1395
Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 related to "boundary cases," with unknown impact.
2002-08-31
2016-12-06
CVE-2001-1395
http://marc.info/?l=bugtraq&m=98653252326445&w=2
BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
http://marc.info/?l=bugtraq&m=98684172109474&w=2
BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
http://marc.info/?l=bugtraq&m=98637996127004&w=2
CALDERA:CSSA-2001-012.0
http://marc.info/?l=bugtraq&m=98775114228203&w=2
CONECTIVA:CLA-2001:394
http://www.linux.org.uk/VERSION/relnotes.2219.html
CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
https://www.debian.org/security/2001/dsa-047
DEBIAN:DSA-047
http://marc.info/?l=bugtraq&m=98575345009963&w=2
IMMUNIX:IMNX-2001-70-010-01
http://marc.info/?l=bugtraq&m=98759029811377&w=2
MANDRAKE:MDKSA-2001:037
http://www.redhat.com/support/errata/RHSA-2001-047.html
REDHAT:RHSA-2001:047
http://marc.info/?l=bugtraq&m=99013830726309&w=2
SUSE:SuSE-SA:2001:018
CVE-2001-1396
Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact.
2002-08-31
2016-12-06
CVE-2001-1396
http://marc.info/?l=bugtraq&m=98653252326445&w=2
BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
http://marc.info/?l=bugtraq&m=98684172109474&w=2
BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
http://marc.info/?l=bugtraq&m=98637996127004&w=2
CALDERA:CSSA-2001-012.0
http://marc.info/?l=bugtraq&m=98775114228203&w=2
CONECTIVA:CLA-2001:394
http://www.linux.org.uk/VERSION/relnotes.2219.html
CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
https://www.debian.org/security/2001/dsa-047
DEBIAN:DSA-047
http://marc.info/?l=bugtraq&m=98575345009963&w=2
IMMUNIX:IMNX-2001-70-010-01
http://marc.info/?l=bugtraq&m=98759029811377&w=2
MANDRAKE:MDKSA-2001:037
http://www.redhat.com/support/errata/RHSA-2001-047.html
REDHAT:RHSA-2001:047
http://marc.info/?l=bugtraq&m=99013830726309&w=2
SUSE:SuSE-SA:2001:018
CVE-2001-1397
The System V (SYS5) shared memory implementation for Linux kernel before 2.2.19 could allow attackers to modify recently freed memory.
2002-08-31
2016-12-06
CVE-2001-1397
http://marc.info/?l=bugtraq&m=98653252326445&w=2
BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
http://marc.info/?l=bugtraq&m=98684172109474&w=2
BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
http://marc.info/?l=bugtraq&m=98637996127004&w=2
CALDERA:CSSA-2001-012.0
http://marc.info/?l=bugtraq&m=98775114228203&w=2
CONECTIVA:CLA-2001:394
http://www.linux.org.uk/VERSION/relnotes.2219.html
CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
https://www.debian.org/security/2001/dsa-047
DEBIAN:DSA-047
http://marc.info/?l=bugtraq&m=98575345009963&w=2
IMMUNIX:IMNX-2001-70-010-01
http://marc.info/?l=bugtraq&m=98759029811377&w=2
MANDRAKE:MDKSA-2001:037
http://www.redhat.com/support/errata/RHSA-2001-047.html
REDHAT:RHSA-2001:047
http://marc.info/?l=bugtraq&m=99013830726309&w=2
SUSE:SuSE-SA:2001:018
CVE-2001-1398
Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability.
2002-08-31
2016-12-06
CVE-2001-1398
http://marc.info/?l=bugtraq&m=98653252326445&w=2
BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
http://marc.info/?l=bugtraq&m=98684172109474&w=2
BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
http://marc.info/?l=bugtraq&m=98637996127004&w=2
CALDERA:CSSA-2001-012.0
http://marc.info/?l=bugtraq&m=98775114228203&w=2
CONECTIVA:CLA-2001:394
http://www.linux.org.uk/VERSION/relnotes.2219.html
CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
https://www.debian.org/security/2001/dsa-047
DEBIAN:DSA-047
http://marc.info/?l=bugtraq&m=98575345009963&w=2
IMMUNIX:IMNX-2001-70-010-01
http://marc.info/?l=bugtraq&m=98759029811377&w=2
MANDRAKE:MDKSA-2001:037
http://www.redhat.com/support/errata/RHSA-2001-047.html
REDHAT:RHSA-2001:047
http://marc.info/?l=bugtraq&m=99013830726309&w=2
SUSE:SuSE-SA:2001:018
CVE-2001-1399
Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86."
2002-08-31
2016-12-06
CVE-2001-1399
http://marc.info/?l=bugtraq&m=98653252326445&w=2
BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
http://marc.info/?l=bugtraq&m=98684172109474&w=2
BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
http://marc.info/?l=bugtraq&m=98637996127004&w=2
CALDERA:CSSA-2001-012.0
http://marc.info/?l=bugtraq&m=98775114228203&w=2
CONECTIVA:CLA-2001:394
http://www.linux.org.uk/VERSION/relnotes.2219.html
CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
https://www.debian.org/security/2001/dsa-047
DEBIAN:DSA-047
http://marc.info/?l=bugtraq&m=98575345009963&w=2
IMMUNIX:IMNX-2001-70-010-01
http://marc.info/?l=bugtraq&m=98759029811377&w=2
MANDRAKE:MDKSA-2001:037
http://www.redhat.com/support/errata/RHSA-2001-047.html
REDHAT:RHSA-2001:047
http://marc.info/?l=bugtraq&m=99013830726309&w=2
SUSE:SuSE-SA:2001:018
CVE-2001-1400
Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).
2002-08-31
2016-12-06
CVE-2001-1400
http://marc.info/?l=bugtraq&m=98653252326445&w=2
BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
http://marc.info/?l=bugtraq&m=98684172109474&w=2
BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
http://marc.info/?l=bugtraq&m=98637996127004&w=2
CALDERA:CSSA-2001-012.0
http://marc.info/?l=bugtraq&m=98775114228203&w=2
CONECTIVA:CLA-2001:394
http://www.linux.org.uk/VERSION/relnotes.2219.html
CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
https://www.debian.org/security/2001/dsa-047
DEBIAN:DSA-047
http://marc.info/?l=bugtraq&m=98575345009963&w=2
IMMUNIX:IMNX-2001-70-010-01
http://marc.info/?l=bugtraq&m=98759029811377&w=2
MANDRAKE:MDKSA-2001:037
http://www.redhat.com/support/errata/RHSA-2001-047.html
REDHAT:RHSA-2001:047
http://marc.info/?l=bugtraq&m=99013830726309&w=2
SUSE:SuSE-SA:2001:018
CVE-2001-1401
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
2002-08-31
2016-10-17
CVE-2001-1401
http://marc.info/?l=bugtraq&m=99912899900567
BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
http://bugzilla.mozilla.org/show_bug.cgi?id=39524
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39524
http://bugzilla.mozilla.org/show_bug.cgi?id=39526
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39526
http://bugzilla.mozilla.org/show_bug.cgi?id=39527
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39527
http://bugzilla.mozilla.org/show_bug.cgi?id=39531
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39531
http://bugzilla.mozilla.org/show_bug.cgi?id=39533
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39533
http://bugzilla.mozilla.org/show_bug.cgi?id=70189
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=70189
http://bugzilla.mozilla.org/show_bug.cgi?id=82781
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=82781
http://www.redhat.com/support/errata/RHSA-2001-107.html
REDHAT:RHSA-2001:107
CVE-2001-1402
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.
2002-08-31
2016-10-17
CVE-2001-1402
http://marc.info/?l=bugtraq&m=99912899900567
BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
http://bugzilla.mozilla.org/show_bug.cgi?id=38854
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=38854
http://bugzilla.mozilla.org/show_bug.cgi?id=38855
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=38855
http://bugzilla.mozilla.org/show_bug.cgi?id=38859
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=38859
http://bugzilla.mozilla.org/show_bug.cgi?id=39536
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=39536
http://bugzilla.mozilla.org/show_bug.cgi?id=87701
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=87701
http://bugzilla.mozilla.org/show_bug.cgi?id=95235
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=95235
http://www.redhat.com/support/errata/RHSA-2001-107.html
REDHAT:RHSA-2001:107
CVE-2001-1403
Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
2002-08-31
2016-10-17
CVE-2001-1403
http://marc.info/?l=bugtraq&m=99912899900567
BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
http://bugzilla.mozilla.org/show_bug.cgi?id=15980
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=15980
http://www.redhat.com/support/errata/RHSA-2001-107.html
REDHAT:RHSA-2001:107
CVE-2001-1404
Bugzilla before 2.14 stores user passwords in plaintext and sends password requests in an email message, which could allow attackers to gain privileges.
2002-08-31
2016-10-17
CVE-2001-1404
http://marc.info/?l=bugtraq&m=99912899900567
BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
http://bugzilla.mozilla.org/show_bug.cgi?id=74032
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=74032
http://www.redhat.com/support/errata/RHSA-2001-107.html
REDHAT:RHSA-2001:107
CVE-2001-1405
Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.
2002-08-31
2016-10-17
CVE-2001-1405
http://marc.info/?l=bugtraq&m=99912899900567
BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
http://bugzilla.mozilla.org/show_bug.cgi?id=54556
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=54556
http://www.redhat.com/support/errata/RHSA-2001-107.html
REDHAT:RHSA-2001:107
CVE-2001-1406
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
2003-04-02
2003-03-17
CVE-2001-1406
http://marc.info/?l=bugtraq&m=99912899900567
BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
http://bugzilla.mozilla.org/show_bug.cgi?id=66235
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=66235
http://www.redhat.com/support/errata/RHSA-2001-107.html
REDHAT:RHSA-2001:107
http://www.iss.net/security_center/static/10478.php
XF:bugzilla-processbug-old-restrictions(10478)
CVE-2001-1407
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
2003-04-02
2003-03-17
CVE-2001-1407
http://marc.info/?l=bugtraq&m=99912899900567
BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
http://bugzilla.mozilla.org/show_bug.cgi?id=96085
CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=96085
http://www.redhat.com/support/errata/RHSA-2001-107.html
REDHAT:RHSA-2001:107
http://www.iss.net/security_center/static/10479.php
XF:bugzilla-duplicate-view-restricted(10479)
CVE-2001-1408
Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in Cobalt Qube 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the mailbox parameter.
2002-08-31
2017-12-18
CVE-2001-1408
http://archives.neohapsis.com/archives/bugtraq/2001-07/0092.html
BUGTRAQ:20010705 Cobalt Cube Webmail directory traversal
http://archives.neohapsis.com/archives/bugtraq/2001-08/0245.html
BUGTRAQ:20010818 Cobalt update for my Webmail issue.
https://exchange.xforce.ibmcloud.com/vulnerabilities/6805
XF:cobalt-qube-directory-traversal(6805)
CVE-2001-1409
dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.
2003-06-18
2003-06-28
CVE-2001-1409
http://groups.google.com/groups?selm=20010829121505.A16004%40compusol.com.au
CONFIRM:http://groups.google.com/groups?selm=20010829121505.A16004%40compusol.com.au
http://www.redhat.com/support/errata/RHSA-2003-067.html
REDHAT:RHSA-2003:067
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1017429.1-1
SUNALERT:1017429
http://sunsolve.sun.com/search/document.do?assetkey=1-66-228529-1
SUNALERT:228529
CVE-2001-1410
Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.
2003-07-17
2017-07-10
CVE-2001-1410
http://www.securityfocus.com/bid/3469
BID:3469
http://www.securityfocus.com/archive/1/221883
BUGTRAQ:20011021 Javascript in IE may spoof the whole screen
http://marc.info/?l=bugtraq&m=105820229407274&w=2
BUGTRAQ:20030713 IE chromeless window vulnerabilities
http://marc.info/?l=bugtraq&m=105829174431769&w=2
BUGTRAQ:20030715 Internet Explorer Full-Screen mode threats
http://www.kb.cert.org/vuls/id/490708
CERT-VN:VU#490708
http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie/
MISC:http://www.doxdesk.com/personal/posts/bugtraq/20030713-ie/
http://www.guninski.com/popspoof.html
MISC:http://www.guninski.com/popspoof.html
http://www.systemintegra.com/ie-fullscreen/
MISC:http://www.systemintegra.com/ie-fullscreen/
https://exchange.xforce.ibmcloud.com/vulnerabilities/7313
XF:ie-javascript-spoof-dialog(7313)
CVE-2001-1411
Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs.
2003-10-25
2016-10-17
CVE-2001-1411
http://marc.info/?l=bugtraq&m=100368233714229&w=2
BUGTRAQ:20011020 gm4 format strings on OSX
http://www.kb.cert.org/vuls/id/147587
CERT-VN:VU#147587
http://lists.apple.com/mhonarc/security-announce/msg00038.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
http://www.iss.net/security_center/static/10174.php
XF:macos-gm4-utility-bo(10174)
CVE-2001-1412
nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument.
2003-10-25
2016-10-17
CVE-2001-1412
http://marc.info/?l=bugtraq&m=99953038722104&w=2
BUGTRAQ:20010903 Re: Possible Issue with Netinfo and Mac OS X
http://lists.insecure.org/lists/bugtraq/2002/Sep/0128.html
BUGTRAQ:20020915 nidump on OS X
http://lists.apple.com/mhonarc/security-announce/msg00038.html
CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
http://www.securemac.com/macosxnidump.php
MISC:http://www.securemac.com/macosxnidump.php
http://www.securiteam.com/securityreviews/5QP032A4UU.html
MISC:http://www.securiteam.com/securityreviews/5QP032A4UU.html
http://securitytracker.com/id?1001946
SECTRACK:1001946
CVE-2001-1413
Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument.
2004-10-20
2017-07-10
CVE-2001-1413
http://www.kb.cert.org/vuls/id/176363
CERT-VN:VU#176363
http://security.gentoo.org/glsa/glsa-200410-08.xml
GENTOO:GLSA-200410-08
http://www.redhat.com/support/errata/RHSA-2004-536.html
REDHAT:RHSA-2004:536
http://seclists.org/lists/vuln-dev/2001/Nov/0202.html
VULN-DEV:20010621 New bugs, old bugs
https://exchange.xforce.ibmcloud.com/vulnerabilities/10619
XF:ncompress-filename-bo(10619)
CVE-2001-1414
The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.
2005-02-08
2017-07-10
CVE-2001-1414
http://www.securityfocus.com/bid/7396
BID:7396
http://sunsolve.sun.com/search/document.do?assetkey=1-26-40521-1
SUNALERT:40521
https://exchange.xforce.ibmcloud.com/vulnerabilities/11841
XF:solaris-bsm-no-audit(11841)
CVE-2001-1415
vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes.
2005-03-18
2017-07-10
CVE-2001-1415
http://www.kb.cert.org/vuls/id/191675
CERT-VN:VU#191675
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch
CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/10149
XF:bsd-virecover-delete-files(10149)
CVE-2001-1416
Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the (1) DATA, (2) STYLE, or (3) BINARY tags.
2005-03-20
2021-06-15
CVE-2001-1416
http://www.kb.cert.org/vuls/id/541384
CERT-VN:VU#541384
http://www.kb.cert.org/vuls/id/JARL-56TPBQ
CONFIRM:http://www.kb.cert.org/vuls/id/JARL-56TPBQ
http://www.windowsitpro.com/Articles/Index.cfm?ArticleID=19811&DisplayTab=Article
MISC:http://www.windowsitpro.com/Articles/Index.cfm?ArticleID=19811&DisplayTab=Article
CVE-2001-1417
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual image data.
2005-03-20
2017-07-10
CVE-2001-1417
http://www.securityfocus.com/bid/3408
BID:3408
http://www.securityfocus.com/archive/1/218920
BUGTRAQ:20011006 AIM Exploits
http://www.securityfocus.com/archive/1/247707
BUGTRAQ:20011230 Windows AIM Client Exploits
http://www.kb.cert.org/vuls/id/710347
CERT-VN:VU#710347
http://www.kb.cert.org/vuls/id/JARL-56TQEN
CONFIRM:http://www.kb.cert.org/vuls/id/JARL-56TQEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/7255
XF:aim-large-buddyicon-dos(7255)
CVE-2001-1418
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file.
2005-03-20
2017-07-10
CVE-2001-1418
http://www.securityfocus.com/archive/1/218920
BUGTRAQ:20011006 AIM Exploits
http://www.kb.cert.org/vuls/id/990451
CERT-VN:VU#990451
http://www.kb.cert.org/vuls/id/JARL-569M8X
CONFIRM:http://www.kb.cert.org/vuls/id/JARL-569M8X
https://exchange.xforce.ibmcloud.com/vulnerabilities/10686
XF:aim-wav-file-dos(10686)
CVE-2001-1419
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "<!--" HTML comments.
2005-03-20
2017-07-10
CVE-2001-1419
http://www.securityfocus.com/bid/3398
BID:3398
http://archives.neohapsis.com/archives/bugtraq/2001-10/0014.html
BUGTRAQ:20011002 AIM 0day DoS
http://www.securityfocus.com/archive/1/247707
BUGTRAQ:20011230 Windows AIM Client Exploits
http://www.kb.cert.org/vuls/id/507771
CERT-VN:VU#507771
http://www.kb.cert.org/vuls/id/JARL-56TPTN
CONFIRM:http://www.kb.cert.org/vuls/id/JARL-56TPTN
https://exchange.xforce.ibmcloud.com/vulnerabilities/7233
XF:aim-html-comments-dos(7233)
CVE-2001-1420
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow.
2005-03-20
2017-07-10
CVE-2001-1420
http://www.securityfocus.com/bid/3407
BID:3407
http://www.securityfocus.com/archive/1/218920
BUGTRAQ:20011006 AIM Exploits
http://www.kb.cert.org/vuls/id/972499
CERT-VN:VU#972499
http://www.kb.cert.org/vuls/id/JARL-569MEK
CONFIRM:http://www.kb.cert.org/vuls/id/JARL-569MEK
https://exchange.xforce.ibmcloud.com/vulnerabilities/7254
XF:aim-long-filename-dos(7254)
CVE-2001-1421
AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag.
2005-03-20
2017-07-10
CVE-2001-1421
http://www.securityfocus.com/bid/3756
BID:3756
http://www.securityfocus.com/archive/1/218920
BUGTRAQ:20011006 AIM Exploits
http://www.securityfocus.com/archive/1/247707
BUGTRAQ:20011230 Windows AIM Client Exploits
http://www.kb.cert.org/vuls/id/530299
CERT-VN:VU#530299
http://www.kb.cert.org/vuls/id/JARL-569MD7
CONFIRM:http://www.kb.cert.org/vuls/id/JARL-569MD7
https://exchange.xforce.ibmcloud.com/vulnerabilities/7757
XF:aim-multiple-fonts-dos(7757)
CVE-2001-1422
WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
2005-03-20
2017-07-10
CVE-2001-1422
http://www.securityfocus.com/bid/2275
BID:2275
http://www.kb.cert.org/vuls/id/303080
CERT-VN:VU#303080
http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117
MISC:http://www1.corest.com/common/showdoc.php?idxseccion=10&idx=117
https://exchange.xforce.ibmcloud.com/vulnerabilities/5992
XF:vnc-weak-authentication(5992)
CVE-2001-1423
Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter.
2005-03-20
2017-07-10
CVE-2001-1423
http://www.kb.cert.org/vuls/id/140723
CERT-VN:VU#140723
http://securitytracker.com/id?1002516
SECTRACK:1002516
https://exchange.xforce.ibmcloud.com/vulnerabilities/7861
XF:advancedpoll-php-admin-access(7861)
CVE-2001-1424
Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.
2005-03-22
2017-07-10
CVE-2001-1424
http://www.securityfocus.com/bid/2568
BID:2568
http://www.securityfocus.com/archive/1/175229
BUGTRAQ:20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems
http://www.cert.org/advisories/CA-2001-08.html
CERT:CA-2001-08
http://www.kb.cert.org/vuls/id/212088
CERT-VN:VU#212088
http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html
MISC:http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6335
XF:alcatel-blank-password(6335)
CVE-2001-1425
The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login.
2005-03-22
2017-07-10
CVE-2001-1425
http://www.securityfocus.com/bid/2568
BID:2568
http://www.securityfocus.com/archive/1/175229
BUGTRAQ:20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems
http://www.cert.org/advisories/CA-2001-08.html
CERT:CA-2001-08
http://www.kb.cert.org/vuls/id/243592
CERT-VN:VU#243592
http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html
MISC:http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6354
XF:alcatel-expert-account(6354)
CVE-2001-1426
Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations.
2005-03-22
2017-07-10
CVE-2001-1426
http://www.securityfocus.com/bid/2566
BID:2566
http://www.securityfocus.com/archive/1/175229
BUGTRAQ:20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems
http://www.cert.org/advisories/CA-2001-08.html
CERT:CA-2001-08
http://www.kb.cert.org/vuls/id/490344
CERT-VN:VU#490344
https://exchange.xforce.ibmcloud.com/vulnerabilities/6336
XF:alcatel-tftp-lan-access(6336)
CVE-2001-1427
Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 allows remote attackers to overwrite templates with zero byte files via unknown attack vectors.
2005-03-22
2017-07-10
CVE-2001-1427
http://www.securityfocus.com/bid/3023
BID:3023
http://www.kb.cert.org/vuls/id/321475
CERT-VN:VU#321475
http://www.macromedia.com/devnet/security/security_zone/mpsb01-07.html
CONFIRM:http://www.macromedia.com/devnet/security/security_zone/mpsb01-07.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6840
XF:coldfusion-overwrite-template(6840)
CVE-2001-1428
The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped with a default password, which allows remote attackers to gain unauthorized access.
2005-03-24
2017-07-10
CVE-2001-1428
http://www.securityfocus.com/bid/2769
BID:2769
http://www.securityfocus.com/bid/2770
BID:2770
http://www.securityfocus.com/archive/1/186418
BUGTRAQ:20010524 IPC@Chip Security
http://www.kb.cert.org/vuls/id/426459
CERT-VN:VU#426459
http://www.kb.cert.org/vuls/id/46219
CERT-VN:VU#461219
https://exchange.xforce.ibmcloud.com/vulnerabilities/6597
XF:ipcchip-ftp-default-passwords(6597)
https://exchange.xforce.ibmcloud.com/vulnerabilities/6598
XF:ipcchip-telnet-default-password(6598)
CVE-2001-1429
Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file.
2005-03-24
2017-07-10
CVE-2001-1429
http://www.kb.cert.org/vuls/id/203203
CERT-VN:VU#203203
https://exchange.xforce.ibmcloud.com/vulnerabilities/10630
XF:midnight-commander-mcedit-bo(10630)
CVE-2001-1430
Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access.
2005-03-24
2017-07-10
CVE-2001-1430
http://www.securityfocus.com/bid/3017
BID:3017
http://www.securityfocus.com/archive/1/196083
BUGTRAQ:20010711 cayman strikes again
http://www.kb.cert.org/vuls/id/557136
CERT-VN:VU#557136
http://www.kb.cert.org/vuls/id/JARL-4ZTKY9
CONFIRM:http://www.kb.cert.org/vuls/id/JARL-4ZTKY9
https://exchange.xforce.ibmcloud.com/vulnerabilities/6841
XF:cayman-dsl-insecure-permissions(6841)
CVE-2001-1431
Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 Service Pack 3, IPSO 3.4 and VPN-1/FireWall-1 4.1 Service Pack 4, and IPSO 3.4 or IPSO 3.4.1 and VPN-1/FireWall-1 4.1 Service Pack 5, when SYN Defender is configured in Active Gateway mode, does not properly rewrite the third packet of a TCP three-way handshake to use the NAT IP address, which allows remote attackers to gain sensitive information.
2005-03-24
2017-07-10
CVE-2001-1431
http://www.kb.cert.org/vuls/id/258731
CERT-VN:VU#258731
https://exchange.xforce.ibmcloud.com/vulnerabilities/8293
XF:nokia-cp-packet-retransmission(8293)
CVE-2001-1432
Directory traversal vulnerability in Cherokee Web Server allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
2005-03-24
2017-07-10
CVE-2001-1432
http://www.securityfocus.com/bid/3772
BID:3772
http://www.kb.cert.org/vuls/id/464827
CERT-VN:VU#464827
http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0085.html
VULNWATCH:20011229 Remote Root Hole in Cherokee Webserver
https://exchange.xforce.ibmcloud.com/vulnerabilities/7799
XF:cherokee-http-directory-traversal(7799)
CVE-2001-1433
Cherokee web server before 0.2.7 does not properly drop root privileges after binding to port 80, which could allow remote attackers to gain privileges via other vulnerabilities.
2005-03-24
2017-07-10
CVE-2001-1433
http://www.securityfocus.com/bid/3771
BID:3771
http://www.kb.cert.org/vuls/id/245795
CERT-VN:VU#245795
http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0085.html
VULNWATCH:20011229 Remote Root Hole in Cherokee Webserver
https://exchange.xforce.ibmcloud.com/vulnerabilities/7797
XF:cherokee-http-insecure-privileges(7797)
CVE-2001-1434
Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created.
2005-04-21
2017-07-10
CVE-2001-1434
http://www.kb.cert.org/vuls/id/848944
CERT-VN:VU#848944
http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml
CISCO:20010228 Cisco IOS Software Multiple SNMP Community String Vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/6178
XF:cisco-ios-snmp-server-community(6178)
CVE-2001-1435
inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of service (network connection loss) by causing one of the services handled by inetd to core dump during startup, which causes inetd to stop accepting connections to all of its services.
2005-04-21
2017-07-10
CVE-2001-1435
http://www.securityfocus.com/archive/1/165535
BUGTRAQ:20010226 FW: COMPAQ SSRT0708U Security Advisory Tru64 V5.1 (only) inetd
http://www.kb.cert.org/vuls/id/880624
CERT-VN:VU#880624
http://www.securityfocus.com/archive/1/165535
COMPAQ:SSRT0708U
https://exchange.xforce.ibmcloud.com/vulnerabilities/6157
XF:tru64-inetd-dos(6157)
CVE-2001-1436
Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device password.
2005-04-21
2017-07-10
CVE-2001-1436
http://www.atstake.com/research/advisories/2001/a011801-1.txt
ATSTAKE:A011801-1
http://www.kb.cert.org/vuls/id/178560
CERT-VN:VU#178560
https://exchange.xforce.ibmcloud.com/vulnerabilities/10625
XF:ibutton-ds1991-dictionary(10625)
CVE-2001-1437
easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out.
2005-04-21
2017-07-10
CVE-2001-1437
http://www.securityfocus.com/bid/3649
BID:3649
http://archives.neohapsis.com/archives/bugtraq/2001-12/0000.html
BUGTRAQ:20011201 easynews 1.5 let's remote users modify database
http://www.kb.cert.org/vuls/id/597795
CERT-VN:VU#597795
https://exchange.xforce.ibmcloud.com/vulnerabilities/7660
XF:easynews-php-reveal-path(7660)
CVE-2001-1438
Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module installed allows remote attackers to cause a denial of service (PalmOS crash and VisorPhone database corruption) by sending a large or crafted SMS image.
2005-04-21
2017-07-10
CVE-2001-1438
http://www.kb.cert.org/vuls/id/222739
CERT-VN:VU#222739
http://www.securityfocus.com/archive/82/222110
VULN-DEV:20011022 PalmOS crashes receiving SMS images using Handspring VisorPhone
https://exchange.xforce.ibmcloud.com/vulnerabilities/10637
XF:handspring-visor-sms-dos(10637)
CVE-2001-1439
Buffer overflow in the text editor functionality in HP-UX 10.01 through 11.04 on HP9000 Series 700 and Series 800 allows local users to cause a denial of service ("system availability") via text editors such as (1) e, (2) ex, (3) vi, (4) edit, (5) view, and (6) vedit.
2005-04-21
2017-07-10
CVE-2001-1439
http://www.auscert.org.au/render.html?it=1176
AUSCERT:ESB-2001.066
http://www.kb.cert.org/vuls/id/268848
CERT-VN:VU#268848
http://www.securityfocus.com/archive/1/163910
HP:HPSBUX0011-132
https://exchange.xforce.ibmcloud.com/vulnerabilities/6111
XF:hp-text-editor-bo(6111)
CVE-2001-1440
Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system.
2005-04-21
2017-07-10
CVE-2001-1440
http://www-1.ibm.com/support/search.wss?rs=0&q=IY26302&apar=only
AIXAPAR:IY26302
http://www.securityfocus.com/bid/6839
BID:6839
http://www.kb.cert.org/vuls/id/249491
CERT-VN:VU#249491
http://securitytracker.com/id?1003038
SECTRACK:1003038
https://exchange.xforce.ibmcloud.com/vulnerabilities/8269
XF:aix-login-unauth-access(8269)
CVE-2001-1441
Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.
2005-04-21
2017-07-10
CVE-2001-1441
http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html
BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability
http://www.kb.cert.org/vuls/id/270083
CERT-VN:VU#270083
https://exchange.xforce.ibmcloud.com/vulnerabilities/6793
XF:java-servlet-crosssite-scripting(6793)
CVE-2001-1442
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
2005-04-21
2017-07-10
CVE-2001-1442
http://www.securityfocus.com/bid/2620
BID:2620
http://archives.neohapsis.com/archives/bugtraq/2001-04/0311.html
BUGTRAQ:20010418 Innfeed Buffer Overflow
http://www.securityfocus.com/archive/1/178011
BUGTRAQ:20010418 Re: Innfeed Buffer Overflow
http://www.kb.cert.org/vuls/id/943536
CERT-VN:VU#943536
http://securitytracker.com/id?1001353
SECTRACK:1001353
https://exchange.xforce.ibmcloud.com/vulnerabilities/6398
XF:innfeed-c-bo(6398)
CVE-2001-1443
KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.
2005-04-21
2017-07-10
CVE-2001-1443
http://www.kb.cert.org/vuls/id/390280
CERT-VN:VU#390280
http://josefsson.org/ktelnet/kerberos-telnet.html
MISC:http://josefsson.org/ktelnet/kerberos-telnet.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/10640
XF:kth-kerberos-unencrypted-connection(10640)
CVE-2001-1444
The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.
2005-04-21
2017-07-10
CVE-2001-1444
http://www.kb.cert.org/vuls/id/774587
CERT-VN:VU#774587
http://josefsson.org/ktelnet/kerberos-telnet.html
MISC:http://josefsson.org/ktelnet/kerberos-telnet.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/10640
XF:kth-kerberos-unencrypted-connection(10640)
CVE-2001-1445
Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through 5.7 allows remote attackers to bypass mail relaying restrictions via crafted e-mail addresses in "RCPT TO" commands.
2005-04-21
2017-07-10
CVE-2001-1445
http://www.kb.cert.org/vuls/id/176972
CERT-VN:VU#176972
http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21085603
CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21085603
https://exchange.xforce.ibmcloud.com/vulnerabilities/6591
XF:lotus-domino-smtp-mail-relay(6591)
CVE-2001-1446
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.
2005-04-21
2017-07-10
CVE-2001-1446
http://www.securityfocus.com/bid/3325
BID:3325
http://archives.neohapsis.com/archives/bugtraq/2001-09/0085.html
BUGTRAQ:20010910 Re: More security problems in Apache on Mac OS X
http://www.kb.cert.org/vuls/id/177243
CERT-VN:VU#177243
https://exchange.xforce.ibmcloud.com/vulnerabilities/7103
XF:macos-apache-directory-disclosure(7103)
CVE-2001-1447
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.
2005-04-21
2017-07-10
CVE-2001-1447
http://www.securityfocus.com/bid/3439
BID:3439
http://archives.neohapsis.com/archives/bugtraq/2001-10/0121.html
BUGTRAQ:20011017 Mac OS X setuid root security hole
http://archives.neohapsis.com/archives/bugtraq/2001-10/0130.html
BUGTRAQ:20011017 Re: Mac OS X setuid root security hole
http://www.kb.cert.org/vuls/id/945747
CERT-VN:VU#945747
http://www.ciac.org/ciac/bulletins/m-007.shtml
CIAC:M-007
https://exchange.xforce.ibmcloud.com/vulnerabilities/7303
XF:macos-netinfo-root-privileges(7303)
CVE-2001-1448
Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local users to overwrite arbitrary files and possibly execute code via a symlink attack on temporary files created by the (1) mkuserproc, (2) mgrnt, and (3) mgdatasrvr.sc scripts.
2005-04-21
2017-07-10
CVE-2001-1448
http://www.securityfocus.com/archive/1/246343
BUGTRAQ:20011217 MAGIC Enterprise Multiple Vulnerabilities
http://www.kb.cert.org/vuls/id/157795
CERT-VN:VU#157795
https://exchange.xforce.ibmcloud.com/vulnerabilities/10616
XF:magic-edeveloper-tmp-symlink(10616)
CVE-2001-1449
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
2005-04-21
2017-07-10
CVE-2001-1449
http://www.kb.cert.org/vuls/id/913704
CERT-VN:VU#913704
http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2
MANDRAKE:MDKSA-2001:077
https://exchange.xforce.ibmcloud.com/vulnerabilities/8029
XF:mandrake-apache-browse-directories(8029)
CVE-2001-1450
Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".
2005-04-21
2017-07-10
CVE-2001-1450
http://cert.uni-stuttgart.de/archive/vuln-dev/2001/05/msg00029.html
BUGTRAQ:20010505 [bug]: Cause IE 5.X to crash
http://www.kb.cert.org/vuls/id/199408
CERT-VN:VU#199408
https://exchange.xforce.ibmcloud.com/vulnerabilities/10117
XF:ie-ftp-url-dos(10117)
CVE-2001-1451
Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
2005-04-21
2017-07-10
CVE-2001-1451
http://www.securityfocus.com/bid/6030
BID:6030
http://www.kb.cert.org/vuls/id/887393
CERT-VN:VU#887393
http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;296815
MSKB:Q296815
https://exchange.xforce.ibmcloud.com/vulnerabilities/10431
XF:win2k-snmp-lanman-dos(10431)
CVE-2001-1452
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses.
2005-04-21
2017-07-10
CVE-2001-1452
http://www.securityfocus.com/bid/6791
BID:6791
http://www.kb.cert.org/vuls/id/109475
CERT-VN:VU#109475
http://support.microsoft.com/default.aspx?scid=KB;en-us;q241352
MSKB:Q241352
https://exchange.xforce.ibmcloud.com/vulnerabilities/3675
XF:nt-ms-dns-cachepollution(3675)
CVE-2001-1453
Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.
2005-04-21
2017-07-10
CVE-2001-1453
http://www.securityfocus.com/archive/1/161917
BUGTRAQ:20010209 Some more MySql security issues
http://www.kb.cert.org/vuls/id/123384
CERT-VN:VU#123384
http://dev.mysql.com/doc/mysql/en/news-3-23-33.html
CONFIRM:http://dev.mysql.com/doc/mysql/en/news-3-23-33.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6418
XF:mysql-libmysqlclient-bo(6418)
CVE-2001-1454
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.
2005-04-21
2017-07-10
CVE-2001-1454
http://www.securityfocus.com/archive/1/161917
BUGTRAQ:20010209 Some more MySql security issues
http://www.kb.cert.org/vuls/id/367320
CERT-VN:VU#367320
http://dev.mysql.com/doc/mysql/en/news-3-23-33.html
CONFIRM:http://dev.mysql.com/doc/mysql/en/news-3-23-33.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6419
XF:mysql-drop-database-bo(6419)
CVE-2001-1455
Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.
2005-04-21
2017-07-10
CVE-2001-1455
http://www.securityfocus.com/bid/6060
BID:6060
http://www.kb.cert.org/vuls/id/837419
CERT-VN:VU#837419
https://exchange.xforce.ibmcloud.com/vulnerabilities/10497
XF:siteminder-unicode-bypass(10497)
CVE-2001-1456
Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message.
2005-04-21
2017-07-10
CVE-2001-1456
http://www.securityfocus.com/bid/3290
BID:3290
http://www.cert.org/advisories/CA-2001-25.html
CERT:CA-2001-25
http://www.kb.cert.org/vuls/id/206723
CERT-VN:VU#206723
ftp://patches.sgi.com/support/free/security/advisories/20011104-01-I
SGI:20011104-01-I
https://exchange.xforce.ibmcloud.com/vulnerabilities/7088
XF:gauntlet-csmap-bo(7088)
CVE-2001-1457
Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable.
2005-04-21
2017-07-10
CVE-2001-1457
http://www.securityfocus.com/archive/1/173050
BUGTRAQ:20010331 Remote buffer overflow in CrazyWWWBoard.
http://www.kb.cert.org/vuls/id/229955
CERT-VN:VU#229955
https://exchange.xforce.ibmcloud.com/vulnerabilities/10110
XF:crazywwwboard-httpuseragent-bo(10110)
CVE-2001-1458
Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 allows remote attackers to read arbitrary files via a request for /servlet/webacc?User.html= that contains "../" (dot dot) sequences and a null character.
2005-04-21
2017-07-10
CVE-2001-1458
http://www.securityfocus.com/bid/3436
BID:3436
http://online.securityfocus.com/archive/1/220667
BUGTRAQ:20011015 Novell Groupwise arbitrary file retrieval vulnerability
http://www.kb.cert.org/vuls/id/341539
CERT-VN:VU#341539
http://support.novell.com/servlet/tidfinder/2960443
CONFIRM:http://support.novell.com/servlet/tidfinder/2960443
http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.html
CONFIRM:http://www.novell.com/coolsolutions/gwmag/features/a_webaccess_security_gw.html
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/advisories_template.htm%3Findexid%3D12
MISC:http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/advisories_template.htm%3Findexid%3D12
https://exchange.xforce.ibmcloud.com/vulnerabilities/7287
XF:novell-groupwise-directory-traversal(7287)
CVE-2001-1459
OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.
2005-04-21
2017-07-10
CVE-2001-1459
http://www.securityfocus.com/bid/2917
BID:2917
http://marc.info/?l=bugtraq&m=99324968918628&w=2
BUGTRAQ:20010619 pam session
http://www.kb.cert.org/vuls/id/797027
CERT-VN:VU#797027
https://exchange.xforce.ibmcloud.com/vulnerabilities/6757
XF:openssh-rsh-bypass-pam(6757)
CVE-2001-1460
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.
2005-04-21
2017-07-10
CVE-2001-1460
http://www.securityfocus.com/bid/3435
BID:3435
http://archives.neohapsis.com/archives/bugtraq/2001-10/0088.html
BUGTRAQ:20011012 Bug in PostNuke 0.62, 0.63 and 0.64 (and possibly PHPnuke)
http://archives.neohapsis.com/archives/bugtraq/2001-10/0091.html
BUGTRAQ:20011013 Bug in PostNuke 0.62, 0.63 and 0.64 (and possibly PHPnuke)
http://www.kb.cert.org/vuls/id/921547
CERT-VN:VU#921547
https://exchange.xforce.ibmcloud.com/vulnerabilities/7280
XF:postnuke-getusrinfo-bypass-authentication(7280)
CVE-2001-1461
Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded (1) /.. or (2) \.. sequences.
2005-04-21
2017-07-10
CVE-2001-1461
http://www.securityfocus.com/bid/3461
BID:3461
http://www.kb.cert.org/vuls/id/348040
CERT-VN:VU#348040
https://exchange.xforce.ibmcloud.com/vulnerabilities/7397
XF:securid-webid-unicode-traversal(7397)
CVE-2001-1462
WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to cause the WebID agent to enter debug mode via a URL containing null characters, which may allow attackers to obtain sensitive information.
2005-04-21
2017-07-10
CVE-2001-1462
http://www.securityfocus.com/bid/3462
BID:3462
http://www.kb.cert.org/vuls/id/609840
CERT-VN:VU#609840
https://exchange.xforce.ibmcloud.com/vulnerabilities/7399
XF:securid-webid-debug-mode(7399)
CVE-2001-1463
The remote administration client for RhinoSoft Serv-U 3.0 sends the user password in plaintext even when S/KEY One-Time Password (OTP) authentication is enabled, which allows remote attackers to sniff passwords.
2005-04-21
2017-07-10
CVE-2001-1463
http://www.kb.cert.org/vuls/id/279763
CERT-VN:VU#279763
http://securitytracker.com/id?1002882
SECTRACK:1002882
https://exchange.xforce.ibmcloud.com/vulnerabilities/7925
XF:servu-ftp-plaintext-password(7925)
CVE-2001-1464
Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.
2005-04-21
2017-07-10
CVE-2001-1464
http://www.kb.cert.org/vuls/id/403307
CERT-VN:VU#403307
https://exchange.xforce.ibmcloud.com/vulnerabilities/7928
XF:crystalreports-plaintext-auth-info(7928)
CVE-2001-1465
SurfControl SuperScout only filters packets containing both an HTTP GET request and a Host header, which allows local users to bypass filtering by fragmenting packets so that no packet contains both data elements.
2005-04-21
CVE-2001-1465
http://www.kb.cert.org/vuls/id/139315
CERT-VN:VU#139315
http://securitytracker.com/id?1001801
SECTRACK:1001801
CVE-2001-1466
Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
2005-04-21
2017-07-10
CVE-2001-1466
http://www.kb.cert.org/vuls/id/216227
CERT-VN:VU#216227
http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0967.html
VULN-DEV:20011230 blackshell1: Multiple Prolems with Vandykes SecureCRT
https://exchange.xforce.ibmcloud.com/vulnerabilities/10111
XF:securecrt-ssh1-protocol-bo(10111)
CVE-2001-1467
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.
2005-04-21
2017-07-10
CVE-2001-1467
http://www.securityfocus.com/bid/2632
BID:2632
http://archives.neohapsis.com/archives/bugtraq/2001-04/0173.html
BUGTRAQ:20010411 flaw in RH ``mkpasswd'' command
http://archives.neohapsis.com/archives/bugtraq/2001-04/0192.html
BUGTRAQ:20010412 Re: flaw in RH ``mkpasswd'' command (importance of seeds & algorithms)
http://www.kb.cert.org/vuls/id/527736
CERT-VN:VU#527736
http://securitytracker.com/id?1001303
SECTRACK:1001303
https://exchange.xforce.ibmcloud.com/vulnerabilities/6382
XF:mkpasswd-weak-passwords(6382)
CVE-2001-1468
PHP remote file inclusion vulnerability in checklogin.php in phpSecurePages 0.24 and earlier allows remote attackers to execute arbitrary PHP code by modifying the cfgProgDir parameter to reference a URL on a remote web server that contains the code.
2005-04-21
2017-07-10
CVE-2001-1468
http://www.securityfocus.com/bid/2970
BID:2970
http://www.kb.cert.org/vuls/id/391347
CERT-VN:VU#391347
http://securitytracker.com/id?1001408
SECTRACK:1001408
https://exchange.xforce.ibmcloud.com/vulnerabilities/6774
XF:phpsecurepages-checklogin-execute-code(6774)
CVE-2001-1469
The RC4 stream cipher as used by SSH1 allows remote attackers to modify messages without detection by XORing the original message's cyclic redundancy check (CRC) with the CRC of a mask consisting of all the bits of the original message that were modified.
2005-04-21
2017-07-10
CVE-2001-1469
http://www.kb.cert.org/vuls/id/25309
CERT-VN:VU#25309
https://exchange.xforce.ibmcloud.com/vulnerabilities/6449
XF:ssh-rc4-modify-packets(6449)
CVE-2001-1470
The IDEA cipher as implemented by SSH1 does not protect the final block of a message against modification, which allows remote attackers to modify the block without detection by changing its cyclic redundancy check (CRC) to match the modifications to the message.
2005-04-21
2017-07-10
CVE-2001-1470
http://www.kb.cert.org/vuls/id/315308
CERT-VN:VU#315308
https://exchange.xforce.ibmcloud.com/vulnerabilities/6472
XF:ssh-idea-modify-packets(6472)
CVE-2001-1471
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
2005-04-21
2017-07-10
CVE-2001-1471
http://www.securityfocus.com/bid/3167
BID:3167
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-08/0087.html
BUGTRAQ:20010804 Re: phpBB 1.4.0 bug leads to easy admin privileges
http://archives.neohapsis.com/archives/bugtraq/2001-08/0123.html
BUGTRAQ:20010810 Easily and Remotely Pipe a Covert Shell on phpBB version 1.4.0 and below
http://www.kb.cert.org/vuls/id/920931
CERT-VN:VU#920931
https://exchange.xforce.ibmcloud.com/vulnerabilities/6944
XF:phpbb-admin-access(6944)
CVE-2001-1472
SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 allows remote authenticated users to execute arbitrary SQL commands and gain administrative access via the viewemail parameter.
2005-04-21
2017-07-10
CVE-2001-1472
http://www.securityfocus.com/bid/3142
BID:3142
http://www.securityfocus.com/archive/1/201715
BUGTRAQ:20010803 phpBB 1.4.0 bug leads to easy admin privileges
http://www.kb.cert.org/vuls/id/314347
CERT-VN:VU#314347
https://exchange.xforce.ibmcloud.com/vulnerabilities/6944
XF:phpbb-admin-access(6944)
CVE-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
2005-04-21
2017-07-10
CVE-2001-1473
http://www.kb.cert.org/vuls/id/684820
CERT-VN:VU#684820
https://exchange.xforce.ibmcloud.com/vulnerabilities/6603
XF:ssh-authentication-forwarding(6603)
CVE-2001-1474
SSH before 2.0 disables host key checking when connecting to the localhost, which allows remote attackers to silently redirect connections to the localhost by poisoning the client's DNS cache.
2005-04-21
2017-07-10
CVE-2001-1474
http://www.kb.cert.org/vuls/id/786900
CERT-VN:VU#786900
https://exchange.xforce.ibmcloud.com/vulnerabilities/6604
XF:ssh-dns-authentication-bypass(6604)
CVE-2001-1475
SSH before 2.0, when using RC4 and password authentication, allows remote attackers to replay messages until a new server key (VK) is generated.
2005-04-21
2017-07-10
CVE-2001-1475
http://www.kb.cert.org/vuls/id/665372
CERT-VN:VU#665372
https://exchange.xforce.ibmcloud.com/vulnerabilities/6490
XF:ssh-rc4-replay-conversation(6490)
CVE-2001-1476
SSH before 2.0, with RC4 encryption and the "disallow NULL passwords" option enabled, makes it easier for remote attackers to guess portions of user passwords by replaying user sessions with certain modifications, which trigger different messages depending on whether the guess is correct or not.
2005-04-21
2017-07-10
CVE-2001-1476
http://www.kb.cert.org/vuls/id/565052
CERT-VN:VU#565052
https://exchange.xforce.ibmcloud.com/vulnerabilities/6490
XF:ssh-rc4-replay-conversation(6490)
CVE-2001-1477
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.
2005-05-10
2017-07-10
CVE-2001-1477
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp
CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA00-08.jsp
https://exchange.xforce.ibmcloud.com/vulnerabilities/6326
XF:bea-tuxedo-remote-access(6326)
CVE-2001-1478
Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0.0 allows local users to execute arbitrary code.
2005-06-21
2017-07-10
CVE-2001-1478
http://www.securityfocus.com/bid/3555
BID:3555
ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.34/CSSA-2001-SCO.34.txt
CALDERA:CSSA-2001-SCO.34
https://exchange.xforce.ibmcloud.com/vulnerabilities/7573
XF:unixware-openunix-xlock-bo(7573)
CVE-2001-1479
smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT.
2005-06-21
2017-07-10
CVE-2001-1479
http://www.securityfocus.com/bid/3763
BID:3763
http://www.securiteam.com/unixfocus/6K00S203FC.html
MISC:http://www.securiteam.com/unixfocus/6K00S203FC.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7756
XF:sun-smcboot-tmp-symlink(7756)
CVE-2001-1480
Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.
2005-06-21
2017-07-10
CVE-2001-1480
http://www.securityfocus.com/bid/3441
BID:3441
http://cert.uni-stuttgart.de/archive/bugtraq/2001/10/msg00120.html
BUGTRAQ:20011017 Mac OS X v10.0.x J2SE v1.3 clipboard tapping vulnerability
http://www.securityfocus.com/advisories/3617
HP:HPSBUX0110-174
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/208&type=0&nav=sec.sba
SUN:00208
https://exchange.xforce.ibmcloud.com/vulnerabilities/7333
XF:jre-system-clipboard-access(7333)
CVE-2001-1481
Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.
2005-06-21
2017-07-10
CVE-2001-1481
http://www.securityfocus.com/bid/3582
BID:3582
http://www.securityfocus.com/archive/1/242375
BUGTRAQ:20011126 Xitami Webserver stores admin password in clear text.
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html
MISC:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7600
XF:xitami-default-password-plaintext(7600)
CVE-2001-1482
SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.
2005-06-21
2017-12-18
CVE-2001-1482
http://www.securityfocus.com/bid/3411
BID:3411
http://www.securityfocus.com/archive/1/219178
BUGTRAQ:20011008 phpBB 1.4.2, Remote user is able to modify SQL query.
https://exchange.xforce.ibmcloud.com/vulnerabilities/7253
XF:phpbb-bbmemberlist-modify-sql(7253)
CVE-2001-1483
One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.
2005-06-21
2017-07-10
CVE-2001-1483
http://www.securityfocus.com/bid/3549
BID:3549
http://www.securityfocus.com/archive/1/20011115221226.7C93E186B0@atlas.dgp.toronto.edu
BUGTRAQ:20011115 Re: OpenSSH & S/Key information leakage
https://exchange.xforce.ibmcloud.com/vulnerabilities/7572
XF:opie-verify-accounts(7572)
CVE-2001-1484
Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication.
2005-06-21
2017-07-10
CVE-2001-1484
http://www.cert.org/advisories/CA-2001-08.html
CERT:CA-2001-08
http://www.kb.cert.org/vuls/id/211736
CERT-VN:VU#211736
https://exchange.xforce.ibmcloud.com/vulnerabilities/6336
XF:alcatel-tftp-lan-access(6336)
CVE-2001-1487
popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option.
2005-06-21
2017-07-10
CVE-2001-1487
http://www.securityfocus.com/archive/1/246069
BUGTRAQ:20011217 Advisory: popauth
https://exchange.xforce.ibmcloud.com/vulnerabilities/7707
XF:qpopper-popauth-symlink(7707)
CVE-2001-1488
Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet. NOTE: a followup post suggests that this is not an issue in the daemon.
2005-06-21
2017-07-10
CVE-2001-1488
http://www.securityfocus.com/archive/1/219388/2003-04-27/2003-05-03/2
BUGTRAQ:20011009 OpenProjects IRCD allows DNS spoofing
http://www.securityfocus.com/archive/1/220380
BUGTRAQ:20011014 Re: OpenProjects IRCD allows DNS spoofing
https://exchange.xforce.ibmcloud.com/vulnerabilities/7283
XF:irc-openprojects-dns-spoofing(7283)
CVE-2001-1489
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
2005-06-21
2017-07-10
CVE-2001-1489
http://www.securityfocus.com/bid/3684
BID:3684
http://www.securityfocus.com/archive/1/245152
BUGTRAQ:20011211 Browsers fails on big image count
https://exchange.xforce.ibmcloud.com/vulnerabilities/7709
XF:win-browser-image-dos(7709)
CVE-2001-1490
Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
2005-06-21
2017-07-10
CVE-2001-1490
http://www.securityfocus.com/bid/3684
BID:3684
http://www.securityfocus.com/archive/1/245152
BUGTRAQ:20011211 Browsers fails on big image count
https://exchange.xforce.ibmcloud.com/vulnerabilities/7709
XF:win-browser-image-dos(7709)
CVE-2001-1491
Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
2005-06-21
2017-07-10
CVE-2001-1491
http://www.securityfocus.com/bid/3684
BID:3684
http://www.securityfocus.com/archive/1/245152
BUGTRAQ:20011211 Browsers fails on big image count
https://exchange.xforce.ibmcloud.com/vulnerabilities/7709
XF:win-browser-image-dos(7709)
CVE-2001-1492
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-1460. Reason: This candidate is a refinement duplicate of CVE-2001-1460. Notes: All CVE users should reference CVE-2001-1460 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
2005-06-21
2005-07-12
CVE-2001-1492
CVE-2001-1494
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.
2005-06-21
2017-10-09
CVE-2001-1494
http://www.securityfocus.com/bid/16280
BID:16280
http://seclists.org/bugtraq/2001/Dec/0123.html
BUGTRAQ:20011212 Silly 'script' hardlink bug
http://seclists.org/bugtraq/2001/Dec/0122.html
BUGTRAQ:20011213 Silly 'script' hardlink bug - fixed
http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm
MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723
OVAL:oval:org.mitre.oval:def:10723
http://www.redhat.com/support/errata/RHSA-2005-782.html
REDHAT:RHSA-2005:782
http://secunia.com/advisories/16785
SECUNIA:16785
http://secunia.com/advisories/18502
SECUNIA:18502
https://exchange.xforce.ibmcloud.com/vulnerabilities/7718
XF:util-linux-script-hardlink(7718)
CVE-2001-1495
network_query.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter.
2005-06-21
2017-07-18
CVE-2001-1495
http://www.securityfocus.com/bid/3455
BID:3455
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-10/0179.html
BUGTRAQ:20011022 [Advisory iSecureLabs] Network Query Tool remote command execution
https://exchange.xforce.ibmcloud.com/vulnerabilities/7322
XF:nqt-php-command-execution(7322)
CVE-2001-1496
Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
2005-06-21
2017-07-10
CVE-2001-1496
http://www.securityfocus.com/bid/3562
BID:3562
http://www.securityfocus.com/archive/1/241310
BUGTRAQ:20011120 Off-by-one vulnerability in thttpd!!!
http://www.securityfocus.com/archive/1/241953
BUGTRAQ:20011123 Re: Off-by-one vulnerability in thttpd!!!
https://exchange.xforce.ibmcloud.com/vulnerabilities/7595
XF:thttpd-basic-authentication-bo(7595)
CVE-2001-1497
Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.
2005-06-21
2005-07-06
CVE-2001-1497
http://www.securityfocus.com/bid/3563
BID:3563
http://www.securityfocus.com/archive/1/241400
BUGTRAQ:20011120 Re: MS IE Password inputs
http://www.securityfocus.com/archive/1/241323
BUGTRAQ:20011121 MS IE Password inputs
http://www.iss.net/security_center/static/7592.php
XF:ie-password-character-information(7592)
CVE-2001-1498
Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary commands via a long script.
2005-06-21
2017-12-18
CVE-2001-1498
http://www.securityfocus.com/bid/3713
BID:3713
http://www.bugtraq.org/advisories/GOBBLES-15.txt
MISC:http://www.bugtraq.org/advisories/GOBBLES-15.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/7730
XF:brainf*ck-modbf-bo(7730)
CVE-2001-1499
Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks.
2005-06-21
2017-07-10
CVE-2001-1499
http://www.securityfocus.com/bid/3470
BID:3470
http://www.securityfocus.com/archive/1/222366
BUGTRAQ:20011023 Check Point VPN-1 SecuRemote Flaw
http://www.securityfocus.com/archive/1/222479
BUGTRAQ:20011024 RE: Check Point VPN-1 SecuRemote Flaw
http://www.osvdb.org/20210
OSVDB:20210
https://exchange.xforce.ibmcloud.com/vulnerabilities/7343
XF:vpn1-securemote-brute-force(7343)
CVE-2001-1500
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
2005-06-21
2017-12-18
CVE-2001-1500
http://www.securityfocus.com/bid/3310
BID:3310
http://www.securityfocus.com/archive/1/212805
BUGTRAQ:20010907 ProFTPd and reverse DNS
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450
CONECTIVA:CLA-2002:450
http://www.mandriva.com/security/advisories?name=MDKSA-2002:005
MANDRAKE:MDKSA-2002:005
https://exchange.xforce.ibmcloud.com/vulnerabilities/7126
XF:proftpd-unresolved-hostname(7126)
CVE-2001-1501
The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.
2005-06-21
2007-10-18
CVE-2001-1501
http://online.securityfocus.com/archive/1/169395
BUGTRAQ:20010315 [SECURITY] DoS vulnerability in ProFTPD
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450
CONECTIVA:CLA-2002:450
http://www.mandriva.com/security/advisories?name=MDKSA-2002:005
MANDRAKE:MDKSA-2002:005
CVE-2001-1502
webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the NEXTPAGE parameter.
2005-06-21
2017-07-10
CVE-2001-1502
http://www.securityfocus.com/bid/3453
BID:3453
http://www.securityfocus.com/archive/1/221688
BUGTRAQ:20011019 Webcart v.8.4
https://exchange.xforce.ibmcloud.com/vulnerabilities/7315
XF:webcart-cgi-command-execution(7315)
CVE-2001-1503
The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.
2005-06-21
2017-07-10
CVE-2001-1503
http://www.securityfocus.com/bid/3457
BID:3457
http://sunsolve.sun.com/search/document.do?assetkey=1-26-27116-1
SUNALERT:27116
http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0016.html
VULNWATCH:20011022 Solaris fingerd disclose complete user list
https://exchange.xforce.ibmcloud.com/vulnerabilities/7334
XF:solaris-fingerd-list-accounts(7334)
CVE-2001-1504
Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message.
2005-06-21
2017-07-10
CVE-2001-1504
http://www.securityfocus.com/bid/3458
BID:3458
http://www.securityfocus.com/archive/1/221986
BUGTRAQ:20011022 Security BugWare Advisory
http://www.securityfocus.com/archive/1/222212
BUGTRAQ:20011023 Re: Security BugWare Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7323
XF:lotus-notes-execute-objects(7323)
CVE-2001-1505
tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets.
2005-06-21
2017-07-10
CVE-2001-1505
http://www.securityfocus.com/bid/3837
BID:3837
http://www.securityfocus.com/archive/1/249142
BUGTRAQ:20020109 Security flaws in tinc
https://exchange.xforce.ibmcloud.com/vulnerabilities/7870
XF:vpn-replay-attack(7870)
CVE-2001-1506
Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.
2005-06-21
2017-07-10
CVE-2001-1506
http://www.securityfocus.com/bid/3468
BID:3468
http://online.securityfocus.com/advisories/3618
HP:HPSBTL0110-001
https://exchange.xforce.ibmcloud.com/vulnerabilities/7342
XF:hp-secure-unauth-privileges(7342)
CVE-2001-1507
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
2005-07-14
2005-11-04
CVE-2001-1507
http://www.securityfocus.com/bid/3560
BID:3560
http://msgs.securepoint.com/cgi-bin/get/bugtraq0111/114.html
BUGTRAQ:20011119 OpenSSH 3.0.1 (fwd)
http://www.openbsd.org/errata30.html#sshd
CONFIRM:http://www.openbsd.org/errata30.html#sshd
http://www.iss.net/security_center/static/7598.php
XF:openssh-kerberos-elevate-privileges(7598)
CVE-2001-1508
Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument.
2005-07-14
2017-12-18
CVE-2001-1508
http://www.securityfocus.com/bid/2597
BID:2597
ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.38/CSSA-2001-SCO.38.txt
CALDERA:CSSA-2001-SCO.38
https://exchange.xforce.ibmcloud.com/vulnerabilities/6413
XF:sco-openserver-lpstat-bo(6413)
CVE-2001-1509
geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.
2005-07-14
2017-10-09
CVE-2001-1509
http://www.securityfocus.com/bid/3452
BID:3452
http://www.securityfocus.com/advisories/3606
HP:HPSBUX0110-171
http://hp.cso.uiuc.edu/ftp/pub/hp/patches/11.20/PHSS_25454
MISC:http://hp.cso.uiuc.edu/ftp/pub/hp/patches/11.20/PHSS_25454
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5364
OVAL:oval:org.mitre.oval:def:5364
http://www.iss.net/security_center/static/7324.php
XF:hpux-ia-geteuid-gain-privileges(7324)
CVE-2001-1510
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
2005-07-14
CVE-2001-1510
http://www.macromedia.com/v1/handlers/index.cfm?ID=22262&Method=Full
ALLAIRE:MPSB01-13
http://www.securityfocus.com/bid/3592
BID:3592
http://online.securityfocus.com/archive/1/242843/2002-07-27/2002-08-02/2
BUGTRAQ:20011128 def-2001-32
http://online.securityfocus.com/archive/1/243203
BUGTRAQ:20011129 RE: def-2001-32 - Allaire JRun directory browsing vulnerability
http://www.securityfocus.com/archive/1/243636
BUGTRAQ:20011203 Allaire JRun ACL bypassing/soure disclosure vulnerability
http://www.iss.net/security_center/static/7623.php
XF:allaire-jrun-view-directory(7623)
CVE-2001-1511
JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570".
2005-07-14
CVE-2001-1511
http://www.macromedia.com/v1/handlers/index.cfm?ID=22288&Method=Full
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22288&Method=Full
http://www.iss.net/security_center/static/7676.php
XF:allaire-jrun-view-jsp-source(7676)
CVE-2001-1512
Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050.
2005-07-14
2005-11-04
CVE-2001-1512
http://www.securityfocus.com/bid/3662
BID:3662
http://www.macromedia.com/v1/handlers/index.cfm?ID=22287
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22287
http://www.iss.net/security_center/static/7677.php
XF:allaire-jrun-webinf-metainf-jsp(7677)
CVE-2001-1513
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx.
2005-07-14
2005-11-04
CVE-2001-1513
http://www.securityfocus.com/bid/3600
BID:3600
http://www.macromedia.com/v1/handlers/index.cfm?ID=22260&Method=Full
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22260&Method=Full
http://www.iss.net/security_center/static/7680.php
XF:allaire-jrun-sessionid-duplicated(7680)
CVE-2001-1514
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.
2005-07-14
CVE-2001-1514
http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263
CONFIRM:http://www.macromedia.com/v1/Handlers/index.cfm?ID=22263
CVE-2001-1515
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.
2005-07-14
2005-11-04
CVE-2001-1515
http://www.securityfocus.com/bid/3479
BID:3479
http://securitytracker.com/id?1002626
SECTRACK:1002626
CVE-2001-1516
Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews.
2005-07-14
CVE-2001-1516
http://www.securityfocus.com/bid/3380
BID:3380
http://www.iss.net/security_center/static/7218.php
XF:phpreview-cross-site-scripting(7218)
CVE-2001-1517
** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information.
2005-07-14
CVE-2001-1517
http://www.securityfocus.com/bid/3184
BID:3184
http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html
BUGTRAQ:20011114 RE:Radix Research Reports RADIX1112200101, RADIX1112200102, and RADIX1112200103
http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0041.html
VULNWATCH:20011112 RADIX1112200102
http://www.iss.net/security_center/static/7531.php
XF:win2k-runas-reveal-information(7531)
CVE-2001-1518
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.
2005-07-14
CVE-2001-1518
http://www.securityfocus.com/bid/3291
BID:3291
http://online.securityfocus.com/archive/1/236113
BUGTRAQ:20011112 RADIX1112200103
http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html
BUGTRAQ:20011114 RE:Radix Research Reports RADIX1112200101, RADIX1112200102, and RADIX1112200103
http://www.iss.net/security_center/static/7533.php
XF:win2k-runas-dos(7533)
CVE-2001-1519
** DISPUTED ** RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it.
2005-07-14
CVE-2001-1519
http://www.securityfocus.com/bid/3185
BID:3185
http://online.securityfocus.com/archive/1/236111
BUGTRAQ:20011112 RADIX1112200101
http://online.securityfocus.com/archive/1/240136
BUGTRAQ:20011114 RE:Radix Research Reports RADIX1112200101, RADIX1112200102, and RADIX1112200103
http://www.iss.net/security_center/static/7532.php
XF:win2k-runas-pipe-authentication(7532)
CVE-2001-1520
Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN.
2005-07-14
CVE-2001-1520
http://www.securityfocus.com/bid/3574
BID:3574
http://archives.neohapsis.com/archives/bugtraq/2001-11/0187.html
BUGTRAQ:20011123 Xircom REX6000 PDA Password Retrieval
http://www.iss.net/security_center/static/7584.php
XF:rex6000-pda-password-retrieval(7584)
CVE-2001-1521
Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.
2005-07-14
2005-11-04
CVE-2001-1521
http://www.securityfocus.com/bid/3609
BID:3609
http://online.securityfocus.com/archive/82/243545
BUGTRAQ:20011203 Phpnuke Cross site scripting vulnerability
http://online.securityfocus.com/archive/1/245691
BUGTRAQ:20011215 PHPNuke holes
http://www.iss.net/security_center/static/7654.php
XF:phpnuke-postnuke-css(7654)
CVE-2001-1522
Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.
2005-07-14
CVE-2001-1522
http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0848.html
VULN-DEV:20011215 Security hole in IMessenger ( PHP-Nuke )
http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0851.html
VULN-DEV:20011215 Serious bug in IMessenger ( php-nuke )
CVE-2001-1523
Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter.
2005-07-14
CVE-2001-1523
http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0853.html
VULN-DEV:20011216 CSS in DMOZGateway ( php-nuke )
CVE-2001-1524
Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.
2005-07-14
2005-11-04
CVE-2001-1524
http://www.securityfocus.com/bid/3609
BID:3609
http://online.securityfocus.com/archive/82/243545
BUGTRAQ:20011203 Phpnuke Cross site scripting vulnerability
http://online.securityfocus.com/archive/1/245691
BUGTRAQ:20011215 PHPNuke holes
http://online.securityfocus.com/archive/1/245875
BUGTRAQ:20011216 Phpnuke module.php vulnerability and php error_reporting issue
http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz
CONFIRM:http://prdownloads.sourceforge.net/phpnuke/PHP-Nuke-5.5.tar.gz
http://online.securityfocus.com/archive/82/246603
VULN-DEV:20011220 1 last CSS hole in PHPNuke :)
http://www.iss.net/security_center/static/7654.php
XF:phpnuke-postnuke-css(7654)
CVE-2001-1525
Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter.
2005-07-14
CVE-2001-1525
http://www.securityfocus.com/bid/3643
BID:3643
http://archives.neohapsis.com/archives/bugtraq/2001-12/0000.html
BUGTRAQ:20011201 easynews 1.5 let's remote users modify database
http://www.iss.net/security_center/static/7657.php
XF:easynews-php-modify-data(7657)
CVE-2001-1526
Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter.
2005-07-14
CVE-2001-1526
http://archives.neohapsis.com/archives/bugtraq/2001-12/0000.html
BUGTRAQ:20011201 easynews 1.5 let's remote users modify database
http://www.iss.net/security_center/static/7658.php
XF:easynews-php-css(7658)
CVE-2001-1527
easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access.
2005-07-14
2009-04-03
CVE-2001-1527
http://archives.neohapsis.com/archives/bugtraq/2001-12/0000.html
BUGTRAQ:20011201 easynews 1.5 let's remote users modify database
http://www.iss.net/security_center/static/7659.php
XF:easynews-php-admin-passwd(7659)
CVE-2001-1528
AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.
2005-07-14
CVE-2001-1528
http://www.securityfocus.com/bid/3371
BID:3371
http://archives.neohapsis.com/archives/bugtraq/2001-09/0235.html
BUGTRAQ:20010929 Vulnerability in Amtote International homebet self service wagering system.
http://www.iss.net/security_center/static/7185.php
XF:homebet-brute-force-account(7185)
CVE-2001-1529
Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779.
2005-07-14
CVE-2001-1529
http://archives.neohapsis.com/archives/aix/2001-q4/0009.html
AIXAPAR:IY21609
CVE-2001-1530
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands.
2005-07-14
CVE-2001-1530
http://www.securiteam.com/unixfocus/6R00M0K2UC.html
MISC:http://www.securiteam.com/unixfocus/6R00M0K2UC.html
http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html
VULNWATCH:20011022 Webmin 0.88 temporary insecure file creation, root compromise
CVE-2001-1531
Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an email attachment with a long filename.
2005-07-14
CVE-2001-1531
http://www.securityfocus.com/bid/3454
BID:3454
http://archives.neohapsis.com/archives/bugtraq/2001-10/0162.html
BUGTRAQ:20011019 Claris Emailer buffer over flow vulnerabirity
http://www.iss.net/security_center/static/7314.php
XF:claris-long-filename-bo(7314)
CVE-2001-1532
WebX stores authentication information in the HTTP_REFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions.
2005-07-14
CVE-2001-1532
http://www.securityfocus.com/archive/1/223799
BUGTRAQ:20011030 Web Forum Account Hijacking Vuln.
http://www.iss.net/security_center/static/7458.php
XF:webcrossing-webx-session-hijack(7458)
CVE-2001-1533
** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
2005-07-14
CVE-2001-1533
http://www.securityfocus.com/bid/3501
BID:3501
http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00018.html
BUGTRAQ:20011102 Microsoft ISA Server Fragmented Udp Flood Vulnerability
http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00031.html
BUGTRAQ:20051101 RE: Microsoft ISA Server Fragmented Udp Flood Vulnerability
http://www.iss.net/security_center/static/7446.php
XF:isa-udp-flood-dos(7446)
CVE-2001-1534
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
2005-07-14
CVE-2001-1534
http://www.securityfocus.com/bid/3521
BID:3521
http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
BUGTRAQ:20011113 Brute-Forcing Web Application Session IDs
http://www.iss.net/security_center/static/7494.php
XF:apache-modusertrack-predicticable-sessionid(7494)
CVE-2001-1535
Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack.
2005-07-14
CVE-2001-1535
http://www.securityfocus.com/bid/3519
BID:3519
http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
BUGTRAQ:20011113 Brute-Forcing Web Application Session IDs
http://www.iss.net/security_center/static/7493.php
XF:slashcode-sessionid-brute-force(7493)
CVE-2001-1536
Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.
2005-07-14
CVE-2001-1536
http://www.securityfocus.com/bid/3587
BID:3587
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-11/0225.html
BUGTRAQ:20011127 Audiogalaxy again
http://www.iss.net/security_center/static/7621.php
XF:audiogalaxy-plaintext-password(7621)
CVE-2001-1537
The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.
2005-07-14
2008-03-11
CVE-2001-1537
http://www.securityfocus.com/bid/3591
BID:3591
http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html
BUGTRAQ:20011128 TWIG default configurations may lead to insecure auth-cookie password storage
http://www.iss.net/security_center/static/7619.php
XF:twig-password-plaintext-cookie(7619)
CVE-2001-1538
SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access.
2005-07-14
CVE-2001-1538
http://www.securityfocus.com/bid/3617
BID:3617
http://archives.neohapsis.com/archives/bugtraq/2001-12/0032.html
BUGTRAQ:20011203 SpeedXess HASE-120 router default password
http://www.iss.net/security_center/static/7655.php
XF:speedxess-hase-default-password(7655)
CVE-2001-1539
Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function. NOTE: the vendor could not reproduce the problem.
2005-07-14
2010-01-08
CVE-2001-1539
http://archives.neohapsis.com/archives/bugtraq/2001-12/0008.html
BUGTRAQ:20011202 Stack overflow in all Internet Explorer Versions!!
http://archives.neohapsis.com/archives/bugtraq/2001-12/0034.html
BUGTRAQ:20011204 RE: Stack overflow in all Internet Explorer Versions!!
http://www.iss.net/security_center/static/7661.php
XF:ie-settimeout-dos(7661)
CVE-2001-1540
IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a denial of service via fragmented IP packets that split the TCP header.
2005-07-14
CVE-2001-1540
http://archives.neohapsis.com/archives/bugtraq/2001-12/0047.html
BUGTRAQ:20011205 IPRoute Fragmentation Denial of Service Vulnerability
http://www.iss.net/security_center/static/7664.php
XF:iproute-fragmented-packet-dos(7664)
CVE-2001-1541
Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument.
2005-07-14
CVE-2001-1541
http://www.securityfocus.com/bid/3603
BID:3603
http://www.securityfocus.com/archive/1/243096
BUGTRAQ:20011129 UUCP
http://www.iss.net/security_center/static/7633.php
XF:bsd-uucp-bo(7633)
CVE-2001-1542
NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments.
2005-07-14
CVE-2001-1542
http://www.securityfocus.com/bid/3601
BID:3601
http://archives.neohapsis.com/archives/bugtraq/2001-11/0294.html
BUGTRAQ:20011129 NAI Webshield SMTP for WinNT MIME header vuln that allows BadTrans to pass]
http://archives.neohapsis.com/archives/bugtraq/2001-11/0294.html
BUGTRAQ:20011130 Re: NAI Webshield SMTP for WinNT MIME header vuln that allows BadTrans to pass]
http://www.iss.net/security_center/static/7637.php
XF:webshield-smtp-mime-attachments(7637)
CVE-2001-1543
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.
2005-07-14
CVE-2001-1543
http://www.securityfocus.com/bid/3640
BID:3640
http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html
BUGTRAQ:20011205 Axis Network Camera known default password vulnerability
http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html
BUGTRAQ:20011206 Re: Axis Network Camera known default password vulnerability
http://www.iss.net/security_center/static/7665.php
XF:axis-default-admin-passwd(7665)
CVE-2001-1544
Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP GET request.
2005-07-14
CVE-2001-1544
http://www.securityfocus.com/bid/3666
BID:3666
http://www.macromedia.com/v1/handlers/index.cfm?ID=22290&Method=Full
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22290&Method=Full
http://www.iss.net/security_center/static/7678.php
XF:allaire-jrun-jws-directory-traversal(7678)
CVE-2001-1545
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
2005-07-14
CVE-2001-1545
http://www.securityfocus.com/bid/3665
BID:3665
http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full
CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full
http://www.iss.net/security_center/static/7679.php
XF:allaire-jrun-jsessionid-appended(7679)
CVE-2001-1546
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.
2005-07-14
CVE-2001-1546
http://www.securityfocus.com/bid/3653
BID:3653
http://www.securityfocus.com/archive/1/244367
BUGTRAQ:20011207 Weak Encryption Vulnerability in Pathways Homecare
http://www.iss.net/security_center/static/7682.php
XF:pathways-homecare-weak-encryption(7682)
CVE-2001-1547
Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.
2005-07-14
2021-06-15
CVE-2001-1547
http://www.securityfocus.com/archive/1/243869
BUGTRAQ:20011204 Microsoft's Outlook Express 6 "E-mail attachment security" Flawed
http://www.windows-help.net/microsoft/oe6-attach.html
MISC:http://www.windows-help.net/microsoft/oe6-attach.html
http://www.iss.net/security_center/static/7670.php
XF:oe-blocked-attachment-forward(7670)
CVE-2001-1548
ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
2005-07-14
CVE-2001-1548
http://www.securityfocus.com/bid/3647
BID:3647
http://archives.neohapsis.com/archives/bugtraq/2001-12/0056.html
BUGTRAQ:20011205 Flawed outbound packet filtering in various personal firewalls
http://archives.neohapsis.com/archives/bugtraq/2001-12/0065.html
BUGTRAQ:20011206 Re: Flawed outbound packet filtering in various personal firewalls
http://www.iss.net/security_center/static/7671.php
XF:zonealarm-tiny-bypass-filter(7671)
CVE-2001-1549
Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
2005-07-14
CVE-2001-1549
http://www.securityfocus.com/bid/3647
BID:3647
http://archives.neohapsis.com/archives/bugtraq/2001-12/0056.html
BUGTRAQ:20011205 Flawed outbound packet filtering in various personal firewalls
http://www.iss.net/security_center/static/7671.php
XF:zonealarm-tiny-bypass-filter(7671)
CVE-2001-1550
CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users.
2005-07-14
2017-07-10
CVE-2001-1550
http://www.securityfocus.com/bid/3704
BID:3704
http://archives.neohapsis.com/archives/ntbugtraq/2001-q4/0205.html
NTBUGTRAQ:20011226 Dangerous information in CentraOne log files - VENDOR RESPONSE
http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0072.html
VULNWATCH:20011217 Dangerous information in CentraOne Log files, possible user impersonation
https://exchange.xforce.ibmcloud.com/vulnerabilities/7820
XF:centraone-log-file-info(7820)
CVE-2001-1551
Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs.
2005-07-14
CVE-2001-1551
http://archives.neohapsis.com/archives/bugtraq/2001-10/0179.html
BUGTRAQ:20011022 Overriding qouta limits in Linux kernel
CVE-2001-1552
ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.
2005-07-14
2005-11-04
CVE-2001-1552
http://www.securityfocus.com/bid/3442
BID:3442
http://archives.neohapsis.com/archives/bugtraq/2001-10/0133.html
BUGTRAQ:20011017 Ssdpsrv.exe in WindowsME
http://www.iss.net/security_center/static/7318.php
XF:winme-ssdp-dos(7318)
CVE-2001-1553
Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, could allow local users to execute arbitrary code via long command line options (1) socks_server, (2) socks_user, and (3) socks_passwd. NOTE: since the default configuration of setiathome is not setuid, perhaps this issue should not be included in CVE.
2005-07-14
CVE-2001-1553
http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0662.html
VULN-DEV:20011202 Vulnerability in SETI@home
CVE-2001-1554
IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets.
2005-07-14
CVE-2001-1554
http://archives.neohapsis.com/archives/aix/2001-q4/0009.html
AIXAPAR:IY25096
CVE-2001-1555
pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.
2005-07-14
CVE-2001-1555
http://www.securityfocus.com/bid/3522
BID:3522
http://securitytracker.com/id?1002732
SECTRACK:1002732
http://securitytracker.com/id?1004035
SECTRACK:1004035
http://sunsolve.sun.com/search/document.do?assetkey=1-26-43929-1
SUNALERT:43929
CVE-2001-1556
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
2005-07-14
CVE-2001-1556
http://archives.neohapsis.com/archives/bugtraq/2001-10/0231.html
BUGTRAQ:20011024 Hidden requests to Apache
http://httpd.apache.org/docs/logs.html
CONFIRM:http://httpd.apache.org/docs/logs.html
http://www.iss.net/security_center/static/7363.php
XF:apache-hidden-http-request(7363)
CVE-2001-1557
Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges.
2005-07-14
CVE-2001-1557
http://www-1.ibm.com/support/search.wss?rs=0&q=IY20486&apar=only
AIXAPAR:IY20486
http://www-1.ibm.com/support/search.wss?rs=0&q=IY23674&apar=only
AIXAPAR:IY23674
CVE-2001-1558
Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 allows attackers to cause a denial of service (crash).
2005-07-14
CVE-2001-1558
http://archives.neohapsis.com/archives/snort/2001-11/0990.html
MLIST:[Snort-announce] 20011129 Snort 1.8.3 Released
CVE-2001-1559
The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.
2005-07-14
CVE-2001-1559
http://archives.neohapsis.com/archives/bugtraq/2001-12/0014.html
BUGTRAQ:20011202 OpenBSD local DoS
http://monkey.org/openbsd/archive/tech/0112/msg00015.html
MLIST:[OpenBSD] 20011202 Code that crashes kernel at will + proposed patch
http://www.iss.net/security_center/static/7690.php
XF:openbsd-retval-null-dos(7690)
CVE-2001-1560
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.
2005-07-14
CVE-2001-1560
http://www.securityfocus.com/bid/3481
BID:3481
http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/2001-10/0066.html
NTBUGTRAQ:20011027 A GDI bug.
http://www.iss.net/security_center/static/7409.php
XF:win-gid-dos(7409)
CVE-2001-1561
Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.
2005-07-14
CVE-2001-1561
http://www.securityfocus.com/bid/2955
BID:2955
http://www.securityfocus.com/bid/2964
BID:2964
http://archives.neohapsis.com/archives/bugtraq/2001-07/0024.html
BUGTRAQ:20010702 Xvt 2.1 vulnerability
http://www.debian.org/security/2001/dsa-082
DEBIAN:DSA-082
http://www.iss.net/security_center/static/6781.php
XF:xvt-command-line-bo(6781)
CVE-2001-1562
Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename.
2005-07-14
2016-10-17
CVE-2001-1562
http://www.securityfocus.com/bid/3456
BID:3456
http://www.debian.org/security/2001/dsa-085
DEBIAN:DSA-085
http://marc.info/?l=bugtraq&m=100526142205694&w=2
SUSE:SuSE-SA:2001:040
http://www.iss.net/security_center/static/7317.php
XF:nvi-format-string(7317)
CVE-2001-1563
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.
2005-07-14
2017-07-10
CVE-2001-1563
http://archives.neohapsis.com/archives/hp/2001-q4/0062.html
HP:HPSBTL0112-004
https://exchange.xforce.ibmcloud.com/vulnerabilities/42892
XF:tomcat-unspecified-unauthorized-access(42892)
CVE-2001-1564
setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space.
2005-07-14
2017-10-11
CVE-2001-1564
http://www.securityfocus.com/bid/3416
BID:3416
http://archives.neohapsis.com/archives/hp/2001-q3/0000.html
HP:HPSBUX0107-156
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5159
OVAL:oval:org.mitre.oval:def:5159
http://www.iss.net/security_center/static/6810.php
XF:hpux-setrlimit-dos(6810)
CVE-2001-1565
Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.
2005-07-14
CVE-2001-1565
http://www.securityfocus.com/bid/3753
BID:3753
http://www.macsecurity.org/pipermail/macsec/2001-December/000299.html
MLIST:[Macsec] 20011229 MacOSX ppp
http://www.iss.net/security_center/static/7750.php
XF:macos-ppp-auth-disclosure(7750)
CVE-2001-1566
Format string vulnerability in libvanessa_logger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the __vanessa_logger_log function.
2005-07-14
CVE-2001-1566
http://www.securityfocus.com/bid/3740
BID:3740
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0260.html
BUGTRAQ:20011225 Remote Root Hole in FreeBSD Ports
http://www.vergenet.net/linux/perdition/string_format.html
CONFIRM:http://www.vergenet.net/linux/perdition/string_format.html
http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0082.html
VULNWATCH:20011225 GOBBLES #17: perdition/vanessa_logger format string vuln
CVE-2001-1567
Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.
2005-07-14
2016-10-17
CVE-2001-1567
http://www.securityfocus.com/bid/4022
BID:4022
http://marc.info/?l=bugtraq&m=101284222932568&w=2
BUGTRAQ:20020203 Lotus Domino password bypass
http://marc.info/?l=bugtraq&m=101286525008089&w=2
BUGTRAQ:20020204 Lotus Domino password bypass
http://marc.info/?l=bugtraq&m=101285903120879&w=2
BUGTRAQ:20020204 Re: Lotus Domino password bypass
http://www.nextgenss.com/papers/hpldws.pdf
MISC:http://www.nextgenss.com/papers/hpldws.pdf
http://www.iss.net/security_center/static/8072.php
XF:lotus-domino-auth-bypass(8072)
CVE-2001-1568
CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.
2005-07-14
CVE-2001-1568
http://archives.neohapsis.com/archives/bugtraq/2001-07/0127.html
BUGTRAQ:20010709 Many WAP gateways do not properly check SSL certificates
http://www.iss.net/security_center/static/6814.php
XF:wap-gateway-ssl-certificates(6814)
CVE-2001-1569
Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.
2005-07-14
CVE-2001-1569
http://www.securityfocus.com/archive/1/195619
BUGTRAQ:20010709 Many WAP gateways do not properly check SSL certificates
http://www.iss.net/security_center/static/6814.php
XF:wap-gateway-ssl-certificates(6814)
CVE-2001-1570
Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out.
2005-07-14
CVE-2001-1570
http://www.securityfocus.com/bid/3717
BID:3717
http://archives.neohapsis.com/archives/bugtraq/2001-12/0213.html
BUGTRAQ:20011220 Windows XP security concerns
http://www.iss.net/security_center/static/7731.php
XF:winxp-fastswitch-account-lockout(7731)
CVE-2001-1571
The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.
2005-07-14
CVE-2001-1571
http://www.securityfocus.com/bid/3720
BID:3720
http://archives.neohapsis.com/archives/bugtraq/2001-12/0213.html
BUGTRAQ:20011220 Windows XP security concerns
http://www.iss.net/security_center/static/7732.php
XF:winxp-remote-desktop-username(7732)
CVE-2001-1572
The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.
2005-07-14
CVE-2001-1572
http://www.securityfocus.com/bid/3418
BID:3418
http://archives.neohapsis.com/archives/bugtraq/2001-10/0057.html
BUGTRAQ:20011008 Bug in Linux 2.4 / iptables MAC match module
http://www.iss.net/security_center/static/7267.php
XF:linux-netfilter-bypass-filter(7267)
CVE-2001-1573
Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter.
2005-08-05
CVE-2001-1573
http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00407.html
BUGTRAQ:20010628 [SNS Advisory No.34] TrendMicro InterScan VirusWall 3.51 smtpscan.dll Buffer Overflow
CVE-2001-1574
Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code.
2005-08-05
CVE-2001-1574
http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00408.html
BUGTRAQ:20010628 [SNS Advisory No.35] TrendMicro InterScan VirusWall 3.51 HttpSaveC*P.dll Buffer Overflow
CVE-2001-1575
Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow.
2005-08-05
2017-07-10
CVE-2001-1575
http://www.securityfocus.com/bid/2945
BID:2945
http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00409.html
BUGTRAQ:20010628 MacOS Personal Wed Sharing DoS
https://exchange.xforce.ibmcloud.com/vulnerabilities/6759
XF:macos-personal-web-sharing-dos(6759)
CVE-2001-1576
Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument.
2005-08-05
CVE-2001-1576
http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00404.html
CALDERA:CSSA-2001-SCO.3
CVE-2001-1577
Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 allows an xterm session to gain privileges when the session is reused.
2005-08-05
2017-07-10
CVE-2001-1577
http://www.securityfocus.com/bid/3646
BID:3646
http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0017.html
CALDERA:CSSA-2001-SCO.37
https://exchange.xforce.ibmcloud.com/vulnerabilities/7666
XF:cde-xterm-gain-privileges(7666)
CVE-2001-1578
Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local users to modify critical information such as certain CPU registers and segment descriptors.
2005-08-05
CVE-2001-1578
http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0014.html
CALDERA:CSSA-2001-SCO.35
CVE-2001-1579
The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service.
2005-08-05
CVE-2001-1579
http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0020.html
CALDERA:CSSA-2001-SCO.39
CVE-2001-1580
Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string.
2005-08-05
2017-12-18
CVE-2001-1580
http://www.securityfocus.com/bid/3715
BID:3715
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0204.html
BUGTRAQ:20011219 IRM Security Advisory 002: Netware Web Server Source Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0218.html
BUGTRAQ:20011220 Re: IRM Security Advisory 002: Netware Web Server Source Disclosure
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2001-12/0221.html
BUGTRAQ:20011220 Re: IRM Security Advisory 002: Netware Web Server Source Disclosure
https://exchange.xforce.ibmcloud.com/vulnerabilities/7726
XF:netware-webserver-directory-traversal(7726)
CVE-2001-1581
The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows remote attackers to bypass e-mail attachment filtering policies via a modified name in a Content-Type header.
2007-05-30
2017-07-28
CVE-2001-1581
http://www.mimesweeper.com/support/technotes/notes/1102.asp
MISC:http://www.mimesweeper.com/support/technotes/notes/1102.asp
https://exchange.xforce.ibmcloud.com/vulnerabilities/6801
XF:mailsweeper-bypass-file-blocker(6801)
CVE-2001-1582
Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap.
2007-09-23
CVE-2001-1582
http://www.securityfocus.com/bid/2931
BID:2931
http://seclists.org/bugtraq/2001/Jun/0365.html
BUGTRAQ:20010626 Solaris 8 libsldap buffer overflow
http://seclists.org/bugtraq/2001/Jul/0077.html
BUGTRAQ:20010705 Solaris 8 libsldap exploit
http://seclists.org/bugtraq/2001/Jul/0091.html
BUGTRAQ:20010706 Re: Solaris 8 libsldap exploit
http://www.securiteam.com/unixfocus/5IP0O2A4KS.html
MISC:http://www.securiteam.com/unixfocus/5IP0O2A4KS.html
CVE-2001-1583
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.
2007-09-23
2017-07-28
CVE-2001-1583
http://www.securityfocus.com/bid/3274
BID:3274
http://marc.info/?l=bugtraq&m=99929694701826&w=2
BUGTRAQ:20010831 Solaris LPD Exploit (fwd)
http://metasploit.com/projects/Framework/modules/exploits/solaris_lpd_exec.pm
MISC:http://metasploit.com/projects/Framework/modules/exploits/solaris_lpd_exec.pm
http://www.osvdb.org/15131
OSVDB:15131
http://www.derkeiler.com/Mailing-Lists/securityfocus/incidents/2001-08/0490.html
SF-INCIDENTS:20010829 solaris lpd, KARMAPOLICE?
https://exchange.xforce.ibmcloud.com/vulnerabilities/7087
XF:solaris-lpd-sendmail-commands(7087)
CVE-2001-1584
CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field.
2007-10-06
2017-07-28
CVE-2001-1584
http://www.securityfocus.com/bid/3360
BID:3360
http://www.securiteam.com/unixfocus/5MP0M2K5FC.html
MISC:http://www.securiteam.com/unixfocus/5MP0M2K5FC.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7178
XF:cardboard-recipient-command-execution(7178)
CVE-2001-1585
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.
2007-10-06
2017-07-28
CVE-2001-1585
http://online.securityfocus.com/bid/2356
BID:2356
http://archives.neohapsis.com/archives/bugtraq/2001-02/0159.html
BUGTRAQ:20010208 Authentication By-Pass Vulnerability in OpenSSH-2.3.1 (devel snapshot)
http://www.openbsd.org/advisories/ssh_bypass.txt
CONFIRM:http://www.openbsd.org/advisories/ssh_bypass.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/6084
XF:openssh-bypass-authentication(6084)
CVE-2001-1586
Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ ("%2E%2E%2F%") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664.
2010-02-12
2017-08-16
CVE-2001-1586
http://www.securityfocus.com/bid/3112
BID:3112
http://seclists.org/bugtraq/2001/Jul/660
BUGTRAQ:20010727 SimpleServer:WWW Command Execution Vulnerability Exploit Code Released
http://www.analogx.com/contents/download/network/sswww.htm
CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm
http://www.securiteam.com/windowsntfocus/5TP0B1P4UK.html
MISC:http://www.securiteam.com/windowsntfocus/5TP0B1P4UK.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/56631
XF:simpleserverwww-cgibin-directory-traversal(56631)
CVE-2001-1587
NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command.
2010-04-05
CVE-2001-1587
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CONFIRM:http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
CVE-2001-1588
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
2020-11-05
2020-11-05
CVE-2001-1588
CVE-2001-1589
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
2020-11-05
2020-11-05
CVE-2001-1589
CVE-2001-1590
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
2020-11-05
2020-11-05
CVE-2001-1590
CVE-2001-1591
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
2020-11-05
2020-11-05
CVE-2001-1591
CVE-2001-1592
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
2020-11-05
2020-11-05
CVE-2001-1592
CVE-2001-1593
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file.
2014-04-05
2014-04-25
CVE-2001-1593
http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
CONFIRM:http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385
CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385
https://bugzilla.redhat.com/show_bug.cgi?id=1060630
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1060630
http://www.debian.org/security/2014/dsa-2892
DEBIAN:DSA-2892
http://seclists.org/oss-sec/2014/q1/253
MLIST:[oss-security] 20140204 Re: CVE request: a2ps insecure temporary file use
http://seclists.org/oss-sec/2014/q1/237
MLIST:[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use
http://seclists.org/oss-sec/2014/q1/257
MLIST:[oss-security] 20140205 Re: CVE request: a2ps insecure temporary file use
CVE-2001-1594
GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, and possibly other accounts, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
2015-08-04
2018-03-27
CVE-2001-1594
http://apps.gehealthcare.com/servlet/ClientServlet/2263784.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=2263784-100&FILENAME=2263784.pdf&FILEREV=5&DOCREV_ORG=5&SUBMIT=+ACCEPT+
CONFIRM:http://apps.gehealthcare.com/servlet/ClientServlet/2263784.pdf?DOCCLASS=A&REQ=RAC&DIRECTION=2263784-100&FILENAME=2263784.pdf&FILEREV=5&DOCREV_ORG=5&SUBMIT=+ACCEPT+
http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
MISC:http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/
https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
MISC:https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
https://twitter.com/digitalbond/status/619250429751222277
MISC:https://twitter.com/digitalbond/status/619250429751222277