CVE List - 2001 / February
Showing 1 - 61 of 61 CVEs for February 2001 (Page 1 of 1)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2000-0893 | 2001-02-02 | The presence of the Distributed GL Daemon (dgld) service on port 5232 on SGI IRIX systems allows remote attackers to identify the target host as an SGI system. |
| CVE-2000-1090 | 2001-02-02 | Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte... |
| CVE-2001-0019 | 2001-02-02 | Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive,"... |
| CVE-2001-0022 | 2001-02-02 | simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter. |
| CVE-2001-0023 | 2001-02-02 | everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. |
| CVE-2001-0024 | 2001-02-02 | simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter. |
| CVE-2001-0025 | 2001-02-02 | ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter. |
| CVE-2001-0027 | 2001-02-02 | mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users. |
| CVE-2001-0029 | 2001-02-02 | Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other versions) allows remote attackers to execute arbitrary commands via a long host or domain name that is obtained from... |
| CVE-2001-0030 | 2001-02-02 | FoolProof 3.9 allows local users to bypass program execution restrictions by downloading the restricted executables from another source and renaming them. |
| CVE-2001-0031 | 2001-02-02 | BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist. |
| CVE-2001-0032 | 2001-02-02 | Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL. |
| CVE-2001-0037 | 2001-02-02 | Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers. |
| CVE-2001-0038 | 2001-02-02 | Offline Explorer 1.4 before Service Release 2 allows remote attackers to read arbitrary files by specifying the drive letter (e.g. C:) in the requested URL. |
| CVE-2001-0044 | 2001-02-02 | Multiple buffer overflows in Lexmark MarkVision printer driver programs allows local users to gain privileges via long arguments to the cat_network, cat_paraller, and cat_serial commands. |
| CVE-2001-0045 | 2001-02-02 | The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka... |
| CVE-2001-0046 | 2001-02-02 | The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or... |
| CVE-2001-0047 | 2001-02-02 | The default permissions for the MTS Package Administration registry key in Windows NT 4.0 allows local users to install or modify arbitrary Microsoft Transaction Server (MTS) packages and gain privileges,... |
| CVE-2001-0048 | 2001-02-02 | The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to... |
| CVE-2001-0049 | 2001-02-02 | WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to cause a denial of service via a large number of GET requests. |
| CVE-2001-0051 | 2001-02-02 | IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database. |
| CVE-2001-0052 | 2001-02-02 | IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query. |
| CVE-2001-0064 | 2001-02-02 | Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string. |
| CVE-2001-0065 | 2001-02-02 | Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command. |
| CVE-2001-0067 | 2001-02-02 | The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely... |
| CVE-2001-0068 | 2001-02-02 | Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter. |
| CVE-2001-0070 | 2001-02-02 | Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long MAIL FROM command. |
| CVE-2001-0073 | 2001-02-02 | Buffer overflow in the find_default_type function in libsecure in NSA Security-enhanced Linux, which may allow attackers to modify critical data in memory. |
| CVE-2001-0074 | 2001-02-02 | Directory traversal vulnerability in print.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the board parameter. |
| CVE-2001-0075 | 2001-02-02 | Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter. |
| CVE-2001-0076 | 2001-02-02 | register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed. |
| CVE-2001-0079 | 2001-02-02 | Support Tools Manager (STM) A.22.00 for HP-UX allows local users to overwrite arbitrary files via a symlink attack on the tool_stat.txt log file. |
| CVE-2001-0082 | 2001-02-02 | Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows remote attackers to bypass access restrictions via malformed, fragmented packets. |
| CVE-2001-0084 | 2001-02-02 | GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program. |
| CVE-2001-0086 | 2001-02-02 | CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote attackers to delete arbitrary mailing list users without authentication by directly calling subscribe.pl with the target address as a... |
| CVE-2001-0087 | 2001-02-02 | itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that... |
| CVE-2001-0088 | 2001-02-02 | common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain... |
| CVE-2001-0093 | 2001-02-02 | Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd. |
| CVE-2001-0097 | 2001-02-02 | The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request. |
| CVE-2001-0098 | 2001-02-02 | Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. |
| CVE-2001-0101 | 2001-02-02 | Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command. |
| CVE-2001-0102 | 2001-02-02 | "Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and... |
| CVE-2001-0103 | 2001-02-02 | CoffeeCup Direct and Free FTP clients uses weak encryption to store passwords in the FTPServers.ini file, which could allow attackers to easily decrypt the passwords. |
| CVE-2001-0104 | 2001-02-02 | MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key. |
| CVE-1999-0359 | 2001-02-14 | ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords. |
| CVE-1999-0757 | 2001-02-14 | The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates. |
| CVE-1999-0784 | 2001-02-14 | Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP. |
| CVE-1999-0805 | 2001-02-14 | Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests. |
| CVE-1999-0923 | 2001-02-14 | Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls. |
| CVE-2000-0312 | 2001-02-14 | cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function. |
| CVE-2001-0107 | 2001-02-14 | Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang. |
| CVE-2001-0112 | 2001-02-14 | Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands. |
| CVE-2001-0113 | 2001-02-14 | statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script. |
| CVE-2001-0114 | 2001-02-14 | statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter. |
| CVE-2001-0127 | 2001-02-14 | Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag. |
| CVE-2001-0131 | 2001-02-14 | htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. |
| CVE-2001-0132 | 2001-02-14 | Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack. |
| CVE-2001-0133 | 2001-02-14 | The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via... |
| CVE-2001-0134 | 2001-02-14 | Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long... |
| CVE-2001-0135 | 2001-02-14 | The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and... |
| CVE-2001-0146 | 2001-03-09 | IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. |
| CVE-2001-0167 | 2001-03-09 | Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string. |
| CVE-2001-0168 | 2001-03-09 | Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key... |
| CVE-2001-0171 | 2001-03-09 | Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long GET request. |
| CVE-2001-0172 | 2001-03-09 | Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to cause a denial of service and possibly execute arbitrary commands by via a long directory name. |
| CVE-2001-0173 | 2001-03-09 | Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header. |
| CVE-2001-0177 | 2001-03-09 | WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a denial of service via a buddy relationship between the IRC server and a server clone. |
| CVE-2001-0180 | 2001-03-09 | Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter. |
| CVE-2001-0181 | 2001-03-09 | Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands. |
| CVE-2001-0184 | 2001-03-09 | eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet. |
| CVE-2001-0186 | 2001-03-09 | Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2001-0188 | 2001-03-09 | GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to cause a denial of service via a flood of connections to the server, which causes it to crash. |
| CVE-2001-0192 | 2001-03-09 | Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions. |
| CVE-2001-0198 | 2001-03-09 | Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag. |
| CVE-2001-0199 | 2001-03-09 | Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request. |
| CVE-2001-0200 | 2001-03-09 | HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing... |
| CVE-2001-0201 | 2001-03-09 | The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program. |
| CVE-2001-0202 | 2001-03-09 | Picserver web server allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTP GET request. |
| CVE-2001-0205 | 2001-03-09 | Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "..." into the requested pathname, a modified .. (dot dot) attack. |
| CVE-2001-0206 | 2001-03-09 | Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or ... into the requested pathname of an HTTP... |
| CVE-2001-0208 | 2001-03-09 | MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the mfaslmf directory and the nolicense file with insecure permissions, which allows local users to gain privileges by modifying files. |
| CVE-2001-0209 | 2001-03-09 | Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) 1.7.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long description. |
| CVE-2001-0210 | 2001-03-09 | Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter. |
| CVE-2001-0211 | 2001-03-09 | Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter. |
| CVE-2001-0212 | 2001-03-09 | Directory traversal vulnerability in HIS Auktion 1.62 allows remote attackers to read arbitrary files via a .. (dot dot) in the menue parameter, and possibly execute commands via shell metacharacters. |
| CVE-2001-0213 | 2001-03-09 | Buffer overflow in pi program in PlanetIntra 2.5 allows remote attackers to execute arbitrary commands. |
| CVE-2001-0214 | 2001-03-09 | Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte. |
| CVE-2001-0216 | 2001-03-09 | PALS Library System pals-cgi program allows remote attackers to execute arbitrary commands via shell metacharacters in the documentName parameter. |
| CVE-2001-0217 | 2001-03-09 | Directory traversal vulnerability in PALS Library System pals-cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the documentName parameter. |
| CVE-2001-0220 | 2001-03-09 | Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local users to gain root privileges. |
| CVE-2001-0223 | 2001-03-09 | Buffer overflow in wwwwais allows remote attackers to execute arbitrary commands via a long QUERY_STRING (HTTP GET request). |
| CVE-2001-0224 | 2001-03-09 | Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter. |
| CVE-2001-0225 | 2001-03-09 | fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. |
| CVE-2001-0226 | 2001-03-09 | Directory traversal vulnerability in BiblioWeb web server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) or ... attack in an HTTP GET request. |
| CVE-2001-0227 | 2001-03-09 | Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. |
| CVE-2001-0228 | 2001-03-09 | Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request. |
| CVE-2001-0229 | 2001-03-09 | Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts. |
| CVE-2001-0231 | 2001-03-09 | Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via a .. in the "t" parameter. |
| CVE-2001-0232 | 2001-03-09 | newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via shell metacharacters. |
| CVE-2001-0145 | 2001-04-04 | Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook Express 5.x, allows an attacker to execute arbitrary commands via a malformed vCard birthday field. |