CVE List - 2001 / September
Showing 401 - 487 of 487 CVEs for September 2001 (Page 5 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2000-0897 | 2001-09-18 | Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html... |
| CVE-2000-0945 | 2001-09-18 | The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the... |
| CVE-2000-1047 | 2001-09-18 | Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword... |
| CVE-2001-0004 | 2001-09-18 | IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be... |
| CVE-2001-0020 | 2001-09-18 | Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack. |
| CVE-2001-0077 | 2001-09-18 | The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations. |
| CVE-2001-0078 | 2001-09-18 | in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS. |
| CVE-2001-0095 | 2001-09-18 | catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file. |
| CVE-2001-0108 | 2001-09-18 | PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access... |
| CVE-2001-0121 | 2001-09-18 | ImageCast Control Center 4.1.0 allows remote attackers to cause a denial of service (resource exhaustion or system crash) via a long string to port 12002. |
| CVE-2001-0136 | 2001-09-18 | Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly... |
| CVE-2001-0155 | 2001-09-18 | Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers. |
| CVE-2001-0164 | 2001-09-18 | Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field. |
| CVE-2001-0174 | 2001-09-18 | Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a large "To" address. |
| CVE-2001-0175 | 2001-09-18 | The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs. |
| CVE-2001-0176 | 2001-09-18 | The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges. |
| CVE-2001-0182 | 2001-09-18 | FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the... |
| CVE-2001-0189 | 2001-09-18 | Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request. |
| CVE-2001-0203 | 2001-09-18 | Watchguard Firebox II firewall allows users with read-only access to gain read-write access, and administrative privileges, by accessing a file that contains hashed passphrases, and using the hashes during authentication. |
| CVE-2001-0207 | 2001-09-18 | Buffer overflow in bing allows remote attackers to execute arbitrary commands via a long hostname, which is copied to a small buffer after a reverse DNS lookup using the gethostbyaddr... |
| CVE-2001-0215 | 2001-09-18 | ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte. |
| CVE-2001-0235 | 2001-09-18 | Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running. |
| CVE-2001-0237 | 2001-09-18 | Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data. |
| CVE-2001-0238 | 2001-09-18 | Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. |
| CVE-2001-0239 | 2001-09-18 | Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. |
| CVE-2001-0240 | 2001-09-18 | Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded... |
| CVE-2001-0241 | 2001-09-18 | Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS... |
| CVE-2001-0243 | 2001-09-18 | Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML... |
| CVE-2001-0244 | 2001-09-18 | Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter. |
| CVE-2001-0245 | 2001-09-18 | Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new... |
| CVE-2001-0330 | 2001-09-18 | Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web... |
| CVE-2001-0331 | 2001-09-18 | Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands. |
| CVE-2001-0333 | 2001-09-18 | Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice." |
| CVE-2001-0334 | 2001-09-18 | FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. |
| CVE-2001-0335 | 2001-09-18 | FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. |
| CVE-2001-0336 | 2001-09-18 | The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. |
| CVE-2001-0338 | 2001-09-18 | Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka... |
| CVE-2001-0339 | 2001-09-18 | Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be... |
| CVE-2001-0340 | 2001-09-18 | An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a... |
| CVE-2001-0341 | 2001-09-18 | Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. |
| CVE-2001-0344 | 2001-09-18 | An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa... |
| CVE-2001-0345 | 2001-09-18 | Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. |
| CVE-2001-0346 | 2001-09-18 | Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. |
| CVE-2001-0347 | 2001-09-18 | Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying... |
| CVE-2001-0348 | 2001-09-18 | Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. |
| CVE-2001-0351 | 2001-09-18 | Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. |
| CVE-2001-0353 | 2001-09-18 | Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine. |
| CVE-2001-0361 | 2001-09-18 | Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt... |
| CVE-2001-0368 | 2001-09-18 | Directory traversal vulnerability in BearShare 2.2.2 and earlier allows a remote attacker to read certain files via a URL containing a series of . characters, a variation of the ..... |
| CVE-2001-0377 | 2001-09-18 | Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string. |
| CVE-2001-0378 | 2001-09-18 | readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files. |
| CVE-2001-0379 | 2001-09-18 | Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights. |
| CVE-2001-0383 | 2001-09-18 | banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication. |
| CVE-2001-0387 | 2001-09-18 | Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument. |
| CVE-2001-0388 | 2001-09-18 | time server daemon timed allows remote attackers to cause a denial of service via malformed packets. |
| CVE-2001-0402 | 2001-09-18 | IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after... |
| CVE-2001-0405 | 2001-09-18 | ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and... |
| CVE-2001-0408 | 2001-09-18 | vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM... |
| CVE-2001-0409 | 2001-09-18 | vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the... |
| CVE-2001-0412 | 2001-09-18 | Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. |
| CVE-2001-0413 | 2001-09-18 | BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang. |
| CVE-2001-0414 | 2001-09-18 | Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long... |
| CVE-2001-0427 | 2001-09-18 | Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2)... |
| CVE-2001-0428 | 2001-09-18 | Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option. |
| CVE-2001-0429 | 2001-09-18 | Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of... |
| CVE-2001-0430 | 2001-09-18 | Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files. |
| CVE-2001-0434 | 2001-09-18 | The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of... |
| CVE-2001-0439 | 2001-09-18 | licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. |
| CVE-2001-0440 | 2001-09-18 | Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. |
| CVE-2001-0455 | 2001-09-18 | Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. |
| CVE-2001-0456 | 2001-09-18 | postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run... |
| CVE-2001-0457 | 2001-09-18 | man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion). |
| CVE-2001-0462 | 2001-09-18 | Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
| CVE-2001-0465 | 2001-09-18 | TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information. |
| CVE-2001-0467 | 2001-09-18 | Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request. |
| CVE-2001-0469 | 2001-09-18 | rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length. |
| CVE-2001-0473 | 2001-09-18 | Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands. |
| CVE-2001-0474 | 2001-09-18 | Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file. |
| CVE-2001-0475 | 2001-09-18 | index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters... |
| CVE-2001-0481 | 2001-09-18 | Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling. |
| CVE-2001-0482 | 2001-09-18 | Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such... |
| CVE-2001-0486 | 2001-09-18 | Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353. |
| CVE-2001-0488 | 2001-09-18 | pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service. |
| CVE-2001-0489 | 2001-09-18 | Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands. |
| CVE-2001-0494 | 2001-09-18 | Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. |
| CVE-2001-0495 | 2001-09-18 | Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. (dot dot) attack. |
| CVE-2001-0505 | 2001-10-12 | Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the... |
| CVE-2001-0535 | 2001-10-12 | Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files... |
| CVE-2001-0669 | 2001-10-12 | Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS... |
| CVE-2001-0712 | 2001-10-12 | The rendering engine in Internet Explorer determines the MIME type independently of the type that is specified by the server, which allows remote servers to automatically execute script which is... |
| CVE-2001-0713 | 2001-10-12 | Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in... |
| CVE-2001-0714 | 2001-10-12 | Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to cause a denial of service (data loss) by (1) setting a high initial message hop count option (-h),... |
| CVE-2001-0715 | 2001-10-12 | Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode. |
| CVE-2001-0729 | 2001-10-12 | Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters. |
| CVE-2001-0734 | 2001-10-12 | Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local user to gain privileges via modified Status Register contents, which are not properly handled by (1) the sigreturn system... |
| CVE-2001-0735 | 2001-10-12 | Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file. |
| CVE-2001-0736 | 2001-10-12 | Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. |
| CVE-2001-0737 | 2001-10-12 | A long 'synch' delay in Logitech wireless mice and keyboard receivers allows a remote attacker to hijack connections via a man-in-the-middle attack. |
| CVE-2001-0742 | 2001-10-12 | Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows remote attackers to run arbitrary code via a long HELO command. |
| CVE-2001-0743 | 2001-10-12 | Paging function in O'Reilly WebBoard Pager 4.10 allows remote attackers to cause a denial of service via a message with an escaped ' character followed by JavaScript commands. |