LiveActive security incident?Get immediate response
CVE archive

March 2001

Browse CVE records published in March 2001, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 373 matching CVEs · Page 2 of 8.

Unknown · CVSS Not scored

CVE-2001-1211: Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user ali...

Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.

Published Mar 15, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-1184: wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of se...

wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number, which causes a connection attempt to that port and all ports below 1024, and (2) in 2.21.00, a port number of 1024.

Published Mar 15, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-1159: load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize ce...

load_prefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to (1) view sensitive files via the config_php and data_dir options, and (2) execute arbitrary code by using options_order.php to upload a message that could be interpreted as PHP.

Published Mar 15, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-1152: Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypa...

Baltimore Technologies WEBsweeper 4.02, when used to manage URL blacklists, allows remote attackers to bypass blacklist restrictions and connect to unauthorized web servers by modifying the requested URL, including (1) a // (double slash), (2) a /SUBDIR/.. where the desired file is in the parentdir, (3) a /./, or (4) URL-encoded characters.

Published Mar 15, 2002 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-1129: Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6)...

Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by the PROMSGS environment variable.

Published Mar 15, 2002 · Updated Aug 8, 2024