LiveActive security incident?Get immediate response
CVE archive

2001 CVE Archive

Browse CVE records published in 2001 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 1537 matching CVEs · Page 2 of 31.

Unknown · CVSS Not scored

CVE-2001-1518: RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to...

RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability.

Published Jul 14, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2001-1517: RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow...

RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information

Published Jul 14, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2001-1524: Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject ar...

Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.

Published Jul 14, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-1567: Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Not...

Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.

Published Jul 14, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2001-1497: Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric a...

Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.

Published Jun 21, 2005 · Updated Aug 8, 2024