Unknown · CVSS Not scored
Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.
Published Jun 15, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
Published Jun 25, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf.
Published Jun 25, 2002 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in UnixWare xauto program allows local users to gain root privilege.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
FreeBSD mmap function allows users to modify append-only or immutable files.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
AIX infod allows local users to gain root access through an X display.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon.
Published Jun 2, 2000 · Updated Aug 1, 2024
Unknown · CVSS Not scored
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.
Published Jun 2, 2000 · Updated Aug 1, 2024