Unknown · CVSS Not scored
/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local user to gain administrative privileges on the server.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Management information base (MIB) for a 3Com SuperStack II hub running software version 2.10 contains an object identifier (.1.3.6.1.4.1.43.10.4.2) that is accessible by a read-only community string, but lists the entire table of community strings, which could allow attackers to conduct unauthorized activities.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Operating systems with shared memory implementations based on BSD 4.4 code allow a user to conduct a denial of service and bypass memory limits (e.g., as specified with rlimits) using mmap or shmget to allocate memory and cause page faults.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long USER command.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to cause a denial of service (crash) and possibly execute arbitrary commands via a long URL.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
A buffer overflow exists in the HELO command in Trend Micro Interscan VirusWall SMTP gateway 3.23/3.3 for NT, which may allow an attacker to execute arbitrary code.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle 200 ARP requests per second allowing a denial of service attack to succeed with a flood of ARP requests exceeding that limit.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows an attacker to crash the mail server and possibly execute arbitrary code by offering more than 128 bytes in a MAIL FROM string.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
shell-lock in Cactus Software Shell Lock allows local users to read or modify decoded shell files before they are executed, via a symlink attack on a temporary file.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
(1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in registry keys, which allows local attackers to read passwords for e-mail accounts.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
Published Sep 1, 2004 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows local and sometimes remote attackers to cause a denial of service via a long NLST (ls) command.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause a denial of service (hang) via a long password argument to the login.htm file in its HTTP service.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
A non-default configuration in TenFour TFS Gateway 4.0 allows an attacker to cause a denial of service via messages with incorrect sender and recipient addresses, which causes the gateway to continuously try to return the message every 10 seconds.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
PowerPoint 95 and 97 allows remote attackers to cause an application to be run automatically without prompting the user, possibly through the slide show, when the document is opened in browsers such as Internet Explorer.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Auto-update feature of Macromedia Shockwave 7 transmits a user's password and hard disk information back to Macromedia.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to cause a denial of service (crash) via (1) LIST, (2) TOP, or (3) UIDL commands using letters as arguments.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Seapine Software TestTrack server allows a remote attacker to cause a denial of service (high CPU) via (1) TestTrackWeb.exe and (2) ttcgi.exe by connecting to port 99 and disconnecting without sending any data.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and earlier, possibly related to recursive parsing and referer tags in RXML.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in passwd in BSD based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or GECOS field.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
gFTP FTP client 1.13, and other versions before 2.0.0, records a password in plaintext in (1) the log window, or (2) in a log file.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.
Published Sep 1, 2004 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b and 1.09c allows remote attackers to read portions of arbitrary files.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not automatically log a user out of the NDS tree when the user logs off the system, which allows other users of the same system access to the unprotected NDS session.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a remote attacker to gain administrator access by directly calling undocumented URLs such as ncl_items.html and ncl_subjects.html.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast switching (DFS) enabled allows remote attackers to bypass certain access control lists when the router switches traffic from a DFS-enabled interface to an interface that does not have DFS enabled, as described by Cisco bug CSCdk35564.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
shell-lock in Cactus Software Shell Lock uses weak encryption (trivial encoding) which allows attackers to easily decrypt and obtain the source code.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary commands via a long initial connect packet.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to a buffer overflow attack in the MAIL FROM command that may allow a remote attacker to execute arbitrary code on the server.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control (setupbbs.ocx) allows a remote attacker to execute arbitrary commands via the methods (1) vAddNewsServer or (2) bIsNewsServerConfigured.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Stalker Internet Mail Server 1.6 allows a remote attacker to cause a denial of service (crash) via a long HELO command.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
.sbstart startup script in AcuShop Salesbuilder is world writable, which allows local users to gain privileges by appending commands to the file.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote attacker to exploit a password recovery feature from the network and conduct brute force password guessing, instead of limiting the feature to the serial console port.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia backup product allows local users to obtain root access via a long HOME environmental variable.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions 4.2d and 4.3 and QVT/Net 4.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long (1) user name or (2) password.
Published Sep 12, 2001 · Updated Aug 1, 2024
Unknown · CVSS Not scored
Eastman Work Management 3.21 stores passwords in cleartext in the COMMON and LOCATOR registry keys, which could allow local users to gain privileges.
Published Sep 12, 2001 · Updated Aug 1, 2024