Unknown · CVSS Not scored
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or fsdb to read /dev/mem and raw disk devices to identify ManTrap processes or modify arbitrary data files.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem."
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension.
Published Jan 22, 2001 · Updated Aug 8, 2024