Unknown · CVSS Not scored
Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.
Published Feb 2, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Two Sun security certificates have been compromised, which could allow attackers to insert malicious code such as applets and make it appear that it is signed by Sun.
Published Feb 2, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The presence of the Distributed GL Daemon (dgld) service on port 5232 on SGI IRIX systems allows remote attackers to identify the target host as an SGI system.
Published Feb 2, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
Published Feb 14, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
Published Feb 23, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
Published Feb 4, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
wwwthreads does not properly cleanse numeric data or table names that are passed to SQL queries, which allows remote attackers to gain privileges for wwwthreads forums.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
Published Feb 4, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands.
Published Feb 16, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
A system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K), (4) stacheldraht, (5) mstream, or (6) shaft.
Published Feb 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The CartIt shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.
Published Feb 16, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack.
Published Feb 23, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in qpopper 3.0 beta versions allows local users to gain privileges via a long LIST command.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon.
Published Feb 23, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.
Published Feb 23, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417.
Published Feb 16, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to execute commands via the STOR, RNTO, MKD, XMKD, RMD, XRMD, APPE, SIZE, and RNFR commands.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Shoptron shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.
Published Feb 23, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.
Published Feb 4, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack.
Published Feb 4, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive.
Published Feb 23, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
Published Feb 23, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration.
Published Feb 16, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.
Published Feb 4, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The @Retail shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message.
Published Feb 4, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request.
Published Feb 4, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.
Published Feb 4, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CuteFTP uses weak encryption to store password information in its tree.dat file.
Published Feb 4, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack.
Published Feb 4, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
Published Feb 8, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.
Published Feb 4, 2000 · Updated Aug 8, 2024