Unknown · CVSS Not scored
telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.
Published Mar 15, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 APR 00 allows remote attackers to obtain sensitive information via unknown attack vectors, which reveal the absolute path. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Published Mar 23, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Fastream FUR HTTP server 1.0b allows remote attackers to cause a denial of service via a long GET request.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515).
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED).
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of service by sending an HTTP GET request without listing an HTTP version number.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FirstClass Internet Services server 5.770, and other versions before 6.1, allows remote attackers to cause a denial of service by sending an email with a long To: mail header.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites.
Published Mar 22, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.
Published Mar 22, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.
Published Mar 22, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters.
Published Mar 22, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event.
Published Mar 22, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.
Published Mar 22, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.
Published Mar 22, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in POP3 and IMAP servers in the MERCUR mail server suite allows remote attackers to cause a denial of service.
Published Mar 22, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.
Published Mar 22, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
Published Mar 22, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
Published Mar 22, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt.
Published Mar 22, 2000 · Updated Aug 8, 2024