Unknown · CVSS Not scored
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.
Published Apr 10, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.
Published Apr 18, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Denial of service in Savant web server via a null character in the requested URL.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
DNS PRO allows remote attackers to conduct a denial of service via a large number of connections.
Published Apr 25, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.
Published Apr 25, 2000 · Updated Aug 8, 2024