Unknown · CVSS Not scored
Snort 1.6, when running in straight ASCII packet logging mode or IDS mode with straight decoded ASCII packet logging selected, allows remote attackers to cause a denial of service (crash) by sending non-IP protocols that Snort does not know about, as demonstrated by an nmap protocol scan.
Published Jun 21, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back.
Published Jun 28, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Privacy leak in Dansie Shopping Cart 3.04, and probably earlier versions, sends sensitive information such as user credentials to an e-mail address controlled by the product developers.
Published Jun 6, 2007 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program.
Published Jun 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in bbd server in Big Brother System and Network Monitor allows an attacker to execute arbitrary commands.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Omnis Studio 2.4 uses weak encryption (trivial encoding) for encrypting database fields.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The administrative password for the Allmanage web site administration software is stored in plaintext in a file which could be accessed by remote attackers.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The SuSE aaa_base package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to those accounts by creating standard user startup scripts such as profiles.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping cart allow remote attackers to execute arbitrary commands via a long query string.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The file transfer component of AOL Instant Messenger (AIM) reveals the physical path of the transferred file to the remote recipient.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure's MAC address, which could allow remote attackers to gain root access.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FileMaker Pro 5 Web Companion allows remote attackers to bypass Field-Level database security restrictions via the XML publishing or email capabilities.
Published Jun 15, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in healthd for FreeBSD allows local users to gain root privileges.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.
Published Jun 2, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges.
Published Jun 2, 2000 · Updated Aug 8, 2024