Unknown · CVSS Not scored
code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary files in the phorum directory via the query string.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method.
Published Jul 14, 2005 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The POP3 server in FTGate returns an -ERR code after receiving an invalid USER request, which makes it easier for remote attackers to determine valid usernames and conduct brute force password guessing.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3.
Published Jul 14, 2005 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL.
Published Jul 14, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.
Published Jul 14, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844).
Published Jul 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter.
Published Jul 14, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long USER environmental variable.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog".
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker to cause a denial of service via a long GET request for a program in the cgi-bin directory.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long DISPLAY environmental variable.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow remote attackers to execute arbitrary commands via long USER, PASS, LIST, RETR, or DELE commands.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to cause a denial of service via a long username parameter.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Windows 2000 Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros to various TCP and UDP ports, which significantly increases the CPU utilization.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Dragon FTP server allows remote attackers to cause a denial of service via a long USER command.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost).
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Blackboard CourseInfo 4.0 stores the local and SQL administrator user names and passwords in cleartext in a registry key whose access control allows users to access the passwords.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Ceilidh allows remote attackers to obtain the real path of the Ceilidh directory via the translated_path hidden form field.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
Published Jul 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows remote attackers to cause a denial of service if their hostname does not have a reverse DNS entry and they connect to port 4000.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in restore program 0.4b17 and earlier in dump package allows local users to execute arbitrary commands via a long tape name.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname.
Published Jul 12, 2000 · Updated Aug 8, 2024