Unknown · CVSS Not scored
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Dragon telnet server allows remote attackers to cause a denial of service via a long username.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The HTTP administration interface to the Cayman 3220-H DSL router allows remote attackers to cause a denial of service via a long username or password.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.
Published Jul 12, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.
Published Jul 12, 2000 · Updated Aug 8, 2024