Unknown · CVSS Not scored
Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
Published Aug 10, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
Published Aug 1, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred.
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long user ID in a SOCKS4 CONNECT request.
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service.
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long HELO command in the SMTP protocol.
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server.
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command.
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long USER command in the FTP protocol.
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long USER command in the POP3 protocol.
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request.
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header.
Published Aug 3, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NetZero 3.0 and earlier uses weak encryption for storing a user's login information, which allows a local user to decrypt the password.
Published Aug 3, 2000 · Updated Aug 8, 2024