Unknown · CVSS Not scored
Unspecified vulnerability in Haakon Nilsen simple, integrated publishing system (SIPS) before 0.2.4 has an unknown impact and attack vectors, related to a "grave security fault."
Published Sep 13, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string trap.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files via the importmotd command, which sets the Message of the Day (MOTD) to the specified file.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as (1) gmemusage and (2) gr_osview.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WinU 5.x and earlier uses weak encryption to store its configuration password, which allows local users to decrypt the password and gain privileges.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The BAIR program does not properly restrict access to the Internet Explorer Internet options menu, which allows local users to obtain access to the menu by modifying the registry key that starts BAIR.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user replies to a message.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in RobTex Viking server earlier than 1.06-370 allows remote attackers to cause a denial of service or execute arbitrary commands via a long HTTP GET request, or long Unless-Modified-Since, If-Range, or If-Modified-Since headers.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account "sa" with no password.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
String parsing error in rpc.kstatd in the linuxnfs or knfsd packages in SuSE and possibly other Linux systems allows remote attackers to gain root privileges.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
VariCAD 7.0 is installed with world-writeable files, which allows local users to replace the VariCAD programs with a Trojan horse program.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The truncate function in IRIX 6.x does not properly check for privileges when the file is in the xfs file system, which allows local users to delete the contents of arbitrary files.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a denial of service via a flood of fragmented packets with the SYN flag set.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privileges by connecting to the service and specifying the commands to be executed.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges.
Published Sep 21, 2000 · Updated Aug 8, 2024