Unknown · CVSS Not scored
Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user forwards a message.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable files.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and Fill In products that handle PDF files allows attackers to execute arbitrary commands via a long /Registry or /Ordering specifier.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in pgxconfig in the Raptor GFX configuration tool allow local users to gain privileges via command line options.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
Published Sep 21, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Sybergen Sygate allows remote attackers to cause a denial of service by sending a malformed DNS UDP packet to its internal interface.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Sybergen Secure Desktop 2.1 does not properly protect against false router advertisements (ICMP type 9), which allows remote attackers to modify default routes.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges.
Published Sep 1, 2004 · Updated Aug 8, 2024