Unknown · CVSS Not scored
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Savant web server allows remote attackers to execute arbitrary commands via a long GET request.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WircSrv IRC Server 5.07s allows remote attackers to cause a denial of service via a long string to the server port.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The view_page.html sample page in the MiniVend shopping cart program allows remote attackers to execute arbitrary commands via shell metacharacters.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.
Published Oct 13, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
Published Oct 13, 2000 · Updated Aug 8, 2024