Unknown · CVSS Not scored
BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.
Published Nov 16, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the LPD service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in IP implementation of HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service (printer crash) via a malformed packet.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a "?" character.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the Telnet service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the FTP service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER, PASS, or CWD command.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of Slashcode before version 2.0 Alpha has a default administrative password, which allows remote attackers to gain Slashcode privileges and possibly execute arbitrary commands.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WinU 1.0 through 5.1 has a backdoor password that allows remote attackers to gain access to its administrative interface and modify configuration.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in All-Mail 1.1 allows remote attackers to execute arbitrary commands via a long "MAIL FROM" or "RCPT TO" command.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Shambala Server 4.5 stores passwords in plaintext, which could allow local users to obtain the passwords and compromise the server.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to obtain that information.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
EServ 2.92 Build 2982 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long HELO and MAIL FROM commands.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
QNX Embedded Resource Manager in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read sensitive system statistics information via the embedded.html web page.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. (dot dot) attack on the "name" or "display" parameter.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data.
Published Nov 29, 2000 · Updated Aug 8, 2024