Unknown · CVSS Not scored
The HTTP service in American Power Conversion (APC) PowerChute uses a default username and password, which allows remote attackers to gain system access.
Published Dec 10, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catsearch" form field.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother (BB) before 1.5d3 allows remote attackers to determine the existence of files and user ID's by specifying the target file in the HISTFILE parameter.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in NAI Sniffer Agent allows remote attackers to execute arbitrary commands via a long SNMP community name.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to cause a denial of service (server crash) via "mode +owgscfxeb" and "oper" commands.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The telnet proxy in RideWay PN proxy server allows remote attackers to cause a denial of service via a flood of connections that contain malformed requests.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Baxter IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large number of login requests.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NAI Sniffer Agent allows remote attackers to gain privileges on the agent by sniffing the initial UDP authentication packets and spoofing commands.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Quikstore shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "page" parameter.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to conduct a denial of service and possibly execute arbitrary commands via a long HTML tag.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Felix IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Authentix Authentix100 allows remote attackers to bypass authentication by inserting a . (dot) into the URL for a protected directory.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long command.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.
Published Dec 19, 2000 · Updated Aug 8, 2024