Unknown · CVSS Not scored
POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
Published Apr 21, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844).
Published Jul 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument.
Published May 7, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
Published Aug 10, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.
Published Jun 25, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.
Published May 7, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.
Published May 7, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother (BB) before 1.5d3 allows remote attackers to determine the existence of files and user ID's by specifying the target file in the HISTFILE parameter.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in NAI Sniffer Agent allows remote attackers to execute arbitrary commands via a long SNMP community name.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter.
Published Jul 14, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request.
Published May 7, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to cause a denial of service (server crash) via "mode +owgscfxeb" and "oper" commands.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the LPD service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The telnet proxy in RideWay PN proxy server allows remote attackers to cause a denial of service via a flood of connections that contain malformed requests.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Argosoft FRP server 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long string to the (1) USER or (2) CWD commands.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
Published Aug 1, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
Published Jan 22, 2001 · Updated Aug 8, 2024