Unknown · CVSS Not scored
Baxter IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges.
Published Aug 31, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large number of login requests.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NAI Sniffer Agent allows remote attackers to gain privileges on the agent by sniffing the initial UDP authentication packets and spoofing commands.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter.
Published May 7, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Quikstore shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "page" parameter.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
Published Apr 2, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or fsdb to read /dev/mem and raw disk devices to identify ManTrap processes or modify arbitrary data files.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
Published Sep 12, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to conduct a denial of service and possibly execute arbitrary commands via a long HTML tag.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.
Published May 7, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.
Published Feb 2, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Felix IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in IP implementation of HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service (printer crash) via a malformed packet.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.
Published May 7, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a "?" character.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.
Published Mar 9, 2002 · Updated Aug 8, 2024