Unknown · CVSS Not scored
Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem."
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Authentix Authentix100 allows remote attackers to bypass authentication by inserting a . (dot) into the URL for a protected directory.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long command.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.
Published May 7, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed.
Published May 7, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.
Published May 7, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.
Published Mar 9, 2002 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the Telnet service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the FTP service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibly other Linux operating systems, allows an attacker to gain root privileges.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL.
Published Nov 29, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Published Dec 19, 2000 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges.
Published Jan 22, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
Published Jan 22, 2001 · Updated Aug 8, 2024