Unknown · CVSS Not scored
Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e).
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS versions 1.0.3 and earlier.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Spytech Spynet Chat Server 6.5 allows a remote attacker to create a denial of service (crash) via a large number of connections to port 6387.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the '-u' command line parameter.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point allow remote attackers to obtain the WEP encryption key by reading it from a MIB when the value should be write-only, via (1) dot11WEPDefaultKeyValue in the dot11WEPDefaultKeysTable of the IEEE 802.11b MIB, or (2) ap128bWepKeyValue in the ap128bWEPKeyTable in the Symbol MIB.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters.
Published Jul 27, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
Published Jul 27, 2001 · Updated Aug 8, 2024