Unknown · CVSS Not scored
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in BearShare 2.2.2 and earlier allows a remote attacker to read certain files via a URL containing a series of . characters, a variation of the .. (dot dot) attack.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
Published Sep 18, 2001 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files.
Published Sep 18, 2001 · Updated Aug 8, 2024