Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0687 | 1 Cgi Script Center | 1 Auction Weaver | 2008-09-05 | 10.0 HIGH | N/A |
| Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter. | |||||
| CVE-2000-0686 | 1 Cgi Script Center | 1 Auction Weaver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter. | |||||
| CVE-2000-0718 | 1 Mandrakesoft | 1 Mandrake Linux | 2008-09-05 | 1.2 LOW | N/A |
| A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed. | |||||
| CVE-2000-0719 | 1 Varicad | 1 Varicad | 2008-09-05 | 6.2 MEDIUM | N/A |
| VariCAD 7.0 is installed with world-writeable files, which allows local users to replace the VariCAD programs with a Trojan horse program. | |||||
| CVE-2000-0721 | 1 Multisoft | 1 Flagship | 2008-09-05 | 6.2 MEDIUM | N/A |
| The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses. | |||||
| CVE-2000-0761 | 1 Ibm | 1 Os2 Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username. | |||||
| CVE-2000-0735 | 1 Rimarts Inc. | 1 Becky Internet Mail | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user replies to a message. | |||||
| CVE-2000-0736 | 1 Rimarts Inc. | 1 Becky Internet Mail | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user forwards a message. | |||||
| CVE-2000-0711 | 2 Microsoft, Netscape | 2 Virtual Machine, Communicator | 2008-09-05 | 7.5 HIGH | N/A |
| Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. | |||||
| CVE-2000-0758 | 1 Lyris | 1 List Manager | 2008-09-05 | 4.6 MEDIUM | N/A |
| The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field. | |||||
| CVE-2000-0700 | 1 Cisco | 4 Gigabit Switch Router 12008, Gigabit Switch Router 12012, Gigabit Switch Router 12016 and 1 more | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets. | |||||
| CVE-2000-0699 | 1 Hp | 1 Hp-ux | 2008-09-05 | 10.0 HIGH | N/A |
| Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command. | |||||
| CVE-2000-0798 | 1 Sgi | 1 Irix | 2008-09-05 | 10.0 HIGH | N/A |
| The truncate function in IRIX 6.x does not properly check for privileges when the file is in the xfs file system, which allows local users to delete the contents of arbitrary files. | |||||
| CVE-2000-0759 | 1 Apache | 1 Tomcat | 2008-09-05 | 6.4 MEDIUM | N/A |
| Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path. | |||||
| CVE-2000-0760 | 1 Apache | 1 Tomcat | 2008-09-05 | 6.4 MEDIUM | N/A |
| The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. | |||||
| CVE-2000-0683 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet. | |||||
| CVE-2000-0563 | 1 Apple | 1 Mac Os Runtime For Java | 2008-09-05 | 10.0 HIGH | N/A |
| The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model. | |||||
| CVE-2000-0709 | 1 Microsoft | 1 Frontpage | 2008-09-05 | 5.0 MEDIUM | N/A |
| The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name. | |||||
| CVE-2000-0741 | 1 Network Associates | 1 Net Tools Pki Server | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension. | |||||
| CVE-2000-0743 | 1 University Of Minnesota | 1 Gopherd | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value. | |||||
| CVE-2000-0745 | 1 Francisco Burzi | 1 Php-nuke | 2008-09-05 | 7.5 HIGH | N/A |
| admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter. | |||||
| CVE-2000-0466 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| AIX cdmount allows local users to gain root privileges via shell metacharacters. | |||||
| CVE-2000-0708 | 1 Pragma Systems | 1 Telnetserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port. | |||||
| CVE-2000-0707 | 1 Pccs-linux | 1 Mysqldatabase Admin Tool | 2008-09-05 | 7.5 HIGH | N/A |
| PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password. | |||||
| CVE-2000-0754 | 1 Hp | 1 Openview Network Node Manager | 2008-09-05 | 2.1 LOW | N/A |
| Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords. | |||||
| CVE-2000-0755 | 1 Hp | 1 Openview Network Node Manager | 2008-09-05 | 4.6 MEDIUM | N/A |
| Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges. | |||||
| CVE-2000-0756 | 1 Microsoft | 1 Outlook | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. | |||||
| CVE-2000-0757 | 1 Aptis Software | 1 Totalbill | 2008-09-05 | 10.0 HIGH | N/A |
| The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privileges by connecting to the service and specifying the commands to be executed. | |||||
| CVE-2000-0792 | 1 Alan Cox | 1 Gnome-lokkit | 2008-09-05 | 7.5 HIGH | N/A |
| Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available. | |||||
| CVE-2000-0693 | 1 Tech-source | 1 Raptor Gfx Pgx32 | 2008-09-05 | 7.2 HIGH | N/A |
| pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying their path to point to an alternate "cp" program. | |||||
| CVE-2000-0691 | 1 Gert Doering | 1 Mgetty | 2008-09-05 | 2.1 LOW | N/A |
| The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file. | |||||
| CVE-2000-0692 | 1 Iss | 1 Realsecure | 2008-09-05 | 5.0 MEDIUM | N/A |
| ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a denial of service via a flood of fragmented packets with the SYN flag set. | |||||
| CVE-2000-0722 | 1 Helix Code | 1 Gnome Updater | 2008-09-05 | 6.2 MEDIUM | N/A |
| Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages. | |||||
| CVE-2000-0723 | 1 Helix Code | 1 Gnome Installer | 2008-09-05 | 1.2 LOW | N/A |
| Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config. | |||||
| CVE-2000-0724 | 1 Helix Code | 1 Go-gnome Pre-installer | 2008-09-05 | 6.2 MEDIUM | N/A |
| The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files. | |||||
| CVE-2000-0763 | 1 David Bagley | 1 Xlock | 2008-09-05 | 7.2 HIGH | N/A |
| xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option. | |||||
| CVE-2000-0774 | 1 Bajie | 1 Java Http Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root. | |||||
| CVE-2000-0775 | 1 Robtex | 1 Viking Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in RobTex Viking server earlier than 1.06-370 allows remote attackers to cause a denial of service or execute arbitrary commands via a long HTTP GET request, or long Unless-Modified-Since, If-Range, or If-Modified-Since headers. | |||||
| CVE-2000-0789 | 1 Bardon Data Systems | 1 Winu | 2008-09-05 | 4.6 MEDIUM | N/A |
| WinU 5.x and earlier uses weak encryption to store its configuration password, which allows local users to decrypt the password and gain privileges. | |||||
| CVE-2000-0791 | 1 Trustix | 1 Secure Linux | 2008-09-05 | 4.6 MEDIUM | N/A |
| Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse. | |||||
| CVE-2000-0793 | 2 Novell, Symantec | 2 Client, Norton Antivirus | 2008-09-05 | 10.0 HIGH | N/A |
| Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system. | |||||
| CVE-2000-0794 | 1 Sgi | 1 Irix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as (1) gmemusage and (2) gr_osview. | |||||
| CVE-2000-0795 | 1 Sgi | 1 Irix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option. | |||||
| CVE-2000-0831 | 1 Fastream | 1 Ftp\+\+ Server | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long username. | |||||
| CVE-2000-0682 | 1 Bea | 1 Weblogic Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. | |||||
| CVE-2000-0695 | 1 Tech-source | 1 Raptor Gfx Pgx32 | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflows in pgxconfig in the Raptor GFX configuration tool allow local users to gain privileges via command line options. | |||||
| CVE-2000-0733 | 1 Sgi | 1 Irix | 2008-09-05 | 10.0 HIGH | N/A |
| Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request. | |||||
| CVE-2000-0679 | 1 Cvs | 1 Cvs | 2008-09-05 | 2.1 LOW | N/A |
| The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files. | |||||
| CVE-2000-0713 | 1 Adobe | 3 Acrobat, Acrobat Business Tools, Acrobat Reader | 2008-09-05 | 7.6 HIGH | N/A |
| Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and Fill In products that handle PDF files allows attackers to execute arbitrary commands via a long /Registry or /Ordering specifier. | |||||
| CVE-2000-0680 | 1 Cvs | 1 Cvs | 2008-09-05 | 7.2 HIGH | N/A |
| The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action. | |||||