Full List

Search

Recent Vulnerabilities

• CVE-1999-0718 • published on September 1, 2004 IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key.
• CVE-1999-1199 • published on September 1, 2004 Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
• CVE-1999-1201 • published on September 1, 2004 Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing.
• CVE-1999-1189 • published on September 1, 2004 Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
• CVE-1999-1217 • published on September 1, 2004 The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories.
• CVE-1999-1365 • published on September 1, 2004 Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default.
• CVE-1999-1397 • published on September 1, 2004 Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.
• CVE-1999-1486 • published on September 1, 2004 sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
• CVE-1999-1568 • published on September 1, 2004 Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.
• CVE-1999-1520 • published on September 1, 2004 A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.
• CVE-1999-1537 • published on September 1, 2004 IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.
• CVE-1999-1556 • published on September 1, 2004 Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.
• CVE-2000-0247 • published on September 1, 2004 Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges.
• CVE-2000-0747 • published on September 1, 2004 The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.
• CVE-2000-0773 • published on September 1, 2004 Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack.
• CVE-2000-0781 • published on September 1, 2004 uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.
• CVE-2000-0894 • published on September 1, 2004 HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities.
• CVE-2000-0895 • published on September 1, 2004 Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request.
• CVE-2000-0797 • published on September 1, 2004 Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option.
• CVE-2000-1203 • published on September 1, 2004 Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.