Full List

Search

Recent Vulnerabilities

• CVE-2000-0577 • published on May 7, 2001 Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
• CVE-2000-0541 • published on May 7, 2001 The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command.
• CVE-2000-0622 • published on May 7, 2001 Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter.
• CVE-2000-0731 • published on May 7, 2001 Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
• CVE-2000-0816 • published on May 7, 2001 Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.
• CVE-2000-0818 • published on May 7, 2001 The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.
• CVE-2000-0856 • published on May 7, 2001 Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request.
• CVE-2000-0693 • published on May 7, 2001 pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying their path to point to an alternate "cp" program.
• CVE-2000-0694 • published on May 7, 2001 pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack.
• CVE-2000-0717 • published on May 7, 2001 GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands.
• CVE-2000-0726 • published on May 7, 2001 CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.
• CVE-2000-0803 • published on May 7, 2001 GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
• CVE-2000-0854 • published on May 7, 2001 When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
• CVE-2000-0876 • published on May 7, 2001 WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.
• CVE-2000-0896 • published on May 7, 2001 WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets.
• CVE-2000-0650 • published on May 7, 2001 The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.
• CVE-2000-0742 • published on May 7, 2001 The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.
• CVE-2000-0720 • published on May 7, 2001 news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.
• CVE-2000-0829 • published on May 7, 2001 The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.
• CVE-2000-0874 • published on May 7, 2001 Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF).