Full List

Search

Recent Vulnerabilities

• CVE-2000-0252 • published on January 22, 2001 The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable.
• CVE-2000-0276 • published on January 22, 2001 BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37.
• CVE-2000-0287 • published on January 22, 2001 The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter.
• CVE-2000-0292 • published on January 22, 2001 The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash.
• CVE-2000-0253 • published on January 22, 2001 The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.
• CVE-2000-0283 • published on January 22, 2001 The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.
• CVE-2000-0254 • published on January 22, 2001 The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.
• CVE-2000-0255 • published on January 22, 2001 The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program.
• CVE-2000-0278 • published on January 22, 2001 The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user.
• CVE-2000-0296 • published on January 22, 2001 fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck.
• CVE-2000-0341 • published on January 22, 2001 ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name.
• CVE-2000-0498 • published on January 22, 2001 Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
• CVE-2000-0488 • published on January 22, 2001 Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command.
• CVE-2000-0565 • published on January 22, 2001 SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.
• CVE-2000-0523 • published on January 22, 2001 Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command.
• CVE-2000-0542 • published on January 22, 2001 Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds.
• CVE-2000-0672 • published on January 22, 2001 The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
• CVE-2000-0679 • published on January 22, 2001 The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
• CVE-2000-0698 • published on January 22, 2001 Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack.
• CVE-2000-0716 • published on January 22, 2001 WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.