Full List

Search

Recent Vulnerabilities

• CVE-2000-0867 • published on January 22, 2001 Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
• CVE-2000-0869 • published on January 22, 2001 The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.
• CVE-2000-0886 • published on January 22, 2001 IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
• CVE-2000-0887 • published on January 22, 2001 named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."
• CVE-2000-0901 • published on January 22, 2001 Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable.
• CVE-2000-0729 • published on January 22, 2001 FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
• CVE-2000-0732 • published on January 22, 2001 Worm HTTP server allows remote attackers to cause a denial of service via a long URL.
• CVE-2000-0738 • published on January 22, 2001 WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail.
• CVE-2000-0762 • published on January 22, 2001 The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.
• CVE-2000-0766 • published on January 22, 2001 Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request.
• CVE-2000-0804 • published on January 22, 2001 Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."
• CVE-2000-0807 • published on January 22, 2001 The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability."
• CVE-2000-0809 • published on January 22, 2001 Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service.
• CVE-2000-0846 • published on January 22, 2001 Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to execute arbitrary commands via a long username or password.
• CVE-2000-0851 • published on January 22, 2001 Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.
• CVE-2000-0853 • published on January 22, 2001 YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
• CVE-2000-0858 • published on January 22, 2001 Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.
• CVE-2000-0860 • published on January 22, 2001 The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
• CVE-2000-0870 • published on January 22, 2001 Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string.
• CVE-2000-0900 • published on January 22, 2001 Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.