Full List

Search

Recent Vulnerabilities

• CVE-2000-0951 • published on January 22, 2001 A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.
• CVE-2000-0952 • published on January 22, 2001 global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters.
• CVE-2000-0953 • published on January 22, 2001 Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection.
• CVE-2000-0957 • published on January 22, 2001 The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.
• CVE-2000-0958 • published on January 22, 2001 HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.
• CVE-2000-0967 • published on January 22, 2001 PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
• CVE-2000-0974 • published on January 22, 2001 GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
• CVE-2000-0978 • published on January 22, 2001 bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter.
• CVE-2000-0981 • published on January 22, 2001 MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.
• CVE-2000-0991 • published on January 22, 2001 Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability.
• CVE-2000-0993 • published on January 22, 2001 Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
• CVE-2000-0995 • published on January 22, 2001 Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.
• CVE-2000-1002 • published on January 22, 2001 POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks.
• CVE-2000-1005 • published on January 22, 2001 Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.
• CVE-2000-0915 • published on January 22, 2001 fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.
• CVE-2000-0921 • published on January 22, 2001 Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.
• CVE-2000-0924 • published on January 22, 2001 Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catigory" parameter.
• CVE-2000-0925 • published on January 22, 2001 The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information.
• CVE-2000-0929 • published on January 22, 2001 Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability.
• CVE-2000-0938 • published on January 22, 2001 Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.