Full List

Search

Recent Vulnerabilities

• CVE-2000-1016 • published on January 22, 2001 The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
• CVE-2000-1022 • published on January 22, 2001 The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands.
• CVE-2000-1032 • published on January 22, 2001 The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall.
• CVE-2000-1036 • published on January 22, 2001 Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter.
• CVE-2000-1038 • published on January 22, 2001 The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request.
• CVE-2000-1042 • published on January 22, 2001 Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
• CVE-2000-1049 • published on January 22, 2001 Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.
• CVE-2000-1051 • published on January 22, 2001 Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.
• CVE-2000-1080 • published on January 22, 2001 Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet.
• CVE-2000-1106 • published on January 22, 2001 Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs.
• CVE-2000-1120 • published on January 22, 2001 Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.
• CVE-2000-1143 • published on January 22, 2001 Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.
• CVE-2000-1144 • published on January 22, 2001 Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.
• CVE-2000-1178 • published on January 22, 2001 Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
• CVE-2000-1077 • published on January 22, 2001 Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension.
• CVE-2000-1131 • published on January 22, 2001 Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable.
• CVE-2000-1139 • published on January 22, 2001 The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
• CVE-2000-1146 • published on January 22, 2001 Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.
• CVE-2000-1181 • published on January 22, 2001 Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.
• CVE-2000-1182 • published on January 22, 2001 WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling.