Full List

Search

Recent Vulnerabilities

• CVE-2000-1156 • published on December 19, 2000 StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.
• CVE-2000-1158 • published on December 19, 2000 NAI Sniffer Agent uses base64 encoding for authentication, which allows attackers to sniff the network and easily decrypt usernames and passwords.
• CVE-2000-1159 • published on December 19, 2000 NAI Sniffer Agent allows remote attackers to gain privileges on the agent by sniffing the initial UDP authentication packets and spoofing commands.
• CVE-2000-1173 • published on December 19, 2000 Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information.
• CVE-2000-1183 • published on December 19, 2000 Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request.
• CVE-2000-1185 • published on December 19, 2000 The telnet proxy in RideWay PN proxy server allows remote attackers to cause a denial of service via a flood of connections that contain malformed requests.
• CVE-2000-1186 • published on December 19, 2000 Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header.
• CVE-2000-1084 • published on December 19, 2000 The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
• CVE-2000-1100 • published on December 19, 2000 The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.
• CVE-2000-1103 • published on December 19, 2000 rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
• CVE-2000-1114 • published on December 19, 2000 Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".
• CVE-2000-1117 • published on December 19, 2000 The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
• CVE-2000-1125 • published on December 19, 2000 restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
• CVE-2000-1126 • published on December 19, 2000 Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service.
• CVE-2000-1130 • published on December 19, 2000 McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment.
• CVE-2000-1134 • published on December 19, 2000 Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing < redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
• CVE-2000-1138 • published on December 19, 2000 Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected.
• CVE-2000-1152 • published on December 19, 2000 Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
• CVE-2000-1160 • published on December 19, 2000 NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large number of login requests.
• CVE-2000-1161 • published on December 19, 2000 The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.