Full List

Search

Recent Vulnerabilities

• CVE-2000-1110 • published on December 19, 2000 document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.
• CVE-2000-1118 • published on December 19, 2000 24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request.
• CVE-2000-1127 • published on December 19, 2000 registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable.
• CVE-2000-1172 • published on December 19, 2000 Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol allows remote attackers to conduct a denial of service and possibly execute arbitrary commands via a long HTML tag.
• CVE-2000-1188 • published on December 19, 2000 Directory traversal vulnerability in Quikstore shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "page" parameter.
• CVE-2000-0817 • published on November 29, 2000 Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability.
• CVE-2000-0902 • published on November 29, 2000 getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
• CVE-2000-0905 • published on November 29, 2000 QNX Embedded Resource Manager in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read sensitive system statistics information via the embedded.html web page.
• CVE-2000-0885 • published on November 29, 2000 Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.
• CVE-2000-0903 • published on November 29, 2000 Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
• CVE-2000-0904 • published on November 29, 2000 Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to obtain that information.
• CVE-2000-0939 • published on November 29, 2000 Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart.
• CVE-2000-0950 • published on November 29, 2000 Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name.
• CVE-2000-0955 • published on November 29, 2000 Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges.
• CVE-2000-0998 • published on November 29, 2000 Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
• CVE-2000-0999 • published on November 29, 2000 Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
• CVE-2000-1008 • published on November 29, 2000 PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device.
• CVE-2000-0931 • published on November 29, 2000 Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data.
• CVE-2000-0954 • published on November 29, 2000 Shambala Server 4.5 stores passwords in plaintext, which could allow local users to obtain the passwords and compromise the server.
• CVE-2000-0963 • published on November 29, 2000 Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.