Full List

Search

Recent Vulnerabilities

• CVE-2000-0986 • published on November 29, 2000 Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable.
• CVE-2000-0906 • published on November 29, 2000 Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters.
• CVE-2000-0907 • published on November 29, 2000 EServ 2.92 Build 2982 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long HELO and MAIL FROM commands.
• CVE-2000-0918 • published on November 29, 2000 Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters.
• CVE-2000-0940 • published on November 29, 2000 Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. (dot dot) attack on the "name" or "display" parameter.
• CVE-2000-0971 • published on November 29, 2000 Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command.
• CVE-2000-0987 • published on November 29, 2000 Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.
• CVE-2000-0916 • published on November 29, 2000 FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.
• CVE-2000-0985 • published on November 29, 2000 Buffer overflow in All-Mail 1.1 allows remote attackers to execute arbitrary commands via a long "MAIL FROM" or "RCPT TO" command.
• CVE-2000-0988 • published on November 29, 2000 WinU 1.0 through 5.1 has a backdoor password that allows remote attackers to gain access to its administrative interface and modify configuration.
• CVE-2000-0997 • published on November 29, 2000 Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
• CVE-2000-1009 • published on November 29, 2000 dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
• CVE-2000-1028 • published on November 29, 2000 Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument.
• CVE-2000-1035 • published on November 29, 2000 Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER, PASS, or CWD command.
• CVE-2000-1037 • published on November 29, 2000 Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.
• CVE-2000-1053 • published on November 29, 2000 Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.
• CVE-2000-1020 • published on November 29, 2000 Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.
• CVE-2000-1021 • published on November 29, 2000 Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.
• CVE-2000-1025 • published on November 29, 2000 eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running.
• CVE-2000-1029 • published on November 29, 2000 Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query.