Full List

Search

Recent Vulnerabilities

• CVE-2000-0240 • published on October 13, 2000 vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack.
• CVE-2000-0273 • published on October 13, 2000 PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt.
• CVE-2000-0282 • published on October 13, 2000 TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program.
• CVE-2000-0289 • published on October 13, 2000 IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.
• CVE-2000-0225 • published on October 13, 2000 The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled.
• CVE-2000-0238 • published on October 13, 2000 Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL.
• CVE-2000-0272 • published on October 13, 2000 RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070.
• CVE-2000-0318 • published on October 13, 2000 Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack.
• CVE-2000-0320 • published on October 13, 2000 Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n.
• CVE-2000-0344 • published on October 13, 2000 The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value.
• CVE-2000-0378 • published on October 13, 2000 The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.
• CVE-2000-0332 • published on October 13, 2000 UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte.
• CVE-2000-0340 • published on October 13, 2000 Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable.
• CVE-2000-0347 • published on October 13, 2000 Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name.
• CVE-2000-0366 • published on October 13, 2000 dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.
• CVE-2000-0369 • published on October 13, 2000 The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service.
• CVE-2000-0322 • published on October 13, 2000 The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.
• CVE-2000-0335 • published on October 13, 2000 The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.
• CVE-2000-0338 • published on October 13, 2000 Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.
• CVE-2000-0374 • published on October 13, 2000 The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions.