Full List

Search

Recent Vulnerabilities

• CVE-2000-0517 • published on October 13, 2000 Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.
• CVE-2000-0519 • published on October 13, 2000 Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
• CVE-2000-0521 • published on October 13, 2000 Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number.
• CVE-2000-0525 • published on October 13, 2000 OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
• CVE-2000-0528 • published on October 13, 2000 Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files.
• CVE-2000-0532 • published on October 13, 2000 A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered.
• CVE-2000-0533 • published on October 13, 2000 Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files.
• CVE-2000-0537 • published on October 13, 2000 BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable.
• CVE-2000-0538 • published on October 13, 2000 ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.
• CVE-2000-0548 • published on October 13, 2000 Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
• CVE-2000-0549 • published on October 13, 2000 Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
• CVE-2000-0552 • published on October 13, 2000 ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
• CVE-2000-0567 • published on October 13, 2000 Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.
• CVE-2000-0571 • published on October 13, 2000 LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request.
• CVE-2000-0587 • published on October 13, 2000 The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.
• CVE-2000-0594 • published on October 13, 2000 BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
• CVE-2000-0595 • published on October 13, 2000 libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.
• CVE-2000-0596 • published on October 13, 2000 Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.
• CVE-2000-0597 • published on October 13, 2000 Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
• CVE-2000-0599 • published on October 13, 2000 Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port.