Full List

Search

Recent Vulnerabilities

• CVE-2000-0665 • published on October 13, 2000 GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username.
• CVE-2000-0666 • published on October 13, 2000 rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
• CVE-2000-0684 • published on October 13, 2000 BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.
• CVE-2000-0678 • published on October 13, 2000 PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.
• CVE-2000-0685 • published on October 13, 2000 BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.
• CVE-2000-0705 • published on October 13, 2000 ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.
• CVE-2000-0712 • published on October 13, 2000 Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option.
• CVE-2000-0718 • published on October 13, 2000 A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
• CVE-2000-0725 • published on October 13, 2000 Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
• CVE-2000-0733 • published on October 13, 2000 Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.
• CVE-2000-0745 • published on October 13, 2000 admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter.
• CVE-2000-0751 • published on October 13, 2000 mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
• CVE-2000-0765 • published on October 13, 2000 Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
• CVE-2000-0767 • published on October 13, 2000 The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.
• CVE-2000-0777 • published on October 13, 2000 The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability.
• CVE-2000-0780 • published on October 13, 2000 The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
• CVE-2000-0654 • published on October 13, 2000 Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability.
• CVE-2000-0671 • published on October 13, 2000 Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL.
• CVE-2000-0674 • published on October 13, 2000 ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack.
• CVE-2000-0676 • published on October 13, 2000 Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.