Full List

Search

Recent Vulnerabilities

• CVE-2000-0722 • published on September 21, 2000 Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages.
• CVE-2000-0756 • published on September 21, 2000 Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
• CVE-2000-0759 • published on September 21, 2000 Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
• CVE-2000-0760 • published on September 21, 2000 The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
• CVE-2000-0772 • published on September 21, 2000 The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account "sa" with no password.
• CVE-2000-0785 • published on September 21, 2000 WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files via the importmotd command, which sets the Message of the Day (MOTD) to the specified file.
• CVE-2000-0791 • published on September 21, 2000 Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
• CVE-2000-0801 • published on September 21, 2000 Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option.
• CVE-2000-0691 • published on September 21, 2000 The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
• CVE-2000-0692 • published on September 21, 2000 ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a denial of service via a flood of fragmented packets with the SYN flag set.
• CVE-2000-0704 • published on September 21, 2000 Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands.
• CVE-2000-0709 • published on September 21, 2000 The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
• CVE-2000-0721 • published on September 21, 2000 The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses.
• CVE-2000-0746 • published on September 21, 2000 Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities.
• CVE-2000-0748 • published on September 21, 2000 OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse.
• CVE-2000-0757 • published on September 21, 2000 The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privileges by connecting to the service and specifying the commands to be executed.
• CVE-2000-0774 • published on September 21, 2000 The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root.
• CVE-2000-0775 • published on September 21, 2000 Buffer overflow in RobTex Viking server earlier than 1.06-370 allows remote attackers to cause a denial of service or execute arbitrary commands via a long HTTP GET request, or long Unless-Modified-Since, If-Range, or If-Modified-Since headers.
• CVE-2000-0793 • published on September 21, 2000 Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.
• CVE-2000-0794 • published on September 21, 2000 Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as (1) gmemusage and (2) gr_osview.