Full List

Search

Recent Vulnerabilities

• CVE-2000-0408 • published on July 12, 2000 IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability.
• CVE-2000-0421 • published on July 12, 2000 The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters.
• CVE-2000-0436 • published on July 12, 2000 MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack.
• CVE-2000-0442 • published on July 12, 2000 Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command.
• CVE-2000-0465 • published on July 12, 2000 Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability.
• CVE-2000-0476 • published on July 12, 2000 xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
• CVE-2000-0480 • published on July 12, 2000 Dragon telnet server allows remote attackers to cause a denial of service via a long username.
• CVE-2000-0491 • published on July 12, 2000 Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
• CVE-2000-0492 • published on July 12, 2000 PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords.
• CVE-2000-0389 • published on July 12, 2000 Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
• CVE-2000-0394 • published on July 12, 2000 NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.
• CVE-2000-0397 • published on July 12, 2000 The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account.
• CVE-2000-0403 • published on July 12, 2000 The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.
• CVE-2000-0406 • published on July 12, 2000 Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
• CVE-2000-0407 • published on July 12, 2000 Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.
• CVE-2000-0411 • published on July 12, 2000 Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter.
• CVE-2000-0414 • published on July 12, 2000 Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.
• CVE-2000-0419 • published on July 12, 2000 The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
• CVE-2000-0425 • published on July 12, 2000 Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.
• CVE-2000-0431 • published on July 12, 2000 Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.