Full List

Search

Recent Vulnerabilities

• CVE-2000-0437 • published on July 12, 2000 Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands.
• CVE-2000-0464 • published on July 12, 2000 Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability.
• CVE-2000-0509 • published on July 12, 2000 Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname.
• CVE-2000-0531 • published on July 12, 2000 Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.
• CVE-2000-0544 • published on July 12, 2000 Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.
• CVE-2000-0527 • published on July 12, 2000 userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
• CVE-2000-0543 • published on July 12, 2000 The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows remote attackers to cause a denial of service if their hostname does not have a reverse DNS entry and they connect to port 4000.
• CVE-2000-0546 • published on July 12, 2000 Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.
• CVE-2000-0547 • published on July 12, 2000 Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
• CVE-2000-0554 • published on July 12, 2000 Ceilidh allows remote attackers to obtain the real path of the Ceilidh directory via the translated_path hidden form field.
• CVE-2000-0563 • published on July 12, 2000 The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
• CVE-2000-0524 • published on July 12, 2000 Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.
• CVE-2000-0535 • published on July 12, 2000 OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
• CVE-2000-0545 • published on July 12, 2000 Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter.
• CVE-2000-0562 • published on July 12, 2000 BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower.
• CVE-2000-0564 • published on July 12, 2000 The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter.
• CVE-2000-0520 • published on July 12, 2000 Buffer overflow in restore program 0.4b17 and earlier in dump package allows local users to execute arbitrary commands via a long tape name.
• CVE-2000-0526 • published on July 12, 2000 mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
• CVE-2000-0559 • published on July 12, 2000 eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.
• CVE-2000-0384 • published on June 15, 2000 NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure's MAC address, which could allow remote attackers to gain root access.