Full List

Search

Recent Vulnerabilities

• CVE-2000-0321 • published on May 18, 2000 Buffer overflow in IC Radius package allows a remote attacker to cause a denial of service via a long user name.
• CVE-2000-0326 • published on May 18, 2000 Meeting Maker uses weak encryption (a polyalphabetic substitution cipher) for passwords, which allows remote attackers to sniff and decrypt passwords for Meeting Maker accounts.
• CVE-2000-0333 • published on May 18, 2000 tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet.
• CVE-2000-0345 • published on May 18, 2000 The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
• CVE-2000-0343 • published on May 18, 2000 Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header.
• CVE-2000-0248 • published on April 26, 2000 The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.
• CVE-2000-0259 • published on April 26, 2000 The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users.
• CVE-2000-0266 • published on April 26, 2000 Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
• CVE-2000-0269 • published on April 26, 2000 Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
• CVE-2000-0271 • published on April 26, 2000 read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
• CVE-2000-0286 • published on April 26, 2000 X fontserver xfs allows local users to cause a denial of service via malformed input to the server.
• CVE-2000-0250 • published on April 26, 2000 The crypt function in QNX uses weak encryption, which allows local users to decrypt passwords.
• CVE-2000-0280 • published on April 26, 2000 Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.
• CVE-2000-0293 • published on April 26, 2000 aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaa_base when it deletes expired files from the /tmp directory.
• CVE-2000-0270 • published on April 26, 2000 The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.
• CVE-2000-0275 • published on April 26, 2000 CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN.
• CVE-2000-0281 • published on April 26, 2000 Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message.
• CVE-2000-0288 • published on April 26, 2000 Infonautics getdoc.cgi allows remote attackers to bypass the payment phase for accessing documents via a modified form variable.
• CVE-2000-0295 • published on April 26, 2000 Buffer overflow in LCDproc allows remote attackers to gain root privileges via the screen_add command.
• CVE-2000-0299 • published on April 26, 2000 Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept.