Full List

Search

Recent Vulnerabilities

• CVE-2000-0300 • published on April 26, 2000 The default encryption method of PcAnywhere 9.x uses weak encryption, which allows remote attackers to sniff and decrypt PcAnywhere or NT domain accounts.
• CVE-2000-0256 • published on April 26, 2000 Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability.
• CVE-2000-0284 • published on April 26, 2000 Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
• CVE-2000-0291 • published on April 26, 2000 Buffer overflow in Star Office 5.1 allows attackers to cause a denial of service by embedding a long URL within a document.
• CVE-1999-0203 • published on April 25, 2000 In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
• CVE-1999-0780 • published on April 25, 2000 KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
• CVE-1999-0781 • published on April 25, 2000 KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
• CVE-1999-0803 • published on April 25, 2000 The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.
• CVE-1999-0950 • published on April 25, 2000 Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
• CVE-1999-0782 • published on April 25, 2000 KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
• CVE-1999-0895 • published on April 25, 2000 Firewall-1 does not properly restrict access to LDAP attributes.
• CVE-1999-0824 • published on April 25, 2000 A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.
• CVE-1999-0897 • published on April 25, 2000 iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.
• CVE-1999-0889 • published on April 25, 2000 Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set.
• CVE-1999-0957 • published on April 25, 2000 MajorCool mj_key_cache program allows local users to modify files via a symlink attack.
• CVE-1999-0997 • published on April 25, 2000 wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
• CVE-1999-1005 • published on April 25, 2000 Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.
• CVE-1999-1007 • published on April 25, 2000 Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file.
• CVE-1999-1010 • published on April 25, 2000 An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
• CVE-2000-0010 • published on April 25, 2000 WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.