Vulnerability Details

CVE-2000-0038 • published on February 4, 2000 glFtpD includes a default glftpd user account with a default password and a UID of 0.

CVE-2000-0008 • published on February 4, 2000 FTPPro allows local users to read sensitive information, which is stored in plain text.

CVE-2000-0055 • published on February 4, 2000 Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.

CVE-2000-0054 • published on February 4, 2000 search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack.

CVE-2000-0049 • published on February 4, 2000 Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.

CVE-2000-0061 • published on February 4, 2000 Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.

CVE-2000-0005 • published on February 4, 2000 HP-UX aserver program allows local users to gain privileges via a symlink attack.

CVE-2000-0047 • published on February 4, 2000 Buffer overflow in Yahoo Pager/Messenger client allows remote attackers to cause a denial of service via a long URL within a message.

CVE-2000-0058 • published on February 4, 2000 Network HotSync program in Handspring Visor does not have authentication, which allows remote attackers to retrieve email and files.

CVE-2000-0059 • published on February 4, 2000 PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.

CVE-2000-0066 • published on February 4, 2000 WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request.

CVE-2000-0069 • published on February 4, 2000 The recover program in Solstice Backup allows local users to restore sensitive files.

CVE-2000-0081 • published on February 4, 2000 Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.

CVE-2000-0084 • published on February 4, 2000 CuteFTP uses weak encryption to store password information in its tree.dat file.

CVE-2000-0071 • published on February 4, 2000 IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.

CVE-2000-0078 • published on February 4, 2000 The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.

CVE-2000-0079 • published on February 4, 2000 The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.

CVE-2000-0068 • published on February 4, 2000 daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail.

CVE-2000-0074 • published on February 4, 2000 PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions.

CVE-2000-0077 • published on February 4, 2000 The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.

Recent Vulnerabilities