Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2000-06-08 CVE-2000-0498 Improper Handling of Case Sensitivity vulnerability in Unify Ewave Servletexec
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
network
low complexity
unify CWE-178
7.5
2000-06-08 CVE-2000-0497 Improper Handling of Case Sensitivity vulnerability in IBM Websphere Application Server 3.0.2
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
network
low complexity
ibm CWE-178
7.5
2000-06-06 CVE-2000-0552 Incomplete Cleanup vulnerability in ICQ 2000A
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
local
low complexity
icq CWE-459
5.5
2000-04-28 CVE-2000-0342 Link Following vulnerability in Qualcomm Eudora 4.0
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."
network
low complexity
qualcomm CWE-59
7.5
2000-04-23 CVE-2000-0338 Improper Locking vulnerability in Concurrent Versions Software Project Concurrent Versions Software
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.
5.5
2000-04-14 CVE-2000-1218 Origin Validation Error vulnerability in Microsoft products
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
network
low complexity
microsoft CWE-346
critical
9.8
2000-04-12 CVE-2000-0258 Improper Input Validation vulnerability in Microsoft products
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
network
low complexity
microsoft CWE-20
7.5
1999-12-31 CVE-1999-1386 Link Following vulnerability in Perl
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
local
low complexity
perl CWE-59
5.5
1999-12-31 CVE-1999-1324 Improper Restriction of Excessive Authentication Attempts vulnerability in HP Openvms VAX 5.3/5.4/5.5
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
network
low complexity
hp CWE-307
critical
9.8
1999-12-31 CVE-1999-1127 Missing Release of Resource after Effective Lifetime vulnerability in Microsoft Windows NT 4.0
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
network
low complexity
microsoft CWE-772
7.5