Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2000-06-08 | CVE-2000-0498 | Improper Handling of Case Sensitivity vulnerability in Unify Ewave Servletexec Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | 7.5 |
2000-06-08 | CVE-2000-0497 | Improper Handling of Case Sensitivity vulnerability in IBM Websphere Application Server 3.0.2 IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | 7.5 |
2000-06-06 | CVE-2000-0552 | Incomplete Cleanup vulnerability in ICQ 2000A ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information. | 5.5 |
2000-04-28 | CVE-2000-0342 | Link Following vulnerability in Qualcomm Eudora 4.0 Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." | 7.5 |
2000-04-23 | CVE-2000-0338 | Improper Locking vulnerability in Concurrent Versions Software Project Concurrent Versions Software Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user. | 5.5 |
2000-04-14 | CVE-2000-1218 | Origin Validation Error vulnerability in Microsoft products The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. | 9.8 |
2000-04-12 | CVE-2000-0258 | Improper Input Validation vulnerability in Microsoft products IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. | 7.5 |
1999-12-31 | CVE-1999-1386 | Link Following vulnerability in Perl Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. | 5.5 |
1999-12-31 | CVE-1999-1324 | Improper Restriction of Excessive Authentication Attempts vulnerability in HP Openvms VAX 5.3/5.4/5.5 VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing. | 9.8 |
1999-12-31 | CVE-1999-1127 | Missing Release of Resource after Effective Lifetime vulnerability in Microsoft Windows NT 4.0 Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. | 7.5 |