Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2000-06-08 | CVE-2000-0497 | Improper Handling of Case Sensitivity vulnerability in IBM Websphere Application Server 3.0.2 IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | 7.5 |
2000-04-28 | CVE-2000-0342 | Link Following vulnerability in Qualcomm Eudora 4.0 Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." | 7.5 |
2000-04-12 | CVE-2000-0258 | Improper Input Validation vulnerability in Microsoft products IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. | 7.5 |
1999-12-31 | CVE-1999-1127 | Missing Release of Resource after Effective Lifetime vulnerability in Microsoft Windows NT 4.0 Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. | 7.5 |
1999-11-16 | CVE-1999-1549 | Origin Validation Error vulnerability in Lynx Project Lynx 2.7/2.8 Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. | 7.8 |
1999-01-01 | CVE-1999-1568 | Off-by-one Error vulnerability in Ncftp Ncftpd Server Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command. | 7.5 |
1998-06-03 | CVE-1999-1152 | Improper Restriction of Excessive Authentication Attempts vulnerability in Compaq Microcom 6000 Firmware Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack. | 7.5 |
1998-01-01 | CVE-1999-0239 | Improper Handling of Case Sensitivity vulnerability in Netscape Fasttrack Server 3.01 Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. | 7.5 |
1997-01-01 | CVE-1999-0236 | Information Exposure vulnerability in multiple products ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. | 7.5 |