Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2000-06-08 CVE-2000-0497 Improper Handling of Case Sensitivity vulnerability in IBM Websphere Application Server 3.0.2
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
network
low complexity
ibm CWE-178
7.5
2000-04-28 CVE-2000-0342 Link Following vulnerability in Qualcomm Eudora 4.0
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."
network
low complexity
qualcomm CWE-59
7.5
2000-04-12 CVE-2000-0258 Improper Input Validation vulnerability in Microsoft products
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
network
low complexity
microsoft CWE-20
7.5
1999-12-31 CVE-1999-1127 Missing Release of Resource after Effective Lifetime vulnerability in Microsoft Windows NT 4.0
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
network
low complexity
microsoft CWE-772
7.5
1999-11-16 CVE-1999-1549 Origin Validation Error vulnerability in Lynx Project Lynx 2.7/2.8
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands.
local
low complexity
lynx-project CWE-346
7.8
1999-01-01 CVE-1999-1568 Off-by-one Error vulnerability in Ncftp Ncftpd Server
Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.
network
low complexity
ncftp CWE-193
7.5
1998-06-03 CVE-1999-1152 Improper Restriction of Excessive Authentication Attempts vulnerability in Compaq Microcom 6000 Firmware
Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack.
network
low complexity
compaq CWE-307
7.5
1998-01-01 CVE-1999-0239 Improper Handling of Case Sensitivity vulnerability in Netscape Fasttrack Server 3.01
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.
network
low complexity
netscape CWE-178
7.5
1997-01-01 CVE-1999-0236 Information Exposure vulnerability in multiple products
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
network
low complexity
apache illinois CWE-200
7.5