Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-02-12 | CVE-2001-0006 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Windows NT 4.0 The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. | 7.1 |
| 2000-06-08 | CVE-2000-0499 | Improper Handling of Case Sensitivity vulnerability in BEA Weblogic Server The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | 7.5 |
| 2000-06-08 | CVE-2000-0498 | Improper Handling of Case Sensitivity vulnerability in Unify Ewave Servletexec Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | 7.5 |
| 2000-06-08 | CVE-2000-0497 | Improper Handling of Case Sensitivity vulnerability in IBM Websphere Application Server 3.0.2 IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | 7.5 |
| 2000-04-28 | CVE-2000-0342 | Link Following vulnerability in Qualcomm Eudora 4.0 Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." | 7.5 |
| 2000-04-12 | CVE-2000-0258 | Improper Input Validation vulnerability in Microsoft products IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. | 7.5 |
| 1999-12-31 | CVE-1999-1127 | Missing Release of Resource after Effective Lifetime vulnerability in Microsoft Windows NT 4.0 Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. | 7.5 |
| 1999-11-16 | CVE-1999-1549 | Origin Validation Error vulnerability in Lynx Project Lynx 2.7/2.8 Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. | 7.8 |
| 1999-01-01 | CVE-1999-1568 | Off-by-one Error vulnerability in Ncftp Ncftpd Server Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command. | 7.5 |
| 1998-06-03 | CVE-1999-1152 | Improper Restriction of Excessive Authentication Attempts vulnerability in Compaq Microcom 6000 Firmware Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack. | 7.5 |