Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-01-09 | CVE-2000-1133 | Authentication vulnerability in Flicks Software Authentix 5.1C Authentix Authentix100 allows remote attackers to bypass authentication by inserting a . | 5.0 |
| 2001-01-09 | CVE-2000-1132 | Unspecified vulnerability in Dcscripts Dcforum DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable. | 6.4 |
| 2001-01-09 | CVE-2000-1129 | Unspecified vulnerability in Network Associates Webshield Smtp 4.5 McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field. | 5.0 |
| 2001-01-09 | CVE-2000-1128 | Unspecified vulnerability in Mcafee Virusscan 4.5 The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory. | 4.6 |
| 2001-01-09 | CVE-2000-1119 | Unspecified vulnerability in IBM AIX Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument. | 4.6 |
| 2001-01-09 | CVE-2000-1114 | Unspecified vulnerability in Unify Ewave Servletexec 3.0/3.0C Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20". | 5.0 |
| 2001-01-09 | CVE-2000-1112 | Unspecified vulnerability in Microsoft Windows Media Player 6.4/7 Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability. | 4.6 |
| 2001-01-09 | CVE-2000-1111 | Unspecified vulnerability in Microsoft Windows 2000 Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input. | 5.0 |
| 2001-01-09 | CVE-2000-1110 | Path Disclosure vulnerability in IBM Net.Data 7.0 document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program. | 5.0 |
| 2001-01-09 | CVE-2000-1109 | Unspecified vulnerability in Midnight Commander Midnight Commander Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed. | 4.6 |