Weekly Vulnerabilities Reports > October 16 to 22, 2000

Overview

133 new vulnerabilities reported during this period, including 23 critical vulnerabilities and 41 high severity vulnerabilities. This weekly summary report vulnerabilities in 112 products from 81 vendors including Microsoft, SGI, Redhat, HP, and BEA. Vulnerabilities are notably categorized as and "Link Following".

  • 87 reported vulnerabilities are remotely exploitables.
  • 133 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • BEA has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

23 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-10-20 CVE-2000-0800 Suse Unspecified vulnerability in Suse Linux

String parsing error in rpc.kstatd in the linuxnfs or knfsd packages in SuSE and possibly other Linux systems allows remote attackers to gain root privileges.

10.0
2000-10-20 CVE-2000-0798 SGI Unspecified vulnerability in SGI Irix 6.2/6.3/6.4

The truncate function in IRIX 6.x does not properly check for privileges when the file is in the xfs file system, which allows local users to delete the contents of arbitrary files.

10.0
2000-10-20 CVE-2000-0793 Novell
Symantec
Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.
10.0
2000-10-20 CVE-2000-0788 Microsoft Unspecified vulnerability in Microsoft Access and Word

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.

10.0
2000-10-20 CVE-2000-0784 Rapidstream Remote Command Execution vulnerability in RapidStream Unauthenticated

sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh.

10.0
2000-10-20 CVE-2000-0762 Broadcom
CA
The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.
10.0
2000-10-20 CVE-2000-0757 Aptis Software Remote Command Execution vulnerability in Aptis Software Totalbill 3.0

The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privileges by connecting to the service and specifying the commands to be executed.

10.0
2000-10-20 CVE-2000-0747 Conectiva Unspecified vulnerability in Conectiva Linux 4.1/4.2/5.0

The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.

10.0
2000-10-20 CVE-2000-0744 University OF Minnesota Remote Security vulnerability in University of Minnesota Gopherd 2.3/2.3.1

DEPRECATED.

10.0
2000-10-20 CVE-2000-0743 University OF Minnesota Unspecified vulnerability in University of Minnesota Gopherd 2.3/2.3.1

Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value.

10.0
2000-10-20 CVE-2000-0733 SGI Unspecified vulnerability in SGI Irix

Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.

10.0
2000-10-20 CVE-2000-0706 Luca Deri Unspecified vulnerability in Luca Deri Ntop 1.2A79/1.3.1

Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands.

10.0
2000-10-20 CVE-2000-0704 Freewnn
Omron
WNN
Remote Buffer Overflow vulnerability in Omron WorldView Wnn Asian Language Server

Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands.

10.0
2000-10-20 CVE-2000-0699 HP Unspecified vulnerability in HP Hp-Ux 10.20/11.00

Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.

10.0
2000-10-20 CVE-2000-0697 SUN Remote Command Execution vulnerability in Solaris AnswerBook2

The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters.

10.0
2000-10-20 CVE-2000-0690 CGI Script Center Unspecified vulnerability in CGI Script Center Auction Weaver 1.0/1.02

Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.

10.0
2000-10-20 CVE-2000-0687 CGI Script Center Directory Traversal vulnerability in CGI Script Center Auction Weaver

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a ..

10.0
2000-10-20 CVE-2000-0685 BEA Unspecified vulnerability in BEA Weblogic Server 3.1.8/4.0.4/4.5.1

BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.

10.0
2000-10-20 CVE-2000-0684 BEA Unspecified vulnerability in BEA Weblogic Server 3.1.8/4.0.4/4.5.1

BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.

10.0
2000-10-20 CVE-2000-0681 BEA Unspecified vulnerability in BEA Weblogic Server 4.5.2

Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.

10.0
2000-10-20 CVE-2000-0677 IBM Unspecified vulnerability in IBM Net.Data

Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.

10.0
2000-10-20 CVE-2000-0563 Apple Unspecified vulnerability in Apple mac OS Runtime FOR Java

The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.

10.0
2000-10-20 CVE-2000-0359 Acme Labs Unspecified vulnerability in Acme Labs Thttpd

Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.

10.0

41 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-10-20 CVE-2000-0727 Xpdf Unspecified vulnerability in Xpdf 0.90

xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.

7.6
2000-10-20 CVE-2000-0713 Adobe Buffer Overflow vulnerability in Adobe Acrobat, Acrobat Business Tools and Acrobat Reader

Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and Fill In products that handle PDF files allows attackers to execute arbitrary commands via a long /Registry or /Ordering specifier.

7.6
2000-10-20 CVE-2000-0792 Alan COX Unspecified vulnerability in Alan COX Gnome-Lokkit 0.1

Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available.

7.5
2000-10-20 CVE-2000-0787 Xchat Unspecified vulnerability in Xchat

IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser.

7.5
2000-10-20 CVE-2000-0779 Checkpoint Unspecified vulnerability in Checkpoint Firewall-1 3.0/4.0/4.1

Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests.

7.5
2000-10-20 CVE-2000-0776 Mediahouse Software Unspecified vulnerability in Mediahouse Software Statistics Server Livestats 5.02

Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request.

7.5
2000-10-20 CVE-2000-0775 Robtex Buffer Overflow vulnerability in Robotex Viking Server

Buffer overflow in RobTex Viking server earlier than 1.06-370 allows remote attackers to cause a denial of service or execute arbitrary commands via a long HTTP GET request, or long Unless-Modified-Since, If-Range, or If-Modified-Since headers.

7.5
2000-10-20 CVE-2000-0772 Tumbleweed Unspecified vulnerability in Tumbleweed Messaging Management System 4.3/4.5/4.6

The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account "sa" with no password.

7.5
2000-10-20 CVE-2000-0769 Oreilly Unspecified vulnerability in Oreilly Website PRO

O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe.

7.5
2000-10-20 CVE-2000-0766 Vqsoft Unspecified vulnerability in Vqsoft Vqserver 1.4.49

Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request.

7.5
2000-10-20 CVE-2000-0751 Netbsd
Openbsd
Redhat
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
7.5
2000-10-20 CVE-2000-0750 Netbsd
Openbsd
Redhat
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.
7.5
2000-10-20 CVE-2000-0746 Microsoft Cross-Site Scripting shtml.dll vulnerability in Microsoft products

Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks.

7.5
2000-10-20 CVE-2000-0745 Francisco Burzi Unspecified vulnerability in Francisco Burzi PHP-Nuke 1.0/2.5

admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter.

7.5
2000-10-20 CVE-2000-0741 Network Associates Unspecified vulnerability in Network Associates NET Tools PKI Server 1.0/1.0Hotfix1/1.0Hotfix2

Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension.

7.5
2000-10-20 CVE-2000-0711 Microsoft
Netscape
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
7.5
2000-10-20 CVE-2000-0707 Pccs Linux Unspecified vulnerability in Pccs-Linux Mysqldatabase Admin Tool 1.2.3/1.2.4

PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password.

7.5
2000-10-20 CVE-2000-0696 SUN Unspecified vulnerability in SUN Solaris Answerbook2

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.

7.5
2000-10-20 CVE-2000-0689 CGI Script Center Unspecified vulnerability in CGI Script Center Account Manager Lite1.0/Pro1.0

Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.

7.5
2000-10-20 CVE-2000-0688 CGI Script Center Unspecified vulnerability in CGI Script Center Subscribe ME Lite 2.0

Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.

7.5
2000-10-18 CVE-2000-1213 Immunix
Iputils
Redhat
ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges.
7.5
2000-10-20 CVE-2000-0801 HP Buffer Overflow vulnerability in HP Hp-Ux 10.20/11.00

Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option.

7.2
2000-10-20 CVE-2000-0797 SGI Buffer Overflow vulnerability in IRIX gr_osview

Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option.

7.2
2000-10-20 CVE-2000-0796 SGI Unspecified vulnerability in SGI Irix 6.2/6.3

Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.

7.2
2000-10-20 CVE-2000-0795 SGI Unspecified vulnerability in SGI Irix 6.2/6.3

Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option.

7.2
2000-10-20 CVE-2000-0794 SGI Buffer Overflow vulnerability in SGI Irix 6.2

Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as (1) gmemusage and (2) gr_osview.

7.2
2000-10-20 CVE-2000-0781 CA Unspecified vulnerability in CA Arcserve Backup 6.63Linux

uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.

7.2
2000-10-20 CVE-2000-0777 Microsoft Unspecified vulnerability in Microsoft Money 2000/2001

The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability.

7.2
2000-10-20 CVE-2000-0763 David Bagley Unspecified vulnerability in David Bagley Xlock 4.16/4.16.1

xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option.

7.2
2000-10-20 CVE-2000-0752 Freebsd Unspecified vulnerability in Freebsd

Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.

7.2
2000-10-20 CVE-2000-0749 Freebsd Unspecified vulnerability in Freebsd

Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.

7.2
2000-10-20 CVE-2000-0728 Xpdf Unspecified vulnerability in Xpdf 0.90

xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.

7.2
2000-10-20 CVE-2000-0725 Zope Unspecified vulnerability in Zope

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

7.2
2000-10-20 CVE-2000-0714 University OF Massachusetts Unspecified vulnerability in University of Massachusetts Scheme 3.2.11

umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable files.

7.2
2000-10-20 CVE-2000-0712 Lids Unspecified vulnerability in Lids 0.9.7

Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option.

7.2
2000-10-20 CVE-2000-0703 Larry Wall Unspecified vulnerability in Larry Wall Perl

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

7.2
2000-10-20 CVE-2000-0702 HP Unspecified vulnerability in HP Hp-Ux 11.00

The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.

7.2
2000-10-20 CVE-2000-0695 Tech Source Unspecified vulnerability in Tech-Source Raptor GFX Pgx32 2.3.1

Buffer overflows in pgxconfig in the Raptor GFX configuration tool allow local users to gain privileges via command line options.

7.2
2000-10-20 CVE-2000-0694 Tech Source Unspecified vulnerability in Tech-Source Raptor GFX Pgx32 2.3.1

pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack.

7.2
2000-10-20 CVE-2000-0693 Tech Source Unspecified vulnerability in Tech-Source Raptor GFX Pgx32 2.3.1

pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying their path to point to an alternate "cp" program.

7.2
2000-10-20 CVE-2000-0680 CVS Unspecified vulnerability in CVS 1.10.8

The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.

7.2

55 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-10-20 CVE-2000-0780 Ipswitch Unspecified vulnerability in Ipswitch Imail

The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a ..

6.4
2000-10-20 CVE-2000-0770 Microsoft Unspecified vulnerability in Microsoft products

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.

6.4
2000-10-20 CVE-2000-0760 Apache Information Disclosure vulnerability in Apache Tomcat Snoop Servlet

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.

6.4
2000-10-20 CVE-2000-0759 Apache Unspecified vulnerability in Apache Tomcat 3.1

Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.

6.4
2000-10-20 CVE-2000-0724 Helix Code Unspecified vulnerability in Helix Code Go-Gnome Pre-Installer 1.5

The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files.

6.2
2000-10-20 CVE-2000-0722 Helix Code Unspecified vulnerability in Helix Code Gnome Updater

Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages.

6.2
2000-10-20 CVE-2000-0721 Multisoft Unspecified vulnerability in Multisoft Flagship 4.4

The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses.

6.2
2000-10-20 CVE-2000-0719 Varicad Unspecified vulnerability in Varicad 7.0

VariCAD 7.0 is installed with world-writeable files, which allows local users to replace the VariCAD programs with a Trojan horse program.

6.2
2000-10-20 CVE-2000-0031 Redhat Local Security vulnerability in Redhat Linux 6.0/6.1

The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.

6.2
2000-10-20 CVE-2000-0765 Microsoft Unspecified vulnerability in Microsoft Excel, Powerpoint and Word

Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.

5.1
2000-10-20 CVE-2000-0785 Wircsrv Unspecified vulnerability in Wircsrv IRC Server 5.0.7S

WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files via the importmotd command, which sets the Message of the Day (MOTD) to the specified file.

5.0
2000-10-20 CVE-2000-0783 Watchguard Unspecified vulnerability in Watchguard Firebox II

Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100.

5.0
2000-10-20 CVE-2000-0782 Netwin Unspecified vulnerability in Netwin Netauth

netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a ..

5.0
2000-10-20 CVE-2000-0778 Microsoft Unspecified vulnerability in Microsoft Internet Information Services 5.0

IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.

5.0
2000-10-20 CVE-2000-0774 Bajie Path Disclosure vulnerability in Bajie Java Http Server 1.0

The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root.

5.0
2000-10-20 CVE-2000-0773 Bajie Unspecified vulnerability in Bajie Java Http Server 1.0

Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack.

5.0
2000-10-20 CVE-2000-0764 Intel Unspecified vulnerability in Intel Express 8100

Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet.

5.0
2000-10-20 CVE-2000-0761 IBM Unspecified vulnerability in IBM OS2 FTP Server 4.0/4.2/4.3

OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username.

5.0
2000-10-20 CVE-2000-0756 Microsoft Unspecified vulnerability in Microsoft Outlook 2000/98

Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.

5.0
2000-10-20 CVE-2000-0753 Microsoft Unspecified vulnerability in Microsoft Outlook 2000/97/98

The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.

5.0
2000-10-20 CVE-2000-0742 Microsoft Unspecified vulnerability in Microsoft Windows 95 and Windows 98

The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.

5.0
2000-10-20 CVE-2000-0740 Network Associates Unspecified vulnerability in Network Associates NET Tools PKI Server 1.0/1.0Hotfix1/1.0Hotfix2

Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port.

5.0
2000-10-20 CVE-2000-0739 Network Associates Unspecified vulnerability in Network Associates NET Tools PKI Server 1.0/1.0Hotfix1/1.0Hotfix2

Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a ..

5.0
2000-10-20 CVE-2000-0738 Network Associates Unspecified vulnerability in Network Associates Webshield Smtp 4.5

WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a .

5.0
2000-10-20 CVE-2000-0736 Rimarts INC Buffer Overflow vulnerability in Rimarts Inc. Becky Internet Mail 1.26.3

Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user forwards a message.

5.0
2000-10-20 CVE-2000-0735 Rimarts INC Buffer Overflow vulnerability in Rimarts Inc. Becky Internet Mail 1.26.3

Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user replies to a message.

5.0
2000-10-20 CVE-2000-0734 Eeye Digital Security
Spynet
Buffer Overflow vulnerability in Eeye IRIS

eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections.

5.0
2000-10-20 CVE-2000-0732 Jeremy Arnold Unspecified vulnerability in Jeremy Arnold Worm Webserver 1.0

Worm HTTP server allows remote attackers to cause a denial of service via a long URL.

5.0
2000-10-20 CVE-2000-0731 Jeremy Arnold Unspecified vulnerability in Jeremy Arnold Worm Webserver 1.0

Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a ..

5.0
2000-10-20 CVE-2000-0720 Gwscripts Unspecified vulnerability in Gwscripts News Publisher

news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.

5.0
2000-10-20 CVE-2000-0717 Goodtech Unspecified vulnerability in Goodtech FTP Server 95 98 and FTP Server NT 2000

GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands.

5.0
2000-10-20 CVE-2000-0710 Microsoft Denial Of Service vulnerability in Microsoft FrontPage Server Extensions MS-DOS Device Name

The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.

5.0
2000-10-20 CVE-2000-0709 Microsoft Denial Of Service vulnerability in Microsoft FrontPage Server Extensions MS-DOS Device Name

The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.

5.0
2000-10-20 CVE-2000-0708 Pragma Systems Unspecified vulnerability in Pragma Systems Telnetserver 2000

Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port.

5.0
2000-10-20 CVE-2000-0705 Luca Deri Unspecified vulnerability in Luca Deri Ntop 1.2A79

ntop running in web mode allows remote attackers to read arbitrary files via a ..

5.0
2000-10-20 CVE-2000-0700 Cisco Unspecified vulnerability in Cisco products

Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets.

5.0
2000-10-20 CVE-2000-0698 Minicom Unspecified vulnerability in Minicom

Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack.

5.0
2000-10-20 CVE-2000-0692 ISS Unspecified vulnerability in ISS Realsecure 3.2.1/3.2.2

ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a denial of service via a flood of fragmented packets with the SYN flag set.

5.0
2000-10-20 CVE-2000-0686 CGI Script Center Directory Traversal vulnerability in CGI Script Center Auction Weaver

Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2000-10-20 CVE-2000-0683 BEA Unspecified vulnerability in BEA Weblogic Server 5.1

BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.

5.0
2000-10-20 CVE-2000-0682 BEA Unspecified vulnerability in BEA Weblogic Server 5.1

BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.

5.0
2000-10-20 CVE-2000-0678 PGP Unspecified vulnerability in PGP 5.5.3I/6.5.1I/6.5.3I

PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.

5.0
2000-10-20 CVE-2000-0676 Netscape Unspecified vulnerability in Netscape Communicator

Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.

5.0
2000-10-20 CVE-2000-0360 ISC Unspecified vulnerability in ISC INN

Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.

5.0
2000-10-20 CVE-2000-0791 Trustix Unspecified vulnerability in Trustix Secure Linux 1.1

Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.

4.6
2000-10-20 CVE-2000-0790 Microsoft Unspecified vulnerability in Microsoft Windows 2000, Windows 98 and Windows 98Se

The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.

4.6
2000-10-20 CVE-2000-0789 Bardon Data Systems Unspecified vulnerability in Bardon Data Systems Winu 4.X/5.0

WinU 5.x and earlier uses weak encryption to store its configuration password, which allows local users to decrypt the password and gain privileges.

4.6
2000-10-20 CVE-2000-0786 GNU Unspecified vulnerability in GNU Userv 1.0.0

GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.

4.6
2000-10-20 CVE-2000-0758 Lyris Unspecified vulnerability in Lyris List Manager 3.0/4.0

The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field.

4.6
2000-10-20 CVE-2000-0755 HP Unspecified vulnerability in HP Openview Network Node Manager 6.1

Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges.

4.6
2000-10-20 CVE-2000-0748 Openldap Unspecified vulnerability in Openldap

OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse.

4.6
2000-10-20 CVE-2000-0737 Microsoft Unspecified vulnerability in Microsoft Windows 2000

The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.

4.6
2000-10-20 CVE-2000-0730 HP Unspecified vulnerability in HP Hp-Ux 11.00

Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.

4.6
2000-10-20 CVE-2000-0701 GNU
Conectiva
Redhat
Local Format String vulnerability in GNU Mailman

The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.

4.6
2000-10-18 CVE-2000-1214 Immunix
Iputils
Redhat
Buffer Overflow vulnerability in RedHat Linux ping

Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges.

4.6

14 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-10-20 CVE-2000-0799 SGI Unspecified vulnerability in SGI Irix

inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.

3.7
2000-10-20 CVE-2000-0802 PGP Unspecified vulnerability in PGP Personal Privacy 6.5.3

The BAIR program does not properly restrict access to the Internet Explorer Internet options menu, which allows local users to obtain access to the menu by modifying the registry key that starts BAIR.

3.6
2000-10-20 CVE-2000-0768 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.

2.6
2000-10-20 CVE-2000-0767 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.

2.6
2000-10-20 CVE-2000-0726 Stalkerlab Unspecified vulnerability in Stalkerlab Mailers 1.1.2

CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.

2.6
2000-10-20 CVE-2000-0716 ALT N Unspecified vulnerability in Alt-N Mdaemon 2.8

WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.

2.6
2000-10-20 CVE-2000-0771 Microsoft Unspecified vulnerability in Microsoft Windows 2000

Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.

2.1
2000-10-20 CVE-2000-0754 HP Unspecified vulnerability in HP Openview Network Node Manager 6.1

Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.

2.1
2000-10-20 CVE-2000-0729 Freebsd Unspecified vulnerability in Freebsd

FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.

2.1
2000-10-20 CVE-2000-0715 Kirk Bauer
Conectiva
Link Following vulnerability in multiple products

DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.

2.1
2000-10-20 CVE-2000-0691 Gert Doering Symbolic Link Traversal vulnerability in Gert Doering Mgetty 1.1.19/1.1.20/1.1.21

The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.

2.1
2000-10-20 CVE-2000-0679 CVS Unspecified vulnerability in CVS 1.10.8

The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.

2.1
2000-10-20 CVE-2000-0723 Helix Code Unspecified vulnerability in Helix Code Gnome Installer 0.2

Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config.

1.2
2000-10-20 CVE-2000-0718 Mandrakesoft Unspecified vulnerability in Mandrakesoft Mandrake Linux

A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.

1.2