Weekly Vulnerabilities Reports > December 18 to 24, 2000
Overview
107 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 36 high severity vulnerabilities. This weekly summary report vulnerabilities in 95 products from 66 vendors including Microsoft, Openbsd, Samba, Oracle, and GNU. Vulnerabilities are notably categorized as "Insufficiently Protected Credentials", and "Link Following".
- 79 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 106 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 12 reported vulnerabilities.
- GNU has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
17 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2000-12-19 | CVE-2000-0985 | Nevis Systems | Buffer Overflow vulnerability in Nevis Systems All-Mail 1.1 Buffer overflow in All-Mail 1.1 allows remote attackers to execute arbitrary commands via a long "MAIL FROM" or "RCPT TO" command. | 10.0 |
2000-12-19 | CVE-2000-0973 | Daniel Stenberg | Unspecified vulnerability in Daniel Stenberg Curl Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated. | 10.0 |
2000-12-19 | CVE-2000-0971 | Avirt | Unspecified vulnerability in Avirt Mail Server 4.0/4.2 Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command. | 10.0 |
2000-12-19 | CVE-2000-0969 | Valve Software | Unspecified vulnerability in Valve Software Half-Life Dedicated Server 3.1.3 Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon. | 10.0 |
2000-12-19 | CVE-2000-0968 | Valve Software | Unspecified vulnerability in Valve Software Half-Life Dedicated Server Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command. | 10.0 |
2000-12-19 | CVE-2000-0967 | PHP | Unspecified vulnerability in PHP 3.0/4.0 PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs. | 10.0 |
2000-12-19 | CVE-2000-0964 | Siemens | Unspecified vulnerability in Siemens Hinet LP 5100.0 Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. | 10.0 |
2000-12-19 | CVE-2000-0961 | Netscape | Unspecified vulnerability in Netscape products Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command. | 10.0 |
2000-12-19 | CVE-2000-0954 | Evolvable Corporation | Unspecified vulnerability in Evolvable Corporation Shambala Server 4.5 Shambala Server 4.5 stores passwords in plaintext, which could allow local users to obtain the passwords and compromise the server. | 10.0 |
2000-12-19 | CVE-2000-0952 | Shigio Yamaguchi | Unspecified vulnerability in Shigio Yamaguchi Global 3.55 global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters. | 10.0 |
2000-12-19 | CVE-2000-0947 | GNU | Unspecified vulnerability in GNU Cfengine 1.5/1.5.34/1.6 Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. | 10.0 |
2000-12-19 | CVE-2000-0945 | Cisco | Unspecified vulnerability in Cisco Catalyst 3500 XL The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. | 10.0 |
2000-12-19 | CVE-2000-0941 | Kootenay WEB INC | Unspecified vulnerability in Kootenay web INC Kootenay web INC Whois 1.0 Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter. | 10.0 |
2000-12-19 | CVE-2000-0917 | Caldera Redhat Trustix | Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands. | 10.0 |
2000-12-19 | CVE-2000-0818 | Oracle | Unspecified vulnerability in Oracle Listener 7.3.4/8.0.6/8.1.6 The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands. | 10.0 |
2000-12-19 | CVE-2000-0803 | GNU | Unspecified vulnerability in GNU Groff GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff. | 10.0 |
2000-12-19 | CVE-2000-0944 | CGI | Insufficiently Protected Credentials vulnerability in CGI Script Center News Update 1.1 CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. | 9.8 |
36 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2000-12-19 | CVE-2000-0991 | Hilgraeve | Unspecified vulnerability in Hilgraeve Hyperterminal Buffer overflow in Hilgraeve, Inc. | 7.5 |
2000-12-19 | CVE-2000-0990 | Krzysztof Dabrowski | Unspecified vulnerability in Krzysztof Dabrowski Cmd5Checkpw 0.20/0.21 cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username. | 7.5 |
2000-12-19 | CVE-2000-0982 | Microsoft | Unspecified vulnerability in Microsoft Internet Explorer Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability. | 7.5 |
2000-12-19 | CVE-2000-0978 | BB4 | Unspecified vulnerability in BB4 BIG Brother Network Monitor 1.5C2 bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter. | 7.5 |
2000-12-19 | CVE-2000-0974 | GNU | Unspecified vulnerability in GNU Privacy Guard GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection. | 7.5 |
2000-12-19 | CVE-2000-0970 | Microsoft | Unspecified vulnerability in Microsoft products IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. | 7.5 |
2000-12-19 | CVE-2000-0957 | PAM Mysql | Unspecified vulnerability in PAM Mysql PAM Mysql The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes. | 7.5 |
2000-12-19 | CVE-2000-0955 | Cisco | Remote Username and Password Retrieval vulnerability in Cisco Virtual Central Office 4000 5.1.3 Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges. | 7.5 |
2000-12-19 | CVE-2000-0943 | MAX Wilhelm Bruker | Unspecified vulnerability in Max-Wilhelm Bruker Bftpd 1.0.11 Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command. | 7.5 |
2000-12-19 | CVE-2000-0937 | Samba | Unspecified vulnerability in Samba 2.0.7 Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks. | 7.5 |
2000-12-19 | CVE-2000-0931 | David Harris | Buffer Overflow vulnerability in David Harris Pegasus Mail 3.11 Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data. | 7.5 |
2000-12-19 | CVE-2000-0926 | Smartwin Technology | Unspecified vulnerability in Smartwin Technology Cyberoffice Shopping Cart 2.0 SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable. | 7.5 |
2000-12-19 | CVE-2000-0923 | Aplio | Unspecified vulnerability in Aplio Phone 2.0.33Build1 authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. | 7.5 |
2000-12-19 | CVE-2000-0916 | Freebsd | Unspecified vulnerability in Freebsd FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections. | 7.5 |
2000-12-19 | CVE-2000-0909 | University OF Washington | Unspecified vulnerability in University of Washington Pine 4.0.4/4.10/4.21 Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header. | 7.5 |
2000-12-19 | CVE-2000-0907 | Etype | Unspecified vulnerability in Etype Eserv 2.92 EServ 2.92 Build 2982 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long HELO and MAIL FROM commands. | 7.5 |
2000-12-19 | CVE-2000-0900 | Acme Labs | Unspecified vulnerability in Acme Labs Thttpd Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. | 7.5 |
2000-12-19 | CVE-2000-0886 | Microsoft | Unspecified vulnerability in Microsoft products IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. | 7.5 |
2000-12-19 | CVE-2000-0885 | Microsoft | Unspecified vulnerability in Microsoft Systems Management Server, Windows 2000 and Windows NT Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. | 7.5 |
2000-12-19 | CVE-2000-0884 | Microsoft | Unspecified vulnerability in Microsoft products IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. | 7.5 |
2000-12-19 | CVE-2000-0817 | Microsoft | Unspecified vulnerability in Microsoft Network Monitor Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability. | 7.5 |
2000-12-19 | CVE-2000-0810 | CGI Script Center | Unspecified vulnerability in CGI Script Center Auction Weaver Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. | 7.5 |
2000-12-20 | CVE-1999-0307 | HP | Unspecified vulnerability in HP Hp-Ux 10.00/9.00 Buffer overflow in HP-UX cstm program allows local users to gain root privileges. | 7.2 |
2000-12-19 | CVE-2000-0997 | Netbsd Openbsd | Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges. | 7.2 |
2000-12-19 | CVE-2000-0996 | Openbsd | Unspecified vulnerability in Openbsd Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell. | 7.2 |
2000-12-19 | CVE-2000-0995 | Openbsd | Unspecified vulnerability in Openbsd Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name. | 7.2 |
2000-12-19 | CVE-2000-0994 | Openbsd | Unspecified vulnerability in Openbsd Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable. | 7.2 |
2000-12-19 | CVE-2000-0993 | Freebsd Netbsd Openbsd | Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. | 7.2 |
2000-12-19 | CVE-2000-0988 | Bardon Data Systems | Unspecified vulnerability in Bardon Data Systems Winu WinU 1.0 through 5.1 has a backdoor password that allows remote attackers to gain access to its administrative interface and modify configuration. | 7.2 |
2000-12-19 | CVE-2000-0981 | Oracle | Unspecified vulnerability in Oracle Mysql MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password. | 7.2 |
2000-12-19 | CVE-2000-0950 | TIS | Unspecified vulnerability in TIS Internet Firewall Toolkit 2.1 Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name. | 7.2 |
2000-12-19 | CVE-2000-0949 | LBL SUN | Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option. | 7.2 |
2000-12-19 | CVE-2000-0948 | Gnome | Unspecified vulnerability in Gnome Gnorpm GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. | 7.2 |
2000-12-19 | CVE-2000-0935 | Samba | Unspecified vulnerability in Samba 2.0.7 Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. | 7.2 |
2000-12-19 | CVE-2000-0934 | Redhat | Unspecified vulnerability in Redhat Linux 5.2 Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. | 7.2 |
2000-12-19 | CVE-2000-0918 | KDE | Unspecified vulnerability in KDE KVT 1.1.2 Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters. | 7.2 |
51 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2000-12-19 | CVE-2000-0979 | Microsoft | Unspecified vulnerability in Microsoft products File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability. | 6.4 |
2000-12-19 | CVE-2000-0940 | Metertek | Unspecified vulnerability in Metertek Pagelog.Cgi 1.0 Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. | 6.4 |
2000-12-19 | CVE-2000-0972 | HP | Link Following vulnerability in HP Hp-Ux 11.00 HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. | 5.5 |
2000-12-19 | CVE-2000-0942 | Microsoft | Unspecified vulnerability in Microsoft Indexing Service The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. | 5.1 |
2000-12-19 | CVE-2000-0992 | Openbsd SSH | Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. | 5.0 |
2000-12-19 | CVE-2000-0989 | Intel | Unspecified vulnerability in Intel Inbusiness Email Station 1.4.87 Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username. | 5.0 |
2000-12-19 | CVE-2000-0984 | Cisco | Unspecified vulnerability in Cisco IOS The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string. | 5.0 |
2000-12-19 | CVE-2000-0980 | Microsoft | Unspecified vulnerability in Microsoft products NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network. | 5.0 |
2000-12-19 | CVE-2000-0977 | Oatmeal Studios | Unspecified vulnerability in Oatmeal Studios Mail File 1.10 mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter. | 5.0 |
2000-12-19 | CVE-2000-0975 | Anaconda Partners | Unspecified vulnerability in Anaconda Partners Foundation Directory Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. | 5.0 |
2000-12-19 | CVE-2000-0965 | HP | Unspecified vulnerability in HP Vvos 10.24/11.04 The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization). | 5.0 |
2000-12-19 | CVE-2000-0962 | Openbsd | Unspecified vulnerability in Openbsd 2.7 The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service. | 5.0 |
2000-12-19 | CVE-2000-0960 | Netscape | Unspecified vulnerability in Netscape Messaging Server 4.15 The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse. | 5.0 |
2000-12-19 | CVE-2000-0958 | SUN | Unspecified vulnerability in SUN Hotjava Browser 3.0 HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window. | 5.0 |
2000-12-19 | CVE-2000-0953 | Evolvable Corporation | Unspecified vulnerability in Evolvable Corporation Shambala Server 4.5 Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection. | 5.0 |
2000-12-19 | CVE-2000-0951 | Microsoft | Unspecified vulnerability in Microsoft Internet Information Services 5.0 A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search. | 5.0 |
2000-12-19 | CVE-2000-0939 | Samba | Unspecified vulnerability in Samba 2.0.7 Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart. | 5.0 |
2000-12-19 | CVE-2000-0938 | Samba | Unspecified vulnerability in Samba 2.0.7 Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. | 5.0 |
2000-12-19 | CVE-2000-0932 | Clearswift | Unspecified vulnerability in Clearswift Mailsweeper for Smtp 3.X MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service. | 5.0 |
2000-12-19 | CVE-2000-0930 | David Harris | Unspecified vulnerability in David Harris Pegasus Mail 3.12 Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. | 5.0 |
2000-12-19 | CVE-2000-0929 | Microsoft | Unspecified vulnerability in Microsoft Windows Media Player 7 Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. | 5.0 |
2000-12-19 | CVE-2000-0925 | Smartwin Technology | Unspecified vulnerability in Smartwin Technology Cyberoffice Shopping Cart 2.0 The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information. | 5.0 |
2000-12-19 | CVE-2000-0924 | Armada Design | Unspecified vulnerability in Armada Design Master Index 1.0 Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. | 5.0 |
2000-12-19 | CVE-2000-0922 | Bytes Interactive | Unspecified vulnerability in Bytes Interactive web Shopper 1.0/2.0 Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2000-12-19 | CVE-2000-0921 | Hassan Consulting | Unspecified vulnerability in Hassan Consulting Shopping Cart Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. | 5.0 |
2000-12-19 | CVE-2000-0920 | BOA | Unspecified vulnerability in BOA Webserver Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. | 5.0 |
2000-12-19 | CVE-2000-0919 | Phpix | Unspecified vulnerability in PHPix 1.0/1.0.1/1.0.2 Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2000-12-19 | CVE-2000-0915 | Freebsd | Unspecified vulnerability in Freebsd 4.1.1 fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name. | 5.0 |
2000-12-19 | CVE-2000-0914 | Openbsd | Unspecified vulnerability in Openbsd OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests. | 5.0 |
2000-12-19 | CVE-2000-0912 | JCS WEB Works | Unspecified vulnerability in JCS web Works Multihtml MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter. | 5.0 |
2000-12-19 | CVE-2000-0911 | Horde | Unspecified vulnerability in Horde IMP 2.0/2.2 IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. | 5.0 |
2000-12-19 | CVE-2000-0908 | Netcplus | Unspecified vulnerability in Netcplus Browsegate 2.80 BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request. | 5.0 |
2000-12-19 | CVE-2000-0906 | Moreover COM | Unspecified vulnerability in Moreover.Com Cached Feed.Cgi Script 1.0 Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. | 5.0 |
2000-12-19 | CVE-2000-0905 | QNX | Multiple vulnerability in QNX Voyager 2.01B QNX Embedded Resource Manager in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read sensitive system statistics information via the embedded.html web page. | 5.0 |
2000-12-19 | CVE-2000-0904 | QNX | Multiple vulnerability in QNX Voyager 2.01B Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to obtain that information. | 5.0 |
2000-12-19 | CVE-2000-0903 | QNX | Multiple vulnerability in QNX Voyager 2.01B Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. | 5.0 |
2000-12-19 | CVE-2000-0902 | Nathan Purciful | Unspecified vulnerability in Nathan Purciful PHPphotoalbum 0.9.9 getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. | 5.0 |
2000-12-19 | CVE-2000-0888 | ISC Debian | named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug." | 5.0 |
2000-12-19 | CVE-2000-0887 | ISC | Unspecified vulnerability in ISC Bind 8.2.2 named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug." | 5.0 |
2000-12-19 | CVE-2000-0811 | CGI Script Center | Unspecified vulnerability in CGI Script Center Auction Weaver Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. | 5.0 |
2000-12-18 | CVE-2000-1212 | Zope | Unspecified vulnerability in Zope Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects. | 5.0 |
2000-12-19 | CVE-2000-0987 | Oracle | Unspecified vulnerability in Oracle Internet Directory and Oracle8I Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter. | 4.6 |
2000-12-19 | CVE-2000-0986 | Oracle | Unspecified vulnerability in Oracle Oracle8I 8.1.5 Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable. | 4.6 |
2000-12-19 | CVE-2000-0976 | Xfree86 Project | Unspecified vulnerability in Xfree86 Project Xlib 3.3X Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter. | 4.6 |
2000-12-19 | CVE-2000-0966 | HP | Unspecified vulnerability in HP Hp-Ux 10.00/11.00 Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges. | 4.6 |
2000-12-19 | CVE-2000-0956 | Carnegie Mellon University | Unspecified vulnerability in Carnegie Mellon University Cyrus-Sasl 1.5.24 cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions. | 4.6 |
2000-12-19 | CVE-2000-0946 | Compaq | Unspecified vulnerability in Compaq Easy Access Keyboard Software 1.3 Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization. | 4.6 |
2000-12-19 | CVE-2000-0933 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000 The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability. | 4.6 |
2000-12-19 | CVE-2000-0927 | Wquinn | Unspecified vulnerability in Wquinn Quotaadvisor 4.1 WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions. | 4.6 |
2000-12-19 | CVE-2000-0910 | Horde | Unspecified vulnerability in Horde 1.2 Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address. | 4.6 |
2000-12-19 | CVE-2000-0901 | Juergen | Unspecified vulnerability in Juergen Weigert Screen 3.9.3/3.9.4/3.9.5 Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable. | 4.6 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2000-12-19 | CVE-2000-0936 | Samba | Unspecified vulnerability in Samba 2.0.7 Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. | 2.1 |
2000-12-19 | CVE-2000-0928 | Wquinn | Unspecified vulnerability in Wquinn Diskadvisor WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares. | 2.1 |
2000-12-19 | CVE-2000-0959 | GNU | Unspecified vulnerability in GNU Glibc 2.1.3.10 glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. | 1.2 |