Weekly Vulnerabilities Reports > December 18 to 24, 2000

Overview

107 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 36 high severity vulnerabilities. This weekly summary report vulnerabilities in 95 products from 66 vendors including Microsoft, Openbsd, Samba, Oracle, and GNU. Vulnerabilities are notably categorized as "Insufficiently Protected Credentials", and "Link Following".

  • 79 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 106 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 12 reported vulnerabilities.
  • GNU has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

17 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-12-19 CVE-2000-0985 Nevis Systems Buffer Overflow vulnerability in Nevis Systems All-Mail 1.1

Buffer overflow in All-Mail 1.1 allows remote attackers to execute arbitrary commands via a long "MAIL FROM" or "RCPT TO" command.

10.0
2000-12-19 CVE-2000-0973 Daniel Stenberg Unspecified vulnerability in Daniel Stenberg Curl

Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.

10.0
2000-12-19 CVE-2000-0971 Avirt Unspecified vulnerability in Avirt Mail Server 4.0/4.2

Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command.

10.0
2000-12-19 CVE-2000-0969 Valve Software Unspecified vulnerability in Valve Software Half-Life Dedicated Server 3.1.3

Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon.

10.0
2000-12-19 CVE-2000-0968 Valve Software Unspecified vulnerability in Valve Software Half-Life Dedicated Server

Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command.

10.0
2000-12-19 CVE-2000-0967 PHP Unspecified vulnerability in PHP 3.0/4.0

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

10.0
2000-12-19 CVE-2000-0964 Siemens Unspecified vulnerability in Siemens Hinet LP 5100.0

Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

10.0
2000-12-19 CVE-2000-0961 Netscape Unspecified vulnerability in Netscape products

Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.

10.0
2000-12-19 CVE-2000-0954 Evolvable Corporation Unspecified vulnerability in Evolvable Corporation Shambala Server 4.5

Shambala Server 4.5 stores passwords in plaintext, which could allow local users to obtain the passwords and compromise the server.

10.0
2000-12-19 CVE-2000-0952 Shigio Yamaguchi Unspecified vulnerability in Shigio Yamaguchi Global 3.55

global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters.

10.0
2000-12-19 CVE-2000-0947 GNU Unspecified vulnerability in GNU Cfengine 1.5/1.5.34/1.6

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.

10.0
2000-12-19 CVE-2000-0945 Cisco Unspecified vulnerability in Cisco Catalyst 3500 XL

The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.

10.0
2000-12-19 CVE-2000-0941 Kootenay WEB INC Unspecified vulnerability in Kootenay web INC Kootenay web INC Whois 1.0

Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter.

10.0
2000-12-19 CVE-2000-0917 Caldera
Redhat
Trustix
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
10.0
2000-12-19 CVE-2000-0818 Oracle Unspecified vulnerability in Oracle Listener 7.3.4/8.0.6/8.1.6

The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.

10.0
2000-12-19 CVE-2000-0803 GNU Unspecified vulnerability in GNU Groff

GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.

10.0
2000-12-19 CVE-2000-0944 CGI Insufficiently Protected Credentials vulnerability in CGI Script Center News Update 1.1

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.

9.8

36 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-12-19 CVE-2000-0991 Hilgraeve Unspecified vulnerability in Hilgraeve Hyperterminal

Buffer overflow in Hilgraeve, Inc.

7.5
2000-12-19 CVE-2000-0990 Krzysztof Dabrowski Unspecified vulnerability in Krzysztof Dabrowski Cmd5Checkpw 0.20/0.21

cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username.

7.5
2000-12-19 CVE-2000-0982 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability.

7.5
2000-12-19 CVE-2000-0978 BB4 Unspecified vulnerability in BB4 BIG Brother Network Monitor 1.5C2

bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter.

7.5
2000-12-19 CVE-2000-0974 GNU Unspecified vulnerability in GNU Privacy Guard

GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.

7.5
2000-12-19 CVE-2000-0970 Microsoft Unspecified vulnerability in Microsoft products

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.

7.5
2000-12-19 CVE-2000-0957 PAM Mysql Unspecified vulnerability in PAM Mysql PAM Mysql

The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.

7.5
2000-12-19 CVE-2000-0955 Cisco Remote Username and Password Retrieval vulnerability in Cisco Virtual Central Office 4000 5.1.3

Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges.

7.5
2000-12-19 CVE-2000-0943 MAX Wilhelm Bruker Unspecified vulnerability in Max-Wilhelm Bruker Bftpd 1.0.11

Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command.

7.5
2000-12-19 CVE-2000-0937 Samba Unspecified vulnerability in Samba 2.0.7

Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.

7.5
2000-12-19 CVE-2000-0931 David Harris Buffer Overflow vulnerability in David Harris Pegasus Mail 3.11

Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data.

7.5
2000-12-19 CVE-2000-0926 Smartwin Technology Unspecified vulnerability in Smartwin Technology Cyberoffice Shopping Cart 2.0

SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable.

7.5
2000-12-19 CVE-2000-0923 Aplio Unspecified vulnerability in Aplio Phone 2.0.33Build1

authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.

7.5
2000-12-19 CVE-2000-0916 Freebsd Unspecified vulnerability in Freebsd

FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.

7.5
2000-12-19 CVE-2000-0909 University OF Washington Unspecified vulnerability in University of Washington Pine 4.0.4/4.10/4.21

Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.

7.5
2000-12-19 CVE-2000-0907 Etype Unspecified vulnerability in Etype Eserv 2.92

EServ 2.92 Build 2982 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long HELO and MAIL FROM commands.

7.5
2000-12-19 CVE-2000-0900 Acme Labs Unspecified vulnerability in Acme Labs Thttpd

Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the ..

7.5
2000-12-19 CVE-2000-0886 Microsoft Unspecified vulnerability in Microsoft products

IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.

7.5
2000-12-19 CVE-2000-0885 Microsoft Unspecified vulnerability in Microsoft Systems Management Server, Windows 2000 and Windows NT

Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability.

7.5
2000-12-19 CVE-2000-0884 Microsoft Unspecified vulnerability in Microsoft products

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

7.5
2000-12-19 CVE-2000-0817 Microsoft Unspecified vulnerability in Microsoft Network Monitor

Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability.

7.5
2000-12-19 CVE-2000-0810 CGI Script Center Unspecified vulnerability in CGI Script Center Auction Weaver

Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a ..

7.5
2000-12-20 CVE-1999-0307 HP Unspecified vulnerability in HP Hp-Ux 10.00/9.00

Buffer overflow in HP-UX cstm program allows local users to gain root privileges.

7.2
2000-12-19 CVE-2000-0997 Netbsd
Openbsd
Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
7.2
2000-12-19 CVE-2000-0996 Openbsd Unspecified vulnerability in Openbsd

Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.

7.2
2000-12-19 CVE-2000-0995 Openbsd Unspecified vulnerability in Openbsd

Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.

7.2
2000-12-19 CVE-2000-0994 Openbsd Unspecified vulnerability in Openbsd

Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.

7.2
2000-12-19 CVE-2000-0993 Freebsd
Netbsd
Openbsd
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
7.2
2000-12-19 CVE-2000-0988 Bardon Data Systems Unspecified vulnerability in Bardon Data Systems Winu

WinU 1.0 through 5.1 has a backdoor password that allows remote attackers to gain access to its administrative interface and modify configuration.

7.2
2000-12-19 CVE-2000-0981 Oracle Unspecified vulnerability in Oracle Mysql

MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.

7.2
2000-12-19 CVE-2000-0950 TIS Unspecified vulnerability in TIS Internet Firewall Toolkit 2.1

Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name.

7.2
2000-12-19 CVE-2000-0949 LBL
SUN
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.
7.2
2000-12-19 CVE-2000-0948 Gnome Unspecified vulnerability in Gnome Gnorpm

GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.

7.2
2000-12-19 CVE-2000-0935 Samba Unspecified vulnerability in Samba 2.0.7

Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.

7.2
2000-12-19 CVE-2000-0934 Redhat Unspecified vulnerability in Redhat Linux 5.2

Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack.

7.2
2000-12-19 CVE-2000-0918 KDE Unspecified vulnerability in KDE KVT 1.1.2

Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters.

7.2

51 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-12-19 CVE-2000-0979 Microsoft Unspecified vulnerability in Microsoft products

File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.

6.4
2000-12-19 CVE-2000-0940 Metertek Unspecified vulnerability in Metertek Pagelog.Cgi 1.0

Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a ..

6.4
2000-12-19 CVE-2000-0972 HP Link Following vulnerability in HP Hp-Ux 11.00

HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.

5.5
2000-12-19 CVE-2000-0942 Microsoft Unspecified vulnerability in Microsoft Indexing Service

The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.

5.1
2000-12-19 CVE-2000-0992 Openbsd
SSH
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a ..
5.0
2000-12-19 CVE-2000-0989 Intel Unspecified vulnerability in Intel Inbusiness Email Station 1.4.87

Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username.

5.0
2000-12-19 CVE-2000-0984 Cisco Unspecified vulnerability in Cisco IOS

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

5.0
2000-12-19 CVE-2000-0980 Microsoft Unspecified vulnerability in Microsoft products

NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network.

5.0
2000-12-19 CVE-2000-0977 Oatmeal Studios Unspecified vulnerability in Oatmeal Studios Mail File 1.10

mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.

5.0
2000-12-19 CVE-2000-0975 Anaconda Partners Unspecified vulnerability in Anaconda Partners Foundation Directory

Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a ..

5.0
2000-12-19 CVE-2000-0965 HP Unspecified vulnerability in HP Vvos 10.24/11.04

The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization).

5.0
2000-12-19 CVE-2000-0962 Openbsd Unspecified vulnerability in Openbsd 2.7

The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.

5.0
2000-12-19 CVE-2000-0960 Netscape Unspecified vulnerability in Netscape Messaging Server 4.15

The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse.

5.0
2000-12-19 CVE-2000-0958 SUN Unspecified vulnerability in SUN Hotjava Browser 3.0

HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.

5.0
2000-12-19 CVE-2000-0953 Evolvable Corporation Unspecified vulnerability in Evolvable Corporation Shambala Server 4.5

Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection.

5.0
2000-12-19 CVE-2000-0951 Microsoft Unspecified vulnerability in Microsoft Internet Information Services 5.0

A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.

5.0
2000-12-19 CVE-2000-0939 Samba Unspecified vulnerability in Samba 2.0.7

Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart.

5.0
2000-12-19 CVE-2000-0938 Samba Unspecified vulnerability in Samba 2.0.7

Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.

5.0
2000-12-19 CVE-2000-0932 Clearswift Unspecified vulnerability in Clearswift Mailsweeper for Smtp 3.X

MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service.

5.0
2000-12-19 CVE-2000-0930 David Harris Unspecified vulnerability in David Harris Pegasus Mail 3.12

Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch.

5.0
2000-12-19 CVE-2000-0929 Microsoft Unspecified vulnerability in Microsoft Windows Media Player 7

Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability.

5.0
2000-12-19 CVE-2000-0925 Smartwin Technology Unspecified vulnerability in Smartwin Technology Cyberoffice Shopping Cart 2.0

The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information.

5.0
2000-12-19 CVE-2000-0924 Armada Design Unspecified vulnerability in Armada Design Master Index 1.0

Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a ..

5.0
2000-12-19 CVE-2000-0922 Bytes Interactive Unspecified vulnerability in Bytes Interactive web Shopper 1.0/2.0

Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2000-12-19 CVE-2000-0921 Hassan Consulting Unspecified vulnerability in Hassan Consulting Shopping Cart

Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a ..

5.0
2000-12-19 CVE-2000-0920 BOA Unspecified vulnerability in BOA Webserver

Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified ..

5.0
2000-12-19 CVE-2000-0919 Phpix Unspecified vulnerability in PHPix 1.0/1.0.1/1.0.2

Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2000-12-19 CVE-2000-0915 Freebsd Unspecified vulnerability in Freebsd 4.1.1

fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.

5.0
2000-12-19 CVE-2000-0914 Openbsd Unspecified vulnerability in Openbsd

OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.

5.0
2000-12-19 CVE-2000-0912 JCS WEB Works Unspecified vulnerability in JCS web Works Multihtml

MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter.

5.0
2000-12-19 CVE-2000-0911 Horde Unspecified vulnerability in Horde IMP 2.0/2.2

IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.

5.0
2000-12-19 CVE-2000-0908 Netcplus Unspecified vulnerability in Netcplus Browsegate 2.80

BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request.

5.0
2000-12-19 CVE-2000-0906 Moreover COM Unspecified vulnerability in Moreover.Com Cached Feed.Cgi Script 1.0

Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a ..

5.0
2000-12-19 CVE-2000-0905 QNX Multiple vulnerability in QNX Voyager 2.01B

QNX Embedded Resource Manager in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read sensitive system statistics information via the embedded.html web page.

5.0
2000-12-19 CVE-2000-0904 QNX Multiple vulnerability in QNX Voyager 2.01B

Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to obtain that information.

5.0
2000-12-19 CVE-2000-0903 QNX Multiple vulnerability in QNX Voyager 2.01B

Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a ..

5.0
2000-12-19 CVE-2000-0902 Nathan Purciful Unspecified vulnerability in Nathan Purciful PHPphotoalbum 0.9.9

getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a ..

5.0
2000-12-19 CVE-2000-0888 ISC
Debian
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."
5.0
2000-12-19 CVE-2000-0887 ISC Unspecified vulnerability in ISC Bind 8.2.2

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."

5.0
2000-12-19 CVE-2000-0811 CGI Script Center Unspecified vulnerability in CGI Script Center Auction Weaver

Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a ..

5.0
2000-12-18 CVE-2000-1212 Zope Unspecified vulnerability in Zope

Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.

5.0
2000-12-19 CVE-2000-0987 Oracle Unspecified vulnerability in Oracle Internet Directory and Oracle8I

Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.

4.6
2000-12-19 CVE-2000-0986 Oracle Unspecified vulnerability in Oracle Oracle8I 8.1.5

Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable.

4.6
2000-12-19 CVE-2000-0976 Xfree86 Project Unspecified vulnerability in Xfree86 Project Xlib 3.3X

Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.

4.6
2000-12-19 CVE-2000-0966 HP Unspecified vulnerability in HP Hp-Ux 10.00/11.00

Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges.

4.6
2000-12-19 CVE-2000-0956 Carnegie Mellon University Unspecified vulnerability in Carnegie Mellon University Cyrus-Sasl 1.5.24

cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.

4.6
2000-12-19 CVE-2000-0946 Compaq Unspecified vulnerability in Compaq Easy Access Keyboard Software 1.3

Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization.

4.6
2000-12-19 CVE-2000-0933 Microsoft Unspecified vulnerability in Microsoft Windows 2000

The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.

4.6
2000-12-19 CVE-2000-0927 Wquinn Unspecified vulnerability in Wquinn Quotaadvisor 4.1

WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.

4.6
2000-12-19 CVE-2000-0910 Horde Unspecified vulnerability in Horde 1.2

Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.

4.6
2000-12-19 CVE-2000-0901 Juergen Unspecified vulnerability in Juergen Weigert Screen 3.9.3/3.9.4/3.9.5

Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable.

4.6

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2000-12-19 CVE-2000-0936 Samba Unspecified vulnerability in Samba 2.0.7

Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.

2.1
2000-12-19 CVE-2000-0928 Wquinn Unspecified vulnerability in Wquinn Diskadvisor

WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares.

2.1
2000-12-19 CVE-2000-0959 GNU Unspecified vulnerability in GNU Glibc 2.1.3.10

glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.

1.2