[CLOSE] OSVDB ID : 13755 - Disclosed: 2000-11-30

Description:

(Description Provided by CVE) : The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.

[CLOSE] OSVDB ID : 60974 - Disclosed: 2000-11-30

Description:

BSDIi is prone to an overflow condition. The /usr/contrib/mh/bin/inc binary fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted request, a local attacker can potentially execute arbitrary code with increased privileges.

[CLOSE] OSVDB ID : 85825 - Disclosed: 2000-11-30

Description:

Linux Kernel contains a flaw that is triggered when ptrace is used to track a child process, which will result in the program not properly checking permissions of the user. This may allow a remote attacker to bypass restrictions and gain access to potentially sensitive information stored within executable files.

[CLOSE] OSVDB ID : 462 - Disclosed: 2000-11-30

Description:

(Description Provided by CVE) : Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE.

[CLOSE] OSVDB ID : 1672 - Disclosed: 2000-11-30

Description:

(Description Provided by CVE) : Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.

[CLOSE] OSVDB ID : 7208 - Disclosed: 2000-11-30

Description:

fshd contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker creates a symbolic link to a file owned by the user running fshd. Standard unix commands can be used to exploit this issue. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.

[CLOSE] OSVDB ID : 60978 - Disclosed: 2000-11-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 49712 - Disclosed: 2000-11-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 1667 - Disclosed: 2000-11-29

Description:

SonicWALL SOHO2 Firewall contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker provides an overly long username to the web server, and will result in loss of availability for the firewall.

[CLOSE] OSVDB ID : 6627 - Disclosed: 2000-11-29

Description:

(Description Provided by CVE) : Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet.

[CLOSE] OSVDB ID : 7206 - Disclosed: 2000-11-29

Description:

(Description Provided by CVE) : Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.

[CLOSE] OSVDB ID : 7255 - Disclosed: 2000-11-29

Description:

Sun JDK (Java Development Kit) and JRE (Java Runtime Environment) contains a flaw that may allow a malicious user to acces restricted resources. The issue is triggered when an untrusted java class loads other disallowed java classes, which will escape the Java sandbox and conduct unauthorized activities, resulting in a loss of confidentiality and integrity.

[CLOSE] OSVDB ID : 9483 - Disclosed: 2000-11-28

Description:

(Description Provided by CVE) : document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.

[CLOSE] OSVDB ID : 460 - Disclosed: 2000-11-28

Description:

Cisco CBOS contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a malicous GET request occurs, and will result in loss of availability for the router.

[CLOSE] OSVDB ID : 1668 - Disclosed: 2000-11-28

Description:

(Description Provided by CVE) : Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs.

[CLOSE] OSVDB ID : 1670 - Disclosed: 2000-11-28

Description:

(Description Provided by CVE) : in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash.

[CLOSE] OSVDB ID : 1671 - Disclosed: 2000-11-28

Description:

(Description Provided by CVE) : Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed.

[CLOSE] OSVDB ID : 20987 - Disclosed: 2000-11-27

Description:

(Description Provided by CVE) : BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.

[CLOSE] OSVDB ID : 1665 - Disclosed: 2000-11-27

Description:

(Description Provided by CVE) : Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.

[CLOSE] OSVDB ID : 7746 - Disclosed: 2000-11-27

Description:

(Description Provided by CVE) : Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command.

[CLOSE] OSVDB ID : 10889 - Disclosed: 2000-11-27

Description:

(Description Provided by CVE) : 24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request.

[CLOSE] OSVDB ID : 1664 - Disclosed: 2000-11-26

Description:

(Description Provided by CVE) : Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer.

[CLOSE] OSVDB ID : 11813 - Disclosed: 2000-11-26

Description:

(Description Provided by CVE) : PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to cause a denial of service (server crash) via "mode +owgscfxeb" and "oper" commands.

[CLOSE] OSVDB ID : 13756 - Disclosed: 2000-11-26

Description:

BSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the rcvtty component fails to properly drop SGID privileges before executing arbitrary commands contained within incoming messages. A malicious user can prepare a shell script containing the commands, which will execute with the privileges of the tty group. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 1663 - Disclosed: 2000-11-25

Description:

(Description Provided by CVE) : Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.

[CLOSE] OSVDB ID : 10807 - Disclosed: 2000-11-24

Description:

(Description Provided by CVE) : The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.

[CLOSE] OSVDB ID : 53866 - Disclosed: 2000-11-23

Description:

Phorum contains a flaw that allows a remote attacker to traverse and access files outside of the web path. The issue is due to the support/common.php not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'ForumLang' variable.

[CLOSE] OSVDB ID : 20179 - Disclosed: 2000-11-23

Description:

(Description Provided by CVE) : Caucho Technology Resin 1.2 and possibly earlier allows remote attackers to view JSP source via an HTTP request to a .jsp file with certain characters appended to the file name, such as (1) "..", (2) "%2e..", (3) "%81", (4) "%82", and others.

[CLOSE] OSVDB ID : 4741 - Disclosed: 2000-11-23

Description:

(Description Provided by CVE) : McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field.

[CLOSE] OSVDB ID : 1659 - Disclosed: 2000-11-23

Description:

(Description Provided by CVE) : Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier.

[CLOSE] OSVDB ID : 1661 - Disclosed: 2000-11-23

Description:

(Description Provided by CVE) : ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.

[CLOSE] OSVDB ID : 4740 - Disclosed: 2000-11-23

Description:

(Description Provided by CVE) : McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment.

[CLOSE] OSVDB ID : 9672 - Disclosed: 2000-11-23

Description:

(Description Provided by CVE) : IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

[CLOSE] OSVDB ID : 13476 - Disclosed: 2000-11-23

Description:

(Description Provided by CVE) : Buffer overflows in Microsoft Windows Media Player 7 and earlier allow remote attackers to execute arbitrary commands via (1) a long version tag in an .ASX file, or (2) a long banner tag, a variant of the ".ASX Buffer Overrun" vulnerability as discussed in MS:MS00-090.

[CLOSE] OSVDB ID : 85830 - Disclosed: 2000-11-23

Description:

Microsoft IE contains a flaw that is triggered by an error in index.dat that may allow for the injection of OBJECT DATA tag files. This may allow a remote attacker to execute arbitrary commands.

[CLOSE] OSVDB ID : 85831 - Disclosed: 2000-11-23

Description:

Phorum contains a flaw that is triggered when certain input passed via the 'f' parameter is not properly sanitized before being used in the list.php script. This may allow a remote attacker to gain access to arbitrary files.

[CLOSE] OSVDB ID : 1656 - Disclosed: 2000-11-22

Description:

(Description Provided by CVE) : Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability.

[CLOSE] OSVDB ID : 1658 - Disclosed: 2000-11-22

Description:

(Description Provided by CVE) : Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.

[CLOSE] OSVDB ID : 11344 - Disclosed: 2000-11-22

Description:

(Description Provided by CVE) : Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information.

[CLOSE] OSVDB ID : 1657 - Disclosed: 2000-11-22

Description:

(Description Provided by CVE) : Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.