| OSVDB ID | Disclosure Date | Title |
|---|
|
1438
Description:
FireWall-1 contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a string of binary data to port 25 of the firewall, and will result in loss of availability for the firewall.
|
2000-06-30
|
Check Point FireWall-1 SMTP Resource DoS
|
|
1440
Description:
(Description Provided by CVE) : Sybergen Sygate allows remote attackers to cause a denial of service by sending a malformed DNS UDP packet to its internal interface.
|
2000-06-30
|
Sygate Malformed DNS UDP Packet Parsing Local DoS
|
|
371
Description:
(Description Provided by CVE) : SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS.
|
2000-06-30
|
SSH with Kerberos NFS Share Ticket Disclosure
|
|
1437
Description:
(Description Provided by CVE) : Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.
|
2000-06-30
|
Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
|
|
1439
Description:
Sybergen Secure Desktop 2.1 does not properly protect against false router advertisements (ICMP type 9), which allows remote attackers to modify default routes.
|
2000-06-30
|
Sybergen Secure Desktop Unauthorized Default Route Modification
|
|
3547
Description:
WebBBS contains a flaw that allows a remote user to cause a denial of service. The issue is due to an unchecked buffer on the "Search File System" page that can be used to crash the service.
|
2000-06-30
|
International TeleCommunications WebBBS Search DoS
|
|
3548
Description:
WebBBS default web server contains a flaw that allows a remote attacker to execute arbitrary code. The issue is due to a lack of bounds checking on input supplied via a Username. A carefully crafted request can overflow the buffer resulting in arbitrary code execution.
|
2000-06-30
|
International TeleCommunications WebBBS New User Overflow
|
|
59346
Description:
(Description Provided by CVE) : Windows 2000 Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros to various TCP and UDP ports, which significantly increases the CPU utilization.
|
2000-06-30
|
Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
|
|
1432
Description:
(Description Provided by CVE) : Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to cause a denial of service or execute arbitrary commands via the SUMMON command.
|
2000-06-29
|
Dalnet IRC Server SUMMON Command Remote Overflow
|
|
1434
Description:
(Description Provided by CVE) : Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port.
|
2000-06-29
|
iMesh Long String Overflow
|
|
10634
Description:
(Description Provided by CVE) : Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table.
|
2000-06-29
|
Microsoft Windows 95/98 Spoofed ARP Packet Cache Manipulation
|
|
7408
Description:
(Description Provided by CVE) : The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
|
2000-06-28
|
CVS Checkin.prog/Update.prog Arbitrary Command Execution
|
|
66713
Description:
Unknown / Incomplete
|
2000-06-28
|
PHP extension_dir Directive Unspecified Bypass
|
|
5718
Description:
A remotely accessible overflow exists in Open Text's FirstClass mail server. The mail server fails to handle large e-mail to: values, resulting in an overflow. With a specially crafted very large request, an attacker can cause a denial of service resulting in a loss of availability.
|
2000-06-27
|
FirstClass Internet Services Email To Overflow
|
|
13692
Description:
(Description Provided by CVE) : Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow remote attackers to execute arbitrary commands via long USER, PASS, LIST, RETR, or DELE commands.
|
2000-06-27
|
WinProxy POP3 Service Multiple Command Remote Overflow
|
|
352
Description:
(Description Provided by CVE) : SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands.
|
2000-06-27
|
Sawmill rfcf Parameter Arbitrary File First Line Disclosure
|
|
1427
Description:
(Description Provided by CVE) : Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.
|
2000-06-27
|
Microsoft IE VBA Code Execution
|
|
1428
Description:
(Description Provided by CVE) : Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
|
2000-06-27
|
Microsoft IE/Office ActiveX Object Execution
|
|
1429
Description:
(Description Provided by CVE) : WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of service by sending an HTTP GET request without listing an HTTP version number.
|
2000-06-27
|
SapporoWorks WinProxy Malformed HTTP GET Request DoS
|
|
11939
Description:
Unknown / Incomplete
|
2000-06-26
|
Microsoft Outlook Attachment Spoofed Content Type
|
|
353
Description:
(Description Provided by CVE) : SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration.
|
2000-06-26
|
Sawmill Weak Password Encryption Scheme
|
|
20191
Description:
(Description Provided by CVE) : The POP3 server in FTGate returns an -ERR code after receiving an invalid USER request, which makes it easier for remote attackers to determine valid usernames and conduct brute force password guessing.
|
2000-06-26
|
FTGate POP3 Server USER Command Account Enumeration
|
|
362
Description:
(Description Provided by CVE) : vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.
|
2000-06-26
|
vpopmail vchkpw USER/PASS Command Format String
|
|
1424
Description:
(Description Provided by CVE) : Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.
|
2000-06-26
|
Netscape Enterprise Server for NetWare Buffer Overflow
|
|
1425
Description:
(Description Provided by CVE) : Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy.
|
2000-06-26
|
Fortech Proxy+ Telnet Gateway Restriction Bypass
|
|
1430
Description:
(Description Provided by CVE) : The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.
|
2000-06-26
|
glFTPd privpath Directive Arbitrary Directory Access
|
|
1433
Description:
(Description Provided by CVE) : Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS.
|
2000-06-26
|
HP MPE/iX TurboIMAGE DBUTIL Local Privilege Escalation
|
|
1426
Description:
(Description Provided by CVE) : LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages.
|
2000-06-25
|
LeafDigital LeafChat Error Message Saturation Remote DoS
|
|
3668
Description:
AnalogX Proxy contains a flaw that allows a remote attacker to crash the server. The issue is due to a buffer overflow condition in the FTP service. By sending a USER command containing 370 or more characters to port 21, an attacker will crash the server.
|
2000-06-25
|
AnalogX Proxy USER Command Parsing Remote DoS
|
|
3669
Description:
AnalogX Proxy contains a flaw that allows a remote attacker to crash the server. The issue is due to a buffer overflow condition in the SMTP service. By sending a HELO command containing 370 or more characters to port 25, an attacker will crash the server.
|
2000-06-25
|
AnalogX Proxy Long HELO command in SMTP Protocol DoS
|
|
3670
Description:
AnalogX Proxy contains a flaw that allows a remote attacker to crash the server. The issue is due to a buffer overflow condition in the POP3 service. By sending a USER command containing 370 or more characters to port 110, an attacker will crash the server.
|
2000-06-25
|
AnalogX Proxy Long USER command in POP3 Protocol DoS
|
|
3671
Description:
AnalogX Proxy contains a flaw that allows a remote attacker to crash the server. The issue is due to a buffer overflow condition in the SOCKS proxy. By sending a SOCKS4 "CONNECT" request containing 1800 or more characters to port 1080, an attacker will crash the server.
|
2000-06-25
|
AnalogX Proxy Long User ID in Socks4 Request DoS
|
|
1421
Description:
(Description Provided by CVE) : ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters.
|
2000-06-24
|
ISC DHCP Client dhclient Shell Metacharacter Arbitrary Command Execution
|
|
1422
Description:
(Description Provided by CVE) : NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return.
|
2000-06-23
|
Netwin DMailWeb / CWMail Malformed Username Arbitrary Mail Relay
|
|
1423
Description:
(Description Provided by CVE) : The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service.
|
2000-06-23
|
Netwin DMailWeb / CWMail Server POP Trust DoS
|
|
84633
Description:
Red Hat Linux is prone to an overflow condition. The xconq and cconq game programs fail to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted USER environment variable, a local attacker can potentially cause a denial of service or execute arbitrary code.
|
2000-06-22
|
Red Hat Linux xconq Multiple Variable Local Overflow
|
|
11805
Description:
WU-FTPD contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered due to a format string error in the site_exec() function. By sending a specially crafted argument to the SITE EXEC command, a remote attacker could potentially execute arbitrary code.
|
2000-06-22
|
WU-FTPD site_exec() Function Remote Format String
|
|
2713
Description:
JRun contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to multiple sample scripts not properly sanitizing user-supplid input, which will disclose sensitive information resulting in a loss of confidentiality.
|
2000-06-22
|
Allaire JRun viewsource.jsp source Parameter Traversal Arbitrary File Access
|
|
51282
Description:
JRun contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to multiple sample scripts not properly sanitizing user-supplid input, which will disclose sensitive information resulting in a loss of confidentiality.
|
2000-06-22
|
Allaire JRun /servlets Directory Multiple Sample Scripts Information Disclosure
|
|
51283
Description:
JRun contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to multiple sample scripts not properly sanitizing user-supplid input, which will disclose sensitive information resulting in a loss of confidentiality.
|
2000-06-22
|
Allaire JRun /jsm-default/services/jws/htdocs Multiple Sample Scripts Information Disclosure
|
