[CLOSE] OSVDB ID : 1586 - Disclosed: 2000-09-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.

[CLOSE] OSVDB ID : 13767 - Disclosed: 2000-09-30

Description:

(Description Provided by CVE) : userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LC_ALL environment variables (CVE-2000-0844).

[CLOSE] OSVDB ID : 76072 - Disclosed: 2000-09-29

Description:

(Description Provided by CVE) : The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.

[CLOSE] OSVDB ID : 1577 - Disclosed: 2000-09-29

Description:

(Description Provided by CVE) : mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.

[CLOSE] OSVDB ID : 1578 - Disclosed: 2000-09-29

Description:

(Description Provided by CVE) : The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.

[CLOSE] OSVDB ID : 1581 - Disclosed: 2000-09-29

Description:

(Description Provided by CVE) : The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.

[CLOSE] OSVDB ID : 1582 - Disclosed: 2000-09-29

Description:

(Description Provided by CVE) : The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.

[CLOSE] OSVDB ID : 13748 - Disclosed: 2000-09-29

Description:

(Description Provided by CVE) : The default configuration of Slashcode before version 2.0 Alpha has a default administrative password, which allows remote attackers to gain Slashcode priviliges and possibly execute arbitrary commands.

[CLOSE] OSVDB ID : 2266 - Disclosed: 2000-09-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 1584 - Disclosed: 2000-09-28

Description:

(Description Provided by CVE) : Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.

[CLOSE] OSVDB ID : 1575 - Disclosed: 2000-09-28

Description:

(Description Provided by CVE) : WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.

[CLOSE] OSVDB ID : 1576 - Disclosed: 2000-09-28

Description:

(Description Provided by CVE) : Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

[CLOSE] OSVDB ID : 6776 - Disclosed: 2000-09-27

Description:

Web+ contains a flaw related to the example applications that may allow an attacker to gain access to root privileges and manipulate files. No further details have been provided.

[CLOSE] OSVDB ID : 1573 - Disclosed: 2000-09-27

Description:

glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.

[CLOSE] OSVDB ID : 4415 - Disclosed: 2000-09-27

Description:

Check Point VPN-1/FireWall-1 contains a flaw that may allow a remote attacker to send traffic that bypasses the ruleset. The issue is due to a flaw in the FWZ client processing that may allow spoofed packets through despite anti-spoofing checks being present. If an attacker sends specially crafted packets encapsulated as FWZ packets, the firewall may let them pass.

[CLOSE] OSVDB ID : 4419 - Disclosed: 2000-09-27

Description:

Check Point VPN-1/FireWall-1 contains a flaw that may allow a remote attacker to bypass the ruleset. The issue is due to the firewall not properly filtering specially fragmented TCP connections that will bypass the directionality checks implemented. If an attacker sends the right requests by closing and reopening one-way connections, they may be able to initiate traffic otherwise denied.

[CLOSE] OSVDB ID : 6042 - Disclosed: 2000-09-27

Description:

FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user misuses the catopen() function. A valid locale file or message catalog containing specially formatted characters can be read by poorly coded privileged applications to execute arbitrary code. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 6043 - Disclosed: 2000-09-27

Description:

FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user misuses the setlocale() function by creating a file which is a valid locale file or message catalog but contains special formatting characters which may allow certain badly written privileged applications to be exploited to execute arbitrary code. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 6070 - Disclosed: 2000-09-27

Description:

A local overflow exists in FreeBSD. The catopen() function fails to check bounds of an internal buffer which could be indirectly overflowed by the setting of an environment variable. With a specially crafted request, a privileged application which uses catopen() could be made to execute arbitrary code by an unprivileged local user resulting in a loss of integrity.

[CLOSE] OSVDB ID : 7199 - Disclosed: 2000-09-26

Description:

(Description Provided by CVE) : Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem."

[CLOSE] OSVDB ID : 1571 - Disclosed: 2000-09-26

Description:

(Description Provided by CVE) : Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability.

[CLOSE] OSVDB ID : 3111 - Disclosed: 2000-09-26

Description:

(Description Provided by CVE) : Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.

[CLOSE] OSVDB ID : 3240 - Disclosed: 2000-09-26

Description:

SCO UnixWare contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable system under the "nobody" ID. By sending a specially-crafted URL to the "scohelp" application (port 457), an attacker can take advantage of a format string vulnerability to execute arbitrary code.

[CLOSE] OSVDB ID : 10055 - Disclosed: 2000-09-26

Description:

(Description Provided by CVE) : PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device.

[CLOSE] OSVDB ID : 478 - Disclosed: 2000-09-26

Description:

(Description Provided by CVE) : Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.

[CLOSE] OSVDB ID : 1572 - Disclosed: 2000-09-26

Description:

(Description Provided by CVE) : Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter.

[CLOSE] OSVDB ID : 1595 - Disclosed: 2000-09-26

Description:

(Description Provided by CVE) : WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares.

[CLOSE] OSVDB ID : 5832 - Disclosed: 2000-09-26

Description:

(Description Provided by CVE) : Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.

[CLOSE] OSVDB ID : 13765 - Disclosed: 2000-09-26

Description:

(Description Provided by CVE) : Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.

[CLOSE] OSVDB ID : 421 - Disclosed: 2000-09-25

Description:

LPRng is prone to a format string flaw. The use_syslog() function fails to properly sanitize user-supplied input. With a specially crafted request, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 12083 - Disclosed: 2000-09-25

Description:

(Description Provided by CVE) : EServ 2.92 Build 2982 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long HELO and MAIL FROM commands.

[CLOSE] OSVDB ID : 88229 - Disclosed: 2000-09-25

Description:

Sybase Adaptive Server Enterprise contains an unspecified flaw. No further details have been provided.

[CLOSE] OSVDB ID : 88228 - Disclosed: 2000-09-25

Description:

Sybase Adaptive Server Enterprise contains an unspecified flaw related to the Enterprise Portal (EP) component. No further details have been provided.

[CLOSE] OSVDB ID : 13750 - Disclosed: 2000-09-24

Description:

(Description Provided by CVE) : The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program.

[CLOSE] OSVDB ID : 1567 - Disclosed: 2000-09-22

Description:

(Description Provided by CVE) : Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.

[CLOSE] OSVDB ID : 1579 - Disclosed: 2000-09-22

Description:

(Description Provided by CVE) : SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable.

[CLOSE] OSVDB ID : 1580 - Disclosed: 2000-09-22

Description:

(Description Provided by CVE) : The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information.

[CLOSE] OSVDB ID : 285 - Disclosed: 2000-09-22

Description:

This host is running Microsoft IIS web server and the file /scripts/repost.asp is installed. This APS file contains a configuration flaw that allows an attacker to upload files to the /users directory. An attacker could use this to upload arbitrary files onto this host.

[CLOSE] OSVDB ID : 6775 - Disclosed: 2000-09-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 417 - Disclosed: 2000-09-21

Description:

(Description Provided by CVE) : The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.