[CLOSE] OSVDB ID : 7163 - Disclosed: 2000-12-31

Description:

(Description Provided by CVE) : exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.

[CLOSE] OSVDB ID : 5561 - Disclosed: 2000-12-30

Description:

(Description Provided by CVE) : ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.

[CLOSE] OSVDB ID : 61199 - Disclosed: 2000-12-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 489 - Disclosed: 2000-12-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 6135 - Disclosed: 2000-12-29

Description:

(Description Provided by CVE) : Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file.

[CLOSE] OSVDB ID : 14742 - Disclosed: 2000-12-29

Description:

(Description Provided by CVE) : "Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password.

[CLOSE] OSVDB ID : 6326 - Disclosed: 2000-12-28

Description:

Ikonboard contains a flaw that may allow an remote attacker to execute arbitrary commands. The issue is triggered due to insufficient checking of user-supplied input in the register.cgi script. It is possible that the flaw may allow an remote attacker to use the $SEND_MAIL variable in a URL and execute arbitrary commands with the privileges of the web server, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 481 - Disclosed: 2000-12-27

Description:

(Description Provided by CVE) : Directory traversal vulnerability in main.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the filename parameter.

[CLOSE] OSVDB ID : 7682 - Disclosed: 2000-12-26

Description:

(Description Provided by CVE) : Buffer overflow in the find_default_type function in libsecure in NSA Security-enhanced Linux, which may allow attackers to modify critical data in memory.

[CLOSE] OSVDB ID : 13795 - Disclosed: 2000-12-26

Description:

(Description Provided by CVE) : Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long MAIL FROM command.

[CLOSE] OSVDB ID : 1701 - Disclosed: 2000-12-25

Description:

dialog allows local users to overwrite arbitrary files via a symlink attack to gain privileges on the system. The dialog program creates lock-files in the /tmp directory insecurely. A local attacker could leverage this vulnerability to create a symbolic link in /tmp and overwrite or corrupt sensitive files owned by another user.

[CLOSE] OSVDB ID : 6327 - Disclosed: 2000-12-23

Description:

Technote contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the print.cgi script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "board" variable.

[CLOSE] OSVDB ID : 482 - Disclosed: 2000-12-22

Description:

(Description Provided by CVE) : FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability.

[CLOSE] OSVDB ID : 59510 - Disclosed: 2000-12-22

Description:

(Description Provided by CVE) : oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.

[CLOSE] OSVDB ID : 19893 - Disclosed: 2000-12-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 54588 - Disclosed: 2000-12-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 6024 - Disclosed: 2000-12-21

Description:

The catman utility contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the program creating insecure temporary files with predictable names, allowing for symlink attacks. This flaw may lead to a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 7161 - Disclosed: 2000-12-21

Description:

(Description Provided by CVE) : bslist.cgi mailing list script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.

[CLOSE] OSVDB ID : 7162 - Disclosed: 2000-12-21

Description:

(Description Provided by CVE) : bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.

[CLOSE] OSVDB ID : 13799 - Disclosed: 2000-12-21

Description:

(Description Provided by CVE) : The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request.

[CLOSE] OSVDB ID : 1704 - Disclosed: 2000-12-21

Description:

(Description Provided by CVE) : Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands.

[CLOSE] OSVDB ID : 19768 - Disclosed: 2000-12-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19766 - Disclosed: 2000-12-20

Description:

(Description Provided by CVE) : InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data.

[CLOSE] OSVDB ID : 1699 - Disclosed: 2000-12-20

Description:

GnuPG contains a flaw that may allow a malicious user to modify the contents of a file without being detected. The issue is triggered when a file is signed with a detached signature. If the detached signature is replaced with clearsigned text, GnuPG will still report a successfully verified signature. It is possible that the flaw may allow false positives in the verification mechanism, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 1702 - Disclosed: 2000-12-20

Description:

GnuPG contains a flaw that may allow a malicious user to compromise the web of trust. The issue is triggered when the user retrieves keys from a public keyserver. GnuPG will import private keys as well as public ones, and will not warn the user about the import of private keys. An attacker can upload a private key to the keyserver as well as a public one, with malicious intent. Since private keys are implicitly trusted, it is possible that the flaw may allow a change in the trust relationships of the web of trust, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 20190 - Disclosed: 2000-12-20

Description:

(Description Provided by CVE) : SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL.

[CLOSE] OSVDB ID : 13762 - Disclosed: 2000-12-20

Description:

(Description Provided by CVE) : The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.

[CLOSE] OSVDB ID : 7166 - Disclosed: 2000-12-19

Description:

(Description Provided by CVE) : Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.

[CLOSE] OSVDB ID : 10067 - Disclosed: 2000-12-19

Description:

(Description Provided by CVE) : Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string.

[CLOSE] OSVDB ID : 13797 - Disclosed: 2000-12-19

Description:

(Description Provided by CVE) : itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.

[CLOSE] OSVDB ID : 522 - Disclosed: 2000-12-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 706 - Disclosed: 2000-12-19

Description:

(Description Provided by CVE) : The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.

[CLOSE] OSVDB ID : 7165 - Disclosed: 2000-12-19

Description:

(Description Provided by CVE) : Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.

[CLOSE] OSVDB ID : 12041 - Disclosed: 2000-12-19

Description:

(Description Provided by CVE) : Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string.

[CLOSE] OSVDB ID : 13798 - Disclosed: 2000-12-19

Description:

(Description Provided by CVE) : itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a malicious gunzip program.

[CLOSE] OSVDB ID : 20187 - Disclosed: 2000-12-19

Description:

(Description Provided by CVE) : The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.

[CLOSE] OSVDB ID : 1694 - Disclosed: 2000-12-18

Description:

(Description Provided by CVE) : The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges.

[CLOSE] OSVDB ID : 1691 - Disclosed: 2000-12-18

Description:

FreeBSD contains a flaw that may allow a users to break out of jail virtual machines. The issue is due to an unchecked buffer in the kernel that can be exploited by jailed users. By overflowing this buffer with specially crafted code, a jailed user could bypass any restrictions normally enforced by the jailed environment and execute arbitrary code or commands, including lowering the system security level.

[CLOSE] OSVDB ID : 1693 - Disclosed: 2000-12-18

Description:

(Description Provided by CVE) : One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.

[CLOSE] OSVDB ID : 1695 - Disclosed: 2000-12-18

Description:

(Description Provided by CVE) : patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.