[CLOSE] OSVDB ID : 12141 - Disclosed: 2000-11-20

Description:

(Description Provided by CVE) : quikstore.cgi in Quikstore Shopping Cart allows remote attackers to execute arbitrary commands via shell metacharacters in the URL portion of an HTTP GET request.

[CLOSE] OSVDB ID : 1660 - Disclosed: 2000-11-20

Description:

(Description Provided by CVE) : elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack.

[CLOSE] OSVDB ID : 7823 - Disclosed: 2000-11-20

Description:

Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute arbitrary commands. Internet Explorer allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.

[CLOSE] OSVDB ID : 12209 - Disclosed: 2000-11-20

Description:

(Description Provided by CVE) : The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.

[CLOSE] OSVDB ID : 60896 - Disclosed: 2000-11-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 1654 - Disclosed: 2000-11-18

Description:

Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.

[CLOSE] OSVDB ID : 452 - Disclosed: 2000-11-18

Description:

(Description Provided by CVE) : WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system.

[CLOSE] OSVDB ID : 85828 - Disclosed: 2000-11-18

Description:

NetcPlus SmartServer and BrowseGate contain a flaw that is triggered by the applications storing user credential information in the dialsrv.ini file, which is accessible by all windows authenticated users. This may make it easier for an attacker to gain access to a user's password information.

[CLOSE] OSVDB ID : 60675 - Disclosed: 2000-11-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 60676 - Disclosed: 2000-11-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 60868 - Disclosed: 2000-11-17

Description:

ListMail contains a flaw that may allow an attacker to execute arbitrary commands. The issue is caused by an insecure call within the lmail.pl script.

[CLOSE] OSVDB ID : 60895 - Disclosed: 2000-11-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 61291 - Disclosed: 2000-11-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 1646 - Disclosed: 2000-11-16

Description:

DCForum contains a flaw that allows a remote attacker to view any arbitrary file on the web server. The issue is due to a lack of sanity checking on the "$r_in" variable in the dcboard.cgi and dcadmin.cgi scripts. Further, if an attacker attempts to view the source code of the dcforum.cgi script, it deletes itself.

[CLOSE] OSVDB ID : 453 - Disclosed: 2000-11-16

Description:

(Description Provided by CVE) : Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.

[CLOSE] OSVDB ID : 1647 - Disclosed: 2000-11-16

Description:

(Description Provided by CVE) : Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.

[CLOSE] OSVDB ID : 1648 - Disclosed: 2000-11-16

Description:

WatchGuard Firebox II contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker floods the server with FTP or SMTP requests, disabling subsequent proxy handling.

[CLOSE] OSVDB ID : 1650 - Disclosed: 2000-11-16

Description:

By default, Exchange creates a user account with a default password. The EUSR_EXSTOREEVENT account has a password of xyxx1x#y which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 1651 - Disclosed: 2000-11-16

Description:

(Description Provided by CVE) : Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.

[CLOSE] OSVDB ID : 1652 - Disclosed: 2000-11-16

Description:

(Description Provided by CVE) : crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.

[CLOSE] OSVDB ID : 60674 - Disclosed: 2000-11-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 88541 - Disclosed: 2000-11-16

Description:

International Components for Unicode for Java (ICU4J) contains a flaw related to the TimeZone.java file. While a cursory review of the code commit does not suggest a security fix, the note with this specifically indicates it fixes a security bug. No further details are available.

[CLOSE] OSVDB ID : 1649 - Disclosed: 2000-11-15

Description:

(Description Provided by CVE) : Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request.

[CLOSE] OSVDB ID : 3672 - Disclosed: 2000-11-15

Description:

AnalogX Proxy contains a flaw that allows a remote attacker to crash the service. The issue is due to poor sanity checking of user supplied input to the FTP, SMTP or POP3 services. If an attacker sends "multiple abnormal strings" to these services, it can crash the entire proxy service.

[CLOSE] OSVDB ID : 6759 - Disclosed: 2000-11-15

Description:

(Description Provided by CVE) : Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header.

[CLOSE] OSVDB ID : 12221 - Disclosed: 2000-11-15

Description:

(Description Provided by CVE) : Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request.

[CLOSE] OSVDB ID : 60673 - Disclosed: 2000-11-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 11940 - Disclosed: 2000-11-14

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 1643 - Disclosed: 2000-11-14

Description:

(Description Provided by CVE) : Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed.

[CLOSE] OSVDB ID : 1655 - Disclosed: 2000-11-14

Description:

FreeBSD contains a flaw that may allow a malicious user to bypass the nat gateway. The issue was triggered because code was added to permit certain types of data through the nat gateway. It is possible that the flaw may allow all traffic to pass through, despite the "deny_incoming" directive, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 10883 - Disclosed: 2000-11-14

Description:

(Description Provided by CVE) : RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request.

[CLOSE] OSVDB ID : 703 - Disclosed: 2000-11-14

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4731 - Disclosed: 2000-11-14

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4732 - Disclosed: 2000-11-14

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4734 - Disclosed: 2000-11-14

Description:

(Description Provided by CVE) : AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox.

[CLOSE] OSVDB ID : 6083 - Disclosed: 2000-11-14

Description:

FreeBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user submits a request for an arbitrary large file in the TERMCAP environment variable to telnetd, which consumes cpu resources as the server processes the request, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 10890 - Disclosed: 2000-11-14

Description:

(Description Provided by CVE) : RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request.

[CLOSE] OSVDB ID : 11635 - Disclosed: 2000-11-14

Description:

(Description Provided by CVE) : Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file.

[CLOSE] OSVDB ID : 11636 - Disclosed: 2000-11-14

Description:

(Description Provided by CVE) : Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the server and sending out multiple GET, HEAD, or POST requests and closing the connection before the server responds to the requests.

[CLOSE] OSVDB ID : 17113 - Disclosed: 2000-11-14

Description:

Unknown / Incomplete