Vulnerabilities (CVE)

Filter

120061 total CVE
CVE Vendors Products Updated CVSS
CVE-2000-1127 1 Hp 1 Hp-ux 2008-09-05 3.6
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and...
CVE-2000-1118 1 24link 1 24link 2008-09-05 7.5
24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request.
CVE-2000-1114 1 Unify 1 Ewave Servletexec 2008-09-05 5.0
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".
CVE-2000-1110 1 Ibm 1 Net.data 2008-09-05 5.0
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.
CVE-2000-1105 1 Microsoft 1 Indexing Service 2008-09-05 4.3
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
CVE-2000-1103 1 Bsdi 1 Bsd Os 2008-09-05 7.2
rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
CVE-2000-1102 1 Ptlink 2 Ptlink Irc Services, Ptlink Ircd 2008-09-05 5.0
PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to cause a denial of service (server crash) via "mode +owgscfxeb" and "oper" commands.
CVE-2000-1101 1 Texas Imperial Software 1 Wftpd 2008-09-05 5.0
Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.
CVE-2000-1100 1 Trlinux 1 Postaci Webmail 2008-09-05 7.5
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP...
CVE-2000-1098 1 Sonicwall 1 Soho Firewall 2008-09-05 5.0
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request.
CVE-2000-1046 1 Lotus 1 Domino 2008-09-05 10.0
Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands.
CVE-2000-1037 1 Checkpoint 1 Firewall-1 2008-09-05 7.5
Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.
CVE-2000-1017 1 Webteacher 1 Webdata 2008-09-05 5.0
Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database.
CVE-2000-1013 1 Freebsd 1 Freebsd 2008-09-05 7.2
The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.
CVE-2000-1012 1 Freebsd 1 Freebsd 2008-09-05 7.2
The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.
CVE-2000-1008 1 Palm 1 Palm Os 2008-09-05 4.6
PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device.
CVE-2000-0999 1 Openbsd 1 Openssh 2008-09-05 10.0
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
CVE-2000-0998 1 Freebsd 1 Freebsd 2008-09-05 7.2
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
CVE-2000-0985 1 Nevis Systems 1 All-mail 2008-09-05 10.0
Buffer overflow in All-Mail 1.1 allows remote attackers to execute arbitrary commands via a long "MAIL FROM" or "RCPT TO" command.
CVE-2000-0976 1 Xfree86 Project 1 Xlib 2008-09-05 4.6
Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.