Vulnerabilities (CVE)

Filter

130084 total CVE
CVE Vendors Products Updated CVSS
CVE-2000-0751 3 Openbsd, Netbsd, Redhat 3 Netbsd, Linux, Openbsd 2008-09-05 7.5
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
CVE-2000-0748 1 Openldap 1 Openldap 2008-09-05 4.6
OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse.
CVE-2000-0745 1 Francisco Burzi 1 Php-nuke 2008-09-05 7.5
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter.
CVE-2000-0743 1 University Of Minnesota 1 Gopherd 2008-09-05 10.0
Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value.
CVE-2000-0741 1 Network Associates 1 Net Tools Pki Server 2008-09-05 7.5
Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension.
CVE-2000-0736 1 Rimarts Inc. 1 Becky Internet Mail 2008-09-05 5.0
Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user forwards a message.
CVE-2000-0735 1 Rimarts Inc. 1 Becky Internet Mail 2008-09-05 5.0
Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user replies to a message.
CVE-2000-0733 1 Sgi 1 Irix 2008-09-05 10.0
Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.
CVE-2000-0730 1 Hp 1 Hp-ux 2008-09-05 4.6
Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.
CVE-2000-0724 1 Helix Code 1 Go-gnome Pre-installer 2008-09-05 6.2
The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files.
CVE-2000-0723 1 Helix Code 1 Gnome Installer 2008-09-05 1.2
Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config.
CVE-2000-0722 1 Helix Code 1 Gnome Updater 2008-09-05 6.2
Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages.
CVE-2000-0721 1 Multisoft 1 Flagship 2008-09-05 6.2
The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses.
CVE-2000-0719 1 Varicad 1 Varicad 2008-09-05 6.2
VariCAD 7.0 is installed with world-writeable files, which allows local users to replace the VariCAD programs with a Trojan horse program.
CVE-2000-0718 1 Mandrakesoft 1 Mandrake Linux 2008-09-05 1.2
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
CVE-2000-0713 1 Adobe 3 Acrobat Reader, Acrobat, Acrobat Business Tools 2008-09-05 7.6
Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and Fill In products that handle PDF files allows attackers to execute arbitrary commands via a long /Registry or /Ordering specifier.
CVE-2000-0712 1 Lids 1 Lids 2008-09-05 7.2
Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option.
CVE-2000-0711 2 Netscape, Microsoft 2 Virtual Machine, Communicator 2008-09-05 7.5
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
CVE-2000-0709 1 Microsoft 1 Frontpage 2008-09-05 5.0
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
CVE-2000-0708 1 Pragma Systems 1 Telnetserver 2008-09-05 5.0
Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port.