Vulnerabilities (CVE)

Filter

130145 total CVE
CVE Vendors Products Updated CVSS
CVE-2000-1157 1 Network Associates 1 Sniffer Agent 2008-09-05 10.0
Buffer overflow in NAI Sniffer Agent allows remote attackers to execute arbitrary commands via a long SNMP community name.
CVE-2000-1152 1 Be 1 Beos 2008-09-05 5.0
Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL.
CVE-2000-1130 1 Network Associates 1 Webshield Smtp 2008-09-05 7.5
McAfee WebShield SMTP 4.5 allows remote attackers to bypass email content filtering rules by including Extended ASCII characters in name of the attachment.
CVE-2000-1129 1 Network Associates 1 Webshield Smtp 2008-09-05 5.0
McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field.
CVE-2000-1128 1 Mcafee 1 Virusscan 2008-09-05 4.6
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.
CVE-2000-1127 1 Hp 1 Hp-ux 2008-09-05 3.6
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and...
CVE-2000-1118 1 24link 1 24link 2008-09-05 7.5
24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request.
CVE-2000-1114 1 Unify 1 Ewave Servletexec 2008-09-05 5.0
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".
CVE-2000-1110 1 Ibm 1 Net.data 2008-09-05 5.0
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.
CVE-2000-1105 1 Microsoft 1 Indexing Service 2008-09-05 4.3
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
CVE-2000-1103 1 Bsdi 1 Bsd Os 2008-09-05 7.2
rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
CVE-2000-1102 1 Ptlink 2 Ptlink Irc Services, Ptlink Ircd 2008-09-05 5.0
PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to cause a denial of service (server crash) via "mode +owgscfxeb" and "oper" commands.
CVE-2000-1101 1 Texas Imperial Software 1 Wftpd 2008-09-05 5.0
Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.
CVE-2000-1100 1 Trlinux 1 Postaci Webmail 2008-09-05 7.5
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP...
CVE-2000-1098 1 Sonicwall 1 Soho Firewall 2008-09-05 5.0
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request.
CVE-2000-1046 1 Lotus 1 Domino 2008-09-05 10.0
Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands.
CVE-2000-1037 1 Checkpoint 1 Firewall-1 2008-09-05 7.5
Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.
CVE-2000-1017 1 Webteacher 1 Webdata 2008-09-05 5.0
Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database.
CVE-2000-1013 1 Freebsd 1 Freebsd 2008-09-05 7.2
The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.
CVE-2000-1012 1 Freebsd 1 Freebsd 2008-09-05 7.2
The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable.