Lista CVE - 2000 / Ottobre
Visualizzazione 101 - 200 di 283 CVE per Ottobre 2000 (Pagina 2 di 3)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2000-0478 | 2000-10-13 | In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server. |
| CVE-2000-0481 | 2000-10-13 | Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name. |
| CVE-2000-0482 | 2000-10-13 | Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets. |
| CVE-2000-0483 | 2000-10-13 | The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization. |
| CVE-2000-0484 | 2000-10-13 | Small HTTP Server ver 3.06 contains a memory corruption bug causing a memory overflow. The overflowed buffer crashes into a Structured Exception Handler resulting in a Denial of Service. |
| CVE-2000-0485 | 2000-10-13 | Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. |
| CVE-2000-0486 | 2000-10-13 | Buffer overflow in Cisco TACACS+ tac_plus server allows remote attackers to cause a denial of service via a malformed packet with a long length field. |
| CVE-2000-0489 | 2000-10-13 | FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size... |
| CVE-2000-0490 | 2000-10-13 | Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request. |
| CVE-2000-0493 | 2000-10-13 | Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string. |
| CVE-2000-0494 | 2000-10-13 | Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script. |
| CVE-2000-0495 | 2000-10-13 | Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. |
| CVE-2000-0497 | 2000-10-13 | IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. |
| CVE-2000-0499 | 2000-10-13 | The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension... |
| CVE-2000-0500 | 2000-10-13 | The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to... |
| CVE-2000-0501 | 2000-10-13 | Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server. |
| CVE-2000-0505 | 2000-10-13 | The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. |
| CVE-2000-0506 | 2000-10-13 | The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping... |
| CVE-2000-0507 | 2000-10-13 | Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command. |
| CVE-2000-0508 | 2000-10-13 | rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request. |
| CVE-2000-0510 | 2000-10-13 | CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request. |
| CVE-2000-0511 | 2000-10-13 | CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request. |
| CVE-2000-0512 | 2000-10-13 | CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service. |
| CVE-2000-0513 | 2000-10-13 | CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not... |
| CVE-2000-0514 | 2000-10-13 | GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to... |
| CVE-2000-0515 | 2000-10-13 | The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges. |
| CVE-2000-0516 | 2000-10-13 | When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is... |
| CVE-2000-0517 | 2000-10-13 | Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow... |
| CVE-2000-0518 | 2000-10-13 | Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka... |
| CVE-2000-0519 | 2000-10-13 | Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session,... |
| CVE-2000-0521 | 2000-10-13 | Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number. |
| CVE-2000-0522 | 2000-10-13 | RSA ACE/Server allows remote attackers to cause a denial of service by flooding the server's authentication request port with UDP packets, which causes the server to crash. |
| CVE-2000-0525 | 2000-10-13 | OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon. |
| CVE-2000-0528 | 2000-10-13 | Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files. |
| CVE-2000-0529 | 2000-10-13 | Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP request. |
| CVE-2000-0530 | 2000-10-13 | The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files. |
| CVE-2000-0532 | 2000-10-13 | A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722... |
| CVE-2000-0533 | 2000-10-13 | Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files. |
| CVE-2000-0534 | 2000-10-13 | The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user. |
| CVE-2000-0536 | 2000-10-13 | xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry. |
| CVE-2000-0537 | 2000-10-13 | BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable. |
| CVE-2000-0538 | 2000-10-13 | ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password. |
| CVE-2000-0539 | 2000-10-13 | Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet. |
| CVE-2000-0540 | 2000-10-13 | JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information. |
| CVE-2000-0548 | 2000-10-13 | Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function. |
| CVE-2000-0549 | 2000-10-13 | Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request. |
| CVE-2000-0550 | 2000-10-13 | Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service. |
| CVE-2000-0552 | 2000-10-13 | ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information. |
| CVE-2000-0553 | 2000-10-13 | Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions. |
| CVE-2000-0555 | 2000-10-13 | Ceilidh allows remote attackers to cause a denial of service via a large number of POST requests. |
| CVE-2000-0556 | 2000-10-13 | Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on... |
| CVE-2000-0557 | 2000-10-13 | Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request. |
| CVE-2000-0558 | 2000-10-13 | Buffer overflow in HP Openview Network Node Manager 6.1 allows remote attackers to execute arbitrary commands via the Alarm service (OVALARMSRV) on port 2345. |
| CVE-2000-0561 | 2000-10-13 | Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbitrary commands via a long HTTP GET request. |
| CVE-2000-0566 | 2000-10-13 | makewhatis in Linux man package allows local users to overwrite files via a symlink attack. |
| CVE-2000-0567 | 2000-10-13 | Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability. |
| CVE-2000-0571 | 2000-10-13 | LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request. |
| CVE-2000-0579 | 2000-10-13 | IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is... |
| CVE-2000-0582 | 2000-10-13 | Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security... |
| CVE-2000-0583 | 2000-10-13 | vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of... |
| CVE-2000-0584 | 2000-10-13 | Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name. |
| CVE-2000-0585 | 2000-10-13 | ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters. |
| CVE-2000-0586 | 2000-10-13 | Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to cause a denial of service or execute arbitrary commands via the SUMMON command. |
| CVE-2000-0587 | 2000-10-13 | The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability. |
| CVE-2000-0588 | 2000-10-13 | SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as... |
| CVE-2000-0591 | 2000-10-13 | Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL. |
| CVE-2000-0594 | 2000-10-13 | BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes... |
| CVE-2000-0595 | 2000-10-13 | libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc... |
| CVE-2000-0596 | 2000-10-13 | Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote... |
| CVE-2000-0597 | 2000-10-13 | Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files... |
| CVE-2000-0598 | 2000-10-13 | Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy. |
| CVE-2000-0599 | 2000-10-13 | Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port. |
| CVE-2000-0601 | 2000-10-13 | LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages. |
| CVE-2000-0602 | 2000-10-13 | Secure Locate (slocate) in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATE_PATH environmental variable. |
| CVE-2000-0603 | 2000-10-13 | Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. |
| CVE-2000-0604 | 2000-10-13 | gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp. |
| CVE-2000-0610 | 2000-10-13 | NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return. |
| CVE-2000-0611 | 2000-10-13 | The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service. |
| CVE-2000-0613 | 2000-10-13 | Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections. |
| CVE-2000-0616 | 2000-10-13 | Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS. |
| CVE-2000-0621 | 2000-10-13 | Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside... |
| CVE-2000-0624 | 2000-10-13 | Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist. |
| CVE-2000-0627 | 2000-10-13 | BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl... |
| CVE-2000-0628 | 2000-10-13 | The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files. |
| CVE-2000-0630 | 2000-10-13 | IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability. |
| CVE-2000-0631 | 2000-10-13 | An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument,... |
| CVE-2000-0632 | 2000-10-13 | Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string. |
| CVE-2000-0633 | 2000-10-13 | Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system. |
| CVE-2000-0634 | 2000-10-13 | The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0635 | 2000-10-13 | The view_page.html sample page in the MiniVend shopping cart program allows remote attackers to execute arbitrary commands via shell metacharacters. |
| CVE-2000-0636 | 2000-10-13 | HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command. |
| CVE-2000-0637 | 2000-10-13 | Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability. |
| CVE-2000-0638 | 2000-10-13 | bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter. |
| CVE-2000-0639 | 2000-10-13 | The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file... |
| CVE-2000-0640 | 2000-10-13 | Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the... |
| CVE-2000-0641 | 2000-10-13 | Savant web server allows remote attackers to execute arbitrary commands via a long GET request. |
| CVE-2000-0642 | 2000-10-13 | The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the... |
| CVE-2000-0643 | 2000-10-13 | Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL. |
| CVE-2000-0644 | 2000-10-13 | WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing. |
| CVE-2000-0651 | 2000-10-13 | The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and... |