Lista CVE - 2000 / Ottobre
Visualizzazione 201 - 283 di 283 CVE per Ottobre 2000 (Pagina 3 di 3)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2000-0652 | 2000-10-13 | IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. |
| CVE-2000-0654 | 2000-10-13 | Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability. |
| CVE-2000-0655 | 2000-10-13 | Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length... |
| CVE-2000-0660 | 2000-10-13 | The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0661 | 2000-10-13 | WircSrv IRC Server 5.07s allows remote attackers to cause a denial of service via a long string to the server port. |
| CVE-2000-0663 | 2000-10-13 | The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting... |
| CVE-2000-0664 | 2000-10-13 | AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots. |
| CVE-2000-0665 | 2000-10-13 | GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username. |
| CVE-2000-0666 | 2000-10-13 | rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. |
| CVE-2000-0668 | 2000-10-13 | pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled. |
| CVE-2000-0669 | 2000-10-13 | Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data. |
| CVE-2000-0670 | 2000-10-13 | The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters. |
| CVE-2000-0671 | 2000-10-13 | Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL. |
| CVE-2000-0673 | 2000-10-13 | The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram,... |
| CVE-2000-0674 | 2000-10-13 | ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack. |
| CVE-2000-0675 | 2000-10-13 | Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string. |
| CVE-2000-0676 | 2000-10-13 | Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http",... |
| CVE-2000-0677 | 2000-10-13 | Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable. |
| CVE-2000-0678 | 2000-10-13 | PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can... |
| CVE-2000-0681 | 2000-10-13 | Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension. |
| CVE-2000-0682 | 2000-10-13 | BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. |
| CVE-2000-0683 | 2000-10-13 | BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet. |
| CVE-2000-0684 | 2000-10-13 | BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any... |
| CVE-2000-0685 | 2000-10-13 | BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any... |
| CVE-2000-0700 | 2000-10-13 | Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card... |
| CVE-2000-0703 | 2000-10-13 | suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive"... |
| CVE-2000-0705 | 2000-10-13 | ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0706 | 2000-10-13 | Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands. |
| CVE-2000-0707 | 2000-10-13 | PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password. |
| CVE-2000-0708 | 2000-10-13 | Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port. |
| CVE-2000-0711 | 2000-10-13 | Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious... |
| CVE-2000-0712 | 2000-10-13 | Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option. |
| CVE-2000-0718 | 2000-10-13 | A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed. |
| CVE-2000-0725 | 2000-10-13 | Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that... |
| CVE-2000-0727 | 2000-10-13 | xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains... |
| CVE-2000-0728 | 2000-10-13 | xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack. |
| CVE-2000-0730 | 2000-10-13 | Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges. |
| CVE-2000-0733 | 2000-10-13 | Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the... |
| CVE-2000-0737 | 2000-10-13 | The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named... |
| CVE-2000-0743 | 2000-10-13 | Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value. |
| CVE-2000-0745 | 2000-10-13 | admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd... |
| CVE-2000-0750 | 2000-10-13 | Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name. |
| CVE-2000-0751 | 2000-10-13 | mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands. |
| CVE-2000-0754 | 2000-10-13 | Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords. |
| CVE-2000-0758 | 2000-10-13 | The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field. |
| CVE-2000-0761 | 2000-10-13 | OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username. |
| CVE-2000-0763 | 2000-10-13 | xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option. |
| CVE-2000-0765 | 2000-10-13 | Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag"... |
| CVE-2000-0767 | 2000-10-13 | The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the... |
| CVE-2000-0768 | 2000-10-13 | A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files,... |
| CVE-2000-0770 | 2000-10-13 | IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access... |
| CVE-2000-0771 | 2000-10-13 | Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. |
| CVE-2000-0777 | 2000-10-13 | The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password"... |
| CVE-2000-0778 | 2000-10-13 | IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. |
| CVE-2000-0779 | 2000-10-13 | Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests. |
| CVE-2000-0780 | 2000-10-13 | The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0782 | 2000-10-13 | netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0786 | 2000-10-13 | GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions. |
| CVE-2000-0787 | 2000-10-13 | IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser. |
| CVE-2000-0792 | 2000-10-13 | Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available. |
| CVE-2000-0812 | 2000-10-18 | The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL... |
| CVE-2000-0826 | 2000-10-18 | Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long GET request. |
| CVE-2000-0827 | 2000-10-18 | Buffer overflow in the web authorization form of Mobius DocumentDirect for the Internet 1.2 allows remote attackers to cause a denial of service or execute arbitrary commands via a long... |
| CVE-2000-0828 | 2000-10-18 | Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long User-Agent parameter. |
| CVE-2000-0831 | 2000-10-18 | Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long username. |
| CVE-2000-0832 | 2000-10-18 | Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter. |
| CVE-2000-0833 | 2000-10-18 | Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to cause a denial of service via a long (1) USER or (2) HELO command. |
| CVE-2000-0835 | 2000-10-18 | search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query parameter. |
| CVE-2000-0836 | 2000-10-18 | Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to execute arbitrary commands via a long Authorization header. |
| CVE-2000-0840 | 2000-10-18 | Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long USER command. |
| CVE-2000-0841 | 2000-10-18 | Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long APOP command. |
| CVE-2000-0842 | 2000-10-18 | The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0843 | 2000-10-18 | Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote attackers to execute arbitrary commands via a login with a long user name. |
| CVE-2000-0845 | 2000-10-18 | kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to read arbitrary files by specifying the full file name in the initialization packet. |
| CVE-2000-0855 | 2000-10-18 | SunFTP build 9(1) allows remote attackers to cause a denial of service by connecting to the server and disconnecting before sending a newline. |
| CVE-2000-0857 | 2000-10-18 | The logging capability in muh 2.05d IRC server does not properly cleanse user-injected format strings, which allows remote attackers to cause a denial of service or execute arbitrary commands via... |
| CVE-2000-0866 | 2000-10-18 | Interbase 6 SuperServer for Linux allows an attacker to cause a denial of service via a query containing 0 bytes. |
| CVE-2000-0872 | 2000-10-18 | explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0879 | 2000-10-18 | LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services. |
| CVE-2000-0880 | 2000-10-18 | LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill... |
| CVE-2000-0881 | 2000-10-18 | The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to... |
| CVE-2000-0882 | 2000-10-18 | Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed ICMP packet, which causes the CPU to crash. |
| CVE-2000-0817 | 2000-11-29 | Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability. |
| CVE-2000-0885 | 2000-11-29 | Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or... |
| CVE-2000-0902 | 2000-11-29 | getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0903 | 2000-11-29 | Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0904 | 2000-11-29 | Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to... |
| CVE-2000-0905 | 2000-11-29 | QNX Embedded Resource Manager in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read sensitive system statistics information via the embedded.html web page. |
| CVE-2000-0906 | 2000-11-29 | Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters. |
| CVE-2000-0907 | 2000-11-29 | EServ 2.92 Build 2982 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long HELO and MAIL FROM commands. |
| CVE-2000-0916 | 2000-11-29 | FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections. |
| CVE-2000-0918 | 2000-11-29 | Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters. |
| CVE-2000-0931 | 2000-11-29 | Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data. |
| CVE-2000-0939 | 2000-11-29 | Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing... |
| CVE-2000-0940 | 2000-11-29 | Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. (dot dot) attack on the "name" or "display" parameter. |
| CVE-2000-0950 | 2000-11-29 | Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name. |
| CVE-2000-0954 | 2000-11-29 | Shambala Server 4.5 stores passwords in plaintext, which could allow local users to obtain the passwords and compromise the server. |
| CVE-2000-0955 | 2000-11-29 | Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the... |
| CVE-2000-0963 | 2000-11-29 | Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. |
| CVE-2000-0971 | 2000-11-29 | Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command. |