Lista CVE - 2000 / Febbraio
Visualizzazione 301 - 377 di 377 CVE per Febbraio 2000 (Pagina 4 di 4)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2000-0005 | 2000-02-04 | HP-UX aserver program allows local users to gain privileges via a symlink attack. |
| CVE-2000-0008 | 2000-02-04 | FTPPro allows local users to read sensitive information, which is stored in plain text. |
| CVE-2000-0016 | 2000-02-04 | Buffer overflow in Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service or execute commands via a long username. |
| CVE-2000-0017 | 2000-02-04 | Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter. |
| CVE-2000-0019 | 2000-02-04 | IMail POP3 daemon uses weak encryption, which allows local users to read files. |
| CVE-2000-0021 | 2000-02-04 | Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin. |
| CVE-2000-0028 | 2000-02-04 | Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. |
| CVE-2000-0035 | 2000-02-04 | resend command in Majordomo allows local users to gain privileges via shell metacharacters. |
| CVE-2000-0038 | 2000-02-04 | glFtpD includes a default glftpd user account with a default password and a UID of 0. |
| CVE-2000-0046 | 2000-02-04 | Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message. |
| CVE-2000-0047 | 2000-02-04 | Buffer overflow in Yahoo Pager/Messenger client allows remote attackers to cause a denial of service via a long URL within a message. |
| CVE-2000-0049 | 2000-02-04 | Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file. |
| CVE-2000-0054 | 2000-02-04 | search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack. |
| CVE-2000-0055 | 2000-02-04 | Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option. |
| CVE-2000-0058 | 2000-02-04 | Network HotSync program in Handspring Visor does not have authentication, which allows remote attackers to retrieve email and files. |
| CVE-2000-0059 | 2000-02-04 | PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands. |
| CVE-2000-0061 | 2000-02-04 | Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote... |
| CVE-2000-0066 | 2000-02-04 | WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request. |
| CVE-2000-0067 | 2000-02-04 | CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack. |
| CVE-2000-0068 | 2000-02-04 | daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail. |
| CVE-2000-0069 | 2000-02-04 | The recover program in Solstice Backup allows local users to restore sensitive files. |
| CVE-2000-0071 | 2000-02-04 | IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. |
| CVE-2000-0074 | 2000-02-04 | PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions. |
| CVE-2000-0077 | 2000-02-04 | The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands. |
| CVE-2000-0078 | 2000-02-04 | The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command. |
| CVE-2000-0079 | 2000-02-04 | The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL. |
| CVE-2000-0081 | 2000-02-04 | Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g.... |
| CVE-2000-0082 | 2000-02-04 | WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML. |
| CVE-2000-0084 | 2000-02-04 | CuteFTP uses weak encryption to store password information in its tree.dat file. |
| CVE-2000-0085 | 2000-02-04 | Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag. |
| CVE-2000-0086 | 2000-02-04 | Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing. |
| CVE-1999-0186 | 2000-02-04 | In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. |
| CVE-1999-0254 | 2000-02-04 | A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information. |
| CVE-1999-0516 | 2000-02-04 | An SNMP community name is guessable. |
| CVE-1999-0517 | 2000-02-04 | An SNMP community name is the default (e.g. public), null, or missing. |
| CVE-1999-0524 | 2000-02-04 | ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. |
| CVE-1999-0532 | 2000-02-04 | A DNS server allows zone transfers. |
| CVE-2000-0093 | 2000-02-08 | An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5. |
| CVE-2000-0096 | 2000-02-08 | Buffer overflow in qpopper 3.0 beta versions allows local users to gain privileges via a long LIST command. |
| CVE-2000-0101 | 2000-02-08 | The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| CVE-2000-0102 | 2000-02-08 | The SalesCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| CVE-2000-0103 | 2000-02-08 | The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| CVE-2000-0104 | 2000-02-08 | The Shoptron shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| CVE-2000-0105 | 2000-02-08 | Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are... |
| CVE-2000-0106 | 2000-02-08 | The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| CVE-2000-0108 | 2000-02-08 | The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| CVE-2000-0109 | 2000-02-08 | The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords. |
| CVE-2000-0110 | 2000-02-08 | The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| CVE-2000-0114 | 2000-02-08 | Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. |
| CVE-2000-0115 | 2000-02-08 | IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page. |
| CVE-2000-0118 | 2000-02-08 | The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force... |
| CVE-2000-0119 | 2000-02-08 | The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which... |
| CVE-2000-0122 | 2000-02-08 | Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program. |
| CVE-2000-0123 | 2000-02-08 | The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields. |
| CVE-2000-0124 | 2000-02-08 | surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions. |
| CVE-2000-0125 | 2000-02-08 | wwwthreads does not properly cleanse numeric data or table names that are passed to SQL queries, which allows remote attackers to gain privileges for wwwthreads forums. |
| CVE-2000-0126 | 2000-02-08 | Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. |
| CVE-2000-0129 | 2000-02-08 | Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file. |
| CVE-2000-0132 | 2000-02-08 | Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. |
| CVE-2000-0133 | 2000-02-08 | Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to execute commands via the STOR, RNTO, MKD, XMKD, RMD, XRMD, APPE, SIZE, and RNFR commands. |
| CVE-2000-0134 | 2000-02-08 | The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| CVE-2000-0135 | 2000-02-08 | The @Retail shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| CVE-2000-0136 | 2000-02-08 | The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| CVE-2000-0137 | 2000-02-08 | The CartIt shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
| CVE-2000-0138 | 2000-02-15 | A system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K),... |
| CVE-2000-0142 | 2000-02-16 | The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417. |
| CVE-2000-0143 | 2000-02-16 | The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as... |
| CVE-2000-0147 | 2000-02-16 | snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration. |
| CVE-2000-0151 | 2000-02-16 | GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. |
| CVE-2000-0153 | 2000-02-23 | FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack. |
| CVE-2000-0154 | 2000-02-23 | The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack. |
| CVE-2000-0155 | 2000-02-23 | Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. |
| CVE-2000-0158 | 2000-02-23 | Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon. |
| CVE-2000-0160 | 2000-02-23 | The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer... |
| CVE-2000-0163 | 2000-02-23 | asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file. |
| CVE-2000-0167 | 2000-02-23 | IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. |
| CVE-1999-0189 | 2000-03-22 | Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. |
| CVE-1999-0390 | 2000-03-22 | Buffer overflow in Dosemu Slang library in Linux. |
| CVE-1999-0678 | 2000-03-22 | A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. |
| CVE-1999-0727 | 2000-03-22 | A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. |
| CVE-1999-0733 | 2000-03-22 | Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable. |
| CVE-1999-0740 | 2000-03-22 | Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable. |
| CVE-1999-0746 | 2000-03-22 | A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service. |
| CVE-1999-0778 | 2000-03-22 | Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter. |
| CVE-1999-0783 | 2000-03-22 | FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. |
| CVE-1999-0785 | 2000-03-22 | The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file. |
| CVE-1999-0786 | 2000-03-22 | The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. |
| CVE-1999-0789 | 2000-03-22 | Buffer overflow in AIX ftpd in the libc library. |
| CVE-1999-0796 | 2000-03-22 | FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks. |
| CVE-1999-0797 | 2000-03-22 | NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries. |
| CVE-1999-0806 | 2000-03-22 | Buffer overflow in Solaris dtprintinfo program. |
| CVE-1999-0890 | 2000-03-22 | iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error. |
| CVE-1999-0893 | 2000-03-22 | userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack. |
| CVE-1999-0896 | 2000-03-22 | Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password. |
| CVE-1999-0908 | 2000-03-22 | Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter. |
| CVE-1999-0916 | 2000-03-22 | WebTrends software stores account names and passwords in a file which does not have restricted access permissions. |
| CVE-1999-0920 | 2000-03-22 | Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command. |
| CVE-1999-0931 | 2000-03-22 | Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands. |
| CVE-1999-0964 | 2000-03-22 | Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable. |
| CVE-1999-0966 | 2000-03-22 | Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0]. |