Latest CVE Feed
-
6.4
MEDIUMCVE-2000-0759
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.... Read more
Affected Products : tomcat- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2000-0702
The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.... Read more
Affected Products : hp-ux- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2000-0677
Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.... Read more
Affected Products : net.data- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2000-0790
The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a d... Read more
- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2000-0684
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.... Read more
Affected Products : weblogic_server- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2000-0788
The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.... Read more
- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2000-0755
Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges.... Read more
Affected Products : openview_network_node_manager- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2000-0731
Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack.... Read more
Affected Products : worm_webserver- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2000-0779
Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests.... Read more
Affected Products : firewall-1- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2000-0740
Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port.... Read more
Affected Products : net_tools_pki_server- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2000-0686
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.... Read more
Affected Products : auction_weaver- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2000-0680
The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a... Read more
Affected Products : cvs- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2000-0689
Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.... Read more
Affected Products : account_manager- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2000-0694
pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack.... Read more
Affected Products : raptor_gfx_pgx32- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
6.2
MEDIUMCVE-2000-0722
Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages.... Read more
Affected Products : gnome_updater- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2000-0767
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.... Read more
Affected Products : internet_explorer- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2000-0785
WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files via the importmotd command, which sets the Message of the Day (MOTD) to the specified file.... Read more
Affected Products : irc_server- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2000-0748
OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse.... Read more
Affected Products : openldap- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2000-0705
ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.... Read more
Affected Products : ntop- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2000-0732
Worm HTTP server allows remote attackers to cause a denial of service via a long URL.... Read more
Affected Products : worm_webserver- Published: Oct. 20, 2000
- Modified: Apr. 03, 2025