[CLOSE] OSVDB ID : 10332 - Disclosed: 2000-06-08

Description:

(Description Provided by CVE) : Ceilidh allows remote attackers to obtain the real path of the Ceilidh directory via the translated_path hidden form field.

[CLOSE] OSVDB ID : 6287 - Disclosed: 2000-06-07

Description:

McAfee VirusScan contains a flaw that may allow a malicious user to send an unlimited amount of alerts to the Central Alert server. The issue is triggered due to insecure permissions of the alert text file, which contains informations such as username, computer name and informations about detected viruses. It is possible that the flaw may allow an malicious user to arbitrary modify these informations resulting in a loss of integrity.

[CLOSE] OSVDB ID : 6220 - Disclosed: 2000-06-07

Description:

(Description Provided by CVE) : The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."

[CLOSE] OSVDB ID : 2715 - Disclosed: 2000-06-07

Description:

A remote overflow exists in WU-FTPD if S/KEY support is enabled. The skey_challenge function in ftpd.c fails to perform bounds checking on the name variable resulting in a buffer overflow. With a specially crafted request, a remote attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 1390 - Disclosed: 2000-06-07

Description:

(Description Provided by CVE) : The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges.

[CLOSE] OSVDB ID : 3399 - Disclosed: 2000-06-07

Description:

ColdFusion Web Server's administrative login page allows a remote attacker to launch a denial of service. The issue is due to a lack of sanity checks on user submitted content passed to the password field. If a password of 40,000 characters is provided, the web server may crash.

[CLOSE] OSVDB ID : 13686 - Disclosed: 2000-06-07

Description:

(Description Provided by CVE) : Buffer overflow in restore program 0.4b17 and earlier in dump package allows local users to execute arbitrary commands via a long tape name.

[CLOSE] OSVDB ID : 1387 - Disclosed: 2000-06-07

Description:

SSH port in FreeBSD contains a misconfiguration in its sshd_config file that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the SSH daemon is configured to listen on network port 722, in addition to the usual port 22. This flaw may allow malicious users to bypass firewall restrictions and lead to a loss of integrity.

[CLOSE] OSVDB ID : 1388 - Disclosed: 2000-06-07

Description:

(Description Provided by CVE) : Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request.

[CLOSE] OSVDB ID : 1389 - Disclosed: 2000-06-07

Description:

APS Filter Development Team apsfilter contains a flaw that when used on FreeBSD may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when apsfilter, which uses the lpd printing daemon with a setuid of root, insecurely reads filter configurations created by a malicious user. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 4866 - Disclosed: 2000-06-07

Description:

eTrust contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords by accessing a specific registry key and decoding the encrypted passwords, which may lead to a loss of integrity.

[CLOSE] OSVDB ID : 338 - Disclosed: 2000-06-06

Description:

(Description Provided by CVE) : Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.

[CLOSE] OSVDB ID : 1376 - Disclosed: 2000-06-06

Description:

(Description Provided by CVE) : ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.

[CLOSE] OSVDB ID : 1380 - Disclosed: 2000-06-06

Description:

(Description Provided by CVE) : Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command.

[CLOSE] OSVDB ID : 1392 - Disclosed: 2000-06-06

Description:

(Description Provided by CVE) : When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server.

[CLOSE] OSVDB ID : 81028 - Disclosed: 2000-06-06

Description:

CGIProxy contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an unspecified error occurs when handling headers, which will disclose private information to an attacker.

[CLOSE] OSVDB ID : 7817 - Disclosed: 2000-06-06

Description:

Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The problem is due to improper enforcement of frames separation in the same window residing in different domains, which could allow a malicious Web site operator to open a frame in his own domain and a frame that refers to the visiting victim's file system. It is possible to view arbitrary files on a visiting victim's computer if the remote attacker knows or can guess the name and location of the file and if the file can be displayed in a Web browser window resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 7900 - Disclosed: 2000-06-06

Description:

(Description Provided by CVE) : The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.

[CLOSE] OSVDB ID : 7669 - Disclosed: 2000-06-05

Description:

phpGroupWare contains a flaw related to the addressbook. No further details have been provided.

[CLOSE] OSVDB ID : 1379 - Disclosed: 2000-06-05

Description:

FireWall-1 contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a large amount of incomplete framgented packets, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 517 - Disclosed: 2000-06-05

Description:

(Description Provided by CVE) : Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number.

[CLOSE] OSVDB ID : 1385 - Disclosed: 2000-06-05

Description:

(Description Provided by CVE) : BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable.

[CLOSE] OSVDB ID : 1378 - Disclosed: 2000-06-05

Description:

(Description Provided by CVE) : Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.

[CLOSE] OSVDB ID : 1382 - Disclosed: 2000-06-05

Description:

(Description Provided by CVE) : Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request.

[CLOSE] OSVDB ID : 1383 - Disclosed: 2000-06-05

Description:

(Description Provided by CVE) : Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002.

[CLOSE] OSVDB ID : 7826 - Disclosed: 2000-06-05

Description:

(Description Provided by CVE) : Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.

[CLOSE] OSVDB ID : 20188 - Disclosed: 2000-06-04

Description:

(Description Provided by CVE) : Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back.

[CLOSE] OSVDB ID : 408 - Disclosed: 2000-06-04

Description:

(Description Provided by CVE) : Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.

[CLOSE] OSVDB ID : 1417 - Disclosed: 2000-06-04

Description:

(Description Provided by CVE) : xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry.

[CLOSE] OSVDB ID : 11416 - Disclosed: 2000-06-04

Description:

(Description Provided by CVE) : Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.

[CLOSE] OSVDB ID : 6493 - Disclosed: 2000-06-03

Description:

(Description Provided by CVE) : PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords.

[CLOSE] OSVDB ID : 7668 - Disclosed: 2000-06-02

Description:

phpGroupWare contains a flaw related to the 'login.php3' script. No further details have been provided.

[CLOSE] OSVDB ID : 1374 - Disclosed: 2000-06-02

Description:

(Description Provided by CVE) : man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.

[CLOSE] OSVDB ID : 83441 - Disclosed: 2000-06-02

Description:

rxvtcontains a flaw that may allow a denial of service. The issue is triggered when a remote attacker is able to resize the terminal window via escape character sequences, which will cause a denial of service. This flaw will result in loss of availability for the xterm.

[CLOSE] OSVDB ID : 1491 - Disclosed: 2000-06-02

Description:

The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.

[CLOSE] OSVDB ID : 83442 - Disclosed: 2000-06-01

Description:

X11R6 contains a flaw that may allow a denial of service. The issue is triggered when a remote attacker is able to resize the terminal window via escape character sequences, which will cause a denial of service. This flaw will result in loss of availability for the xterm.

[CLOSE] OSVDB ID : 8348 - Disclosed: 2000-06-01

Description:

PuTTY contains a flaw that may allow a denial of service. The issue is triggered when a remote attacker is able to resize the terminal windows size by escape character sequences, which will cause a denial of service. This flaw will result in loss of availability for the xterm.

[CLOSE] OSVDB ID : 83443 - Disclosed: 2000-06-01

Description:

Eterm contains a flaw that may allow a denial of service. The issue is triggered when a remote attacker is able to resize the terminal window via escape character sequences, which will cause a denial of service. This flaw will result in loss of availability for the xterm.

[CLOSE] OSVDB ID : 337 - Disclosed: 2000-06-01

Description:

(Description Provided by CVE) : Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.

[CLOSE] OSVDB ID : 340 - Disclosed: 2000-06-01

Description:

(Description Provided by CVE) : Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request.