Monthly Archive: February 2000

The ffingerd 1.19 allows remote attackers to identify users on the target system based on its responses. Date published : 2000-02-04

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user’s files via an IMG SRC tag. Date published : 2000-02-04 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-012

MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste a file name into the file upload intrinsic control, a variant of "untrusted scripted paste" as described in MS:MS98-013. Date published : 2000-02-04...

Internet Explorer 4.0 and 5.0 allows a remote attacker to execute security scripts in a different security context using malicious URLs, a variant of the "cross frame" vulnerability. Date published : 2000-02-04 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-012

Denial of service in AOL Instant Messenger when a remote attacker sends a malicious hyperlink to the receiving client, potentially causing a system crash. Date published : 2000-02-04

Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack. Date published : 2000-02-04

The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. Date published : 2000-02-04 http://www.securityfocus.com/bid/115

A weak encryption algorithm is used for passwords in SCO TermVision, allowing them to be easily decrypted by a local user. Date published : 2000-02-04

Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client. Date published : 2000-02-04

The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a remote attacker to read arbitrary files using the "template" parameter. Date published : 2000-02-04

Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter. Date published : 2000-02-04

suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM...

Versions of rpcbind including Linux, IRIX, and Wietse Venema’s rpcbind allow a remote attacker to insert and delete entries by spoofing a source address. Date published : 2000-02-04

Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service. Date published : 2000-02-04 http://www.securityfocus.com/bid/312