Monthly Archive: February 2000

Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable. Date published : 2000-02-04 http://www.securityfocus.com/bid/831 http://www.securityfocus.com/templates/archive.pike?list=1&msg=38433B7F5A.53F4SHADOWPENGUIN@fox.nightland.net

The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024. Date published : 2000-02-04 http://www.netspace.org/cgi-bin/wa?A2=ind9805B&L=bugtraq&P=R1621

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type. Date published : 2000-02-04 http://marc.info/?l=bugtraq&m=91278867118128&w=2

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches. Date published : 2000-02-04

ROUTERmate has a default SNMP community name which allows remote attackers to modify its configuration. Date published : 2000-02-04 http://www2.merton.ox.ac.uk/~security/rootshell/0022.html

Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. Date published : 2000-02-04 http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R1533

Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable. Date published : 2000-02-04

Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user’s Hotmail account. Date published : 2000-02-04 http://www.securityfocus.com/bid/630

Buffer overflows in Red Hat net-tools package. Date published : 2000-02-04

QMS CrownNet Unix Utilities for 2060 allows root to log on without a password. Date published : 2000-02-04 http://www.securityfocus.com/bid/593

The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Date published : 2000-02-04 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013

The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Date published : 2000-02-04 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013

The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Date published : 2000-02-04 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013

The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. Date published : 2000-02-04 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-013