Monthly Archive: March 2000

The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist. Date published...

Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote attackers to cause a denial of service. Date published : 2000-03-22 ftp://ftp.sco.com/SSE/security_bulletins/SB-00.08a

The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability....

Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. Date published : 2000-03-22 http://www.securityfocus.com/bid/994 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-010

Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. Date published : 2000-03-22 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-009 http://www.osvdb.org/7827

Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000. Date published : 2000-03-22 http://www.securityfocus.com/bid/976

Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client’s PASV...

Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL. Date published : 2000-03-22 http://www.securityfocus.com/bid/977 http://archives.neohapsis.com/archives/bugtraq/2000-02/0057.html

MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. Date published : 2000-03-22 http://www.securityfocus.com/bid/975 http://archives.neohapsis.com/archives/bugtraq/2000-02/0053.html

The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions. Date published : 2000-03-22

Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command. Date published : 2000-03-22 http://www.securityfocus.com/bid/982 http://marc.info/?l=bugtraq&m=95021326417936&w=2

The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim’s SID in the recycler directory, aka the "Recycle Bin...

Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. Date published : 2000-03-22 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006

The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. Date published : 2000-03-22 http://www.securityfocus.com/bid/950 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006