Monthly Archive: April 2000

Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. Date published : 2000-04-10 http://www.securityfocus.com/bid/1012

The htdig () CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. Date published : 2000-04-10 http://www.securityfocus.com/bid/1026

SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. Date published : 2000-04-10 http://www.securityfocus.com/bid/1031

Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. Date published : 2000-04-10 http://www.securityfocus.com/bid/1041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-014

The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. Date published...

Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability....

Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message. Date published : 2000-04-10 http://www.securityfocus.com/bid/1018

buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters. Date published : 2000-04-10 http://www.securityfocus.com/bid/1007 http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html

ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. Date published : 2000-04-10 http://www.securityfocus.com/bid/1021

Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. Date published : 2000-04-10 http://www.securityfocus.com/bid/1020

iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic. Date published : 2000-04-10

ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions. Date published : 2000-04-10 http://www.securityfocus.com/bid/1017

The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. Date published : 2000-04-10 http://www.securityfocus.com/bid/1038

Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. Date published : 2000-04-10 http://www.securityfocus.com/bid/1011