Monthly Archive: June 2000

Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. Date published : 2000-06-02 http://www.securityfocus.com/bid/235 http://marc.info/?l=bugtraq&m=88053459921223&w=2

The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer’s Kit 1.0 allows an applet to connect to arbitrary hosts. Date published : 2000-06-02

Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon. Date published : 2000-06-02

AIX infod allows local users to gain root access through an X display. Date published : 2000-06-02 http://marc.info/?l=bugtraq&m=91158980826979&w=2

JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user’s web activities, aka the Bell Labs vulnerability. Date published : 2000-06-02 http://www.codetalker.com/advisories/vendor/hp/hpsbux9707-065.html

The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability. Date published : 2000-06-02 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-049

A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. Date published :...

Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking. Date published : 2000-06-02 http://www.securityfocus.com/bid/604 http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.19990824165629.00abcb40@192.168.124.1

Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability. Date published : 2000-06-02 http://marc.info/?l=bugtraq&m=93993545118416&w=2...

The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability. Date published : 2000-06-02 https://www.securityfocus.com/bid/595 http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-22&msg=19990729195531.25108.qmail@underground.org

Buffer overflow in healthd for FreeBSD allows local users to gain root privileges. Date published : 2000-06-02 http://www.securityfocus.com/bid/1107 http://www.securityfocus.com/templates/advisory.html?id=2162

Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM...

The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name. Date published : 2000-06-02 http://www.securityfocus.com/bid/1096 http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html

Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system...