Monthly Archive: July 2000

Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability....

Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option. Date published : 2000-07-12 http://www.securityfocus.com/bid/1143 http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html

The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability. Date published : 2000-07-12 http://www.securityfocus.com/bid/1145 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-026

Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka...

Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request"...

Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack. Date published : 2000-07-12 http://www.securityfocus.com/bid/1169 http://www.quake3arena.com/news/index.html

Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables. Date published : 2000-07-12 http://www2.allaire.com/handlers/index.cfm?ID=15099&Method=Full http://www.securityfocus.com/bid/1085

BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers. Date published : 2000-07-12 http://www.securityfocus.com/bid/1100 http://archives.neohapsis.com/archives/bugtraq/2000-04/0029.html

Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods. Date published : 2000-07-12 http://www.securityfocus.com/bid/1119 http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es

The AVM KEN! ISDN Proxy server allows remote attackers to cause a denial of service via a malformed request. Date published : 2000-07-12 http://www.securityfocus.com/bid/1103 http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html

The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. Date published : 2000-07-12 http://www.securityfocus.com/bid/1103 http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html

HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses. Date published : 2000-07-12 http://www.securityfocus.com/bid/1090 http://archives.neohapsis.com/archives/bugtraq/2000-04/0021.html

The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program. Date published : 2000-07-12 http://www.securityfocus.com/bid/1152

Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. Date published : 2000-07-12 http://www.securityfocus.com/bid/1063 http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D2173D.24E39DD0@relaygroup.com