The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. Date published : 2000-09-21 http://www.securityfocus.com/bid/1532 http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26date%3D2000-07-15%26msg%3DPine.SUN.3.96.1000719235404.24004A-100000@grex.cyberspace.org
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path. Date published : 2000-09-21...
The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privileges by connecting to the service and specifying the commands to be executed. Date published : 2000-09-21...
Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. Date published : 2000-09-21 http://www.securityfocus.com/bid/1633 http://www.securityfocus.com/templates/archive.pike?list=1&msg=Springmail.105.967737080.0.16997300@www.springmail.com
Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges. Date published : 2000-09-21 http://www.securityfocus.com/bid/1581 http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html
Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments. Date published : 2000-09-21 http://www.securityfocus.com/bid/1629 http://archives.neohapsis.com/archives/freebsd/2000-08/0339.html
OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse. Date published : 2000-09-21 http://www.securityfocus.com/bid/1511...
Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are...
Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user forwards a message. Date published :...
Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user replies to a message. Date published...
eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections. Date published : 2000-09-21 http://www.securityfocus.com/bid/1627 http://marc.info/?l=bugtraq&m=96774637326591&w=2
The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files. Date published : 2000-09-21 http://www.securityfocus.com/bid/1622 http://archives.neohapsis.com/archives/bugtraq/2000-08/0356.html
Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config. Date published : 2000-09-21 http://www.securityfocus.com/bid/1596...
Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages. Date published : 2000-09-21 http://www.securityfocus.com/bid/1593 http://www.securityfocus.com/templates/archive.pike?list=1&msg=E13QAYl-0007il-00@the-village.bc.nu