CVE-2000-1033
Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users. Date published :...
Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users. Date published :...
CS&T CorporateTime for the Web returns different error messages for invalid usernames and invalid passwords, which allows remote attackers to determine valid usernames on the server. Date published : 2000-11-29 http://www.securityfocus.com/bid/1888 http://www.securityfocus.com/archive/1/142672
Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query. Date published : 2000-11-29 http://www.securityfocus.com/bid/1887 http://www.securityfocus.com/archive/1/141660
Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument. Date published : 2000-11-29 http://www.securityfocus.com/bid/1886 http://www.securityfocus.com/archive/1/142792
eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an...
The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program. Date published : 2000-11-29 http://www.securityfocus.com/bid/1710 http://www.securityfocus.com/archive/1/84766
Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. Date published : 2000-11-29 http://www.securityfocus.com/bid/1689 http://marc.info/?l=bugtraq&m=96925269716274&w=2
Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. Date published : 2000-11-29 http://www.securityfocus.com/bid/1689 http://marc.info/?l=bugtraq&m=96925269716274&w=2
Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database. Date published : 2000-11-29 http://www.securityfocus.com/bid/1732 http://archives.neohapsis.com/archives/bugtraq/2000-10/0007.html
The default configuration of Slashcode before version 2.0 Alpha has a default administrative password, which allows remote attackers to gain Slashcode privileges and possibly execute arbitrary commands. Date published : 2000-11-29 http://www.securityfocus.com/bid/1731 http://archives.neohapsis.com/archives/bugtraq/2000-09/0366.html
The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. Date published : 2000-11-29 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc
The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable. Date published : 2000-11-29 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse...
PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device. Date published...