Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL. Date published : 2001-01-22 http://www.atstake.com/research/advisories/2000/a091100-1.txt http://www.securityfocus.com/bid/1681
Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. Date...
Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header. Date published : 2001-01-22 http://www.securityfocus.com/bid/1691 http://archives.neohapsis.com/archives/bugtraq/2000-09/0192.html
Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header. Date published : 2001-01-22 http://www.securityfocus.com/bid/1646 http://www.securityfocus.com/bid/1687
Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to execute arbitrary commands via a long username or password. Date published : 2001-01-22 http://www.securityfocus.com/bid/1598 http://archives.neohapsis.com/archives/bugtraq/2000-08/0256.html
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. Date published :...
FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes. Date published : 2001-01-22 http://www.securityfocus.com/bid/1543 http://www.securityfocus.com/archive/1/73843
The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka...
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs...
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass." Date...
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields. Date published : 2001-01-22 http://www.securityfocus.com/bid/1783
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack. Date published : 2001-01-22...
Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service. Date published : 2001-01-22 http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer...
The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication." Date...