POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks. Date published...
add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable. Date published : 2001-01-22 http://marc.info/?l=bugtraq&m=97240616129614&w=2 http://www.osvdb.org/6487
Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters. Date published...
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell. Date published : 2001-01-22 ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name. Date published : 2001-01-22 ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable. Date published : 2001-01-22 http://www.securityfocus.com/bid/1746 http://marc.info/?l=bugtraq&m=97068555106135&w=2
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. Date published : 2001-01-22 http://www.securityfocus.com/bid/1744 http://marc.info/?l=bugtraq&m=97068555106135&w=2
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack. Date published : 2001-01-22 http://www.securityfocus.com/bid/1742 http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html
Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability. Date published :...
cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username. Date published : 2001-01-22 http://www.securityfocus.com/bid/1809 http://archives.neohapsis.com/archives/bugtraq/2000-10/0258.html
Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username. Date published : 2001-01-22 http://archives.neohapsis.com/archives/bugtraq/2000-10/0293.html http://www.osvdb.org/6488
The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string. Date published : 2001-01-22 http://www.securityfocus.com/bid/1838
Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability....
Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to...