Search Results (Refine Search)
- CVSS Version: 3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2000-0499 |
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Published: June 08, 2000; 12:00:00 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2000-0552 |
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information. Published: June 06, 2000; 12:00:00 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2000-0342 |
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." Published: April 28, 2000; 12:00:00 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2000-0338 |
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user. Published: April 23, 2000; 12:00:00 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2000-1218 |
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. Published: April 14, 2000; 12:00:00 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2000-0258 |
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. Published: April 12, 2000; 12:00:00 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-1999-1127 |
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability. Published: December 31, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-1999-1324 |
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing. Published: December 31, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-1999-1386 |
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file. Published: December 31, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-1999-1549 |
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. Published: November 16, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 5.0 MEDIUM |
CVE-1999-0426 |
The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing. Published: March 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-1999-1568 |
Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command. Published: January 01, 1999; 12:00:00 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-1999-0783 |
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. Published: June 16, 1998; 12:00:00 AM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 5.0 MEDIUM |
CVE-1999-1152 |
Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force attack. Published: June 03, 1998; 12:00:00 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-1999-0239 |
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET. Published: January 01, 1998; 12:00:00 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-1999-0236 |
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs. Published: January 01, 1997; 12:00:00 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |