National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 133,640 matching records.
Displaying matches 131221 through 131240.
Vuln ID Summary CVSS Severity
CVE-2000-1041

Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2000-1042

Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2000-1043

Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2000-1044

Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibly other Linux operating systems, allows an attacker to gain root privileges.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2000-1045

nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 1.2 LOW
CVE-2000-1046

Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2000-1047

Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2000-1048

Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-1049

Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-1050

Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-1051

Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-1052

Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-1053

Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2000-1054

Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2000-1055

Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2000-1056

CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2000-1057

Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2000-1058

Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem."

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-1059

The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2000-1060

The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.

Published: December 11, 2000; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM