Vulnerability_Archives

CVE_ARCHIVES.DB

ARCHIVE_CHRONOLOGY.INDEXSTATUS: ONLINE

Risk_Filter:

Records: 1,020

Mode: SECURE_QUERY

CVE-2000-1225

MEDIUM

Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration inform

Discovered

Dec 31, 2000

CVE-2000-1226

MEDIUM

Snort 1.6, when running in straight ASCII packet logging mode or IDS mode with straight decoded ASCII packet logging selected, allows remote attackers

Discovered

Dec 31, 2000

CVE-2000-1227

MEDIUM

Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprot

Discovered

Dec 31, 2000

CVE-2000-1228

MEDIUM

Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, op

Discovered

Dec 31, 2000

CVE-2000-1229

MEDIUM

Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the defa

Discovered

Dec 31, 2000

CVE-2000-1230

MEDIUM

Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set

Discovered

Dec 31, 2000

CVE-2000-1231

MEDIUM

code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary files in the phorum directory via the query string.

Discovered

Dec 31, 2000

CVE-2000-1232

MEDIUM

upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method.

Discovered

Dec 31, 2000

CVE-2000-1233

HIGH

SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL param

Discovered

Dec 31, 2000

CVE-2000-1234

MEDIUM

violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the

Discovered

Dec 31, 2000

CVE-2000-1235

MEDIUM

The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attack

Discovered

Dec 31, 2000

CVE-2000-1236

HIGH

SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL

Discovered

Dec 31, 2000

CVE-2000-1237

MEDIUM

The POP3 server in FTGate returns an -ERR code after receiving an invalid USER request, which makes it easier for remote attackers to determine valid

Discovered

Dec 31, 2000

CVE-2000-1238

HIGH

BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via

Discovered

Dec 31, 2000

CVE-2000-1239

HIGH

The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, wh

Discovered

Dec 31, 2000

CVE-2000-1240

MEDIUM

Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 APR 00 allows remote attackers to obtain sensitive information via unknown attac

Discovered

Dec 31, 2000

CVE-2000-1241

HIGH

Unspecified vulnerability in Haakon Nilsen simple, integrated publishing system (SIPS) before 0.2.4 has an unknown impact and attack vectors, related

Discovered

Dec 31, 2000

CVE-2000-1242

HIGH

The HTTP service in American Power Conversion (APC) PowerChute uses a default username and password, which allows remote attackers to gain system acce

Discovered

Dec 31, 2000

CVE-2000-1243

MEDIUM

Privacy leak in Dansie Shopping Cart 3.04, and probably earlier versions, sends sensitive information such as user credentials to an e-mail address co

Discovered

Dec 31, 2000

CVE-2000-1244

HIGH

Computer Associates InoculateIT Agent for Exchange Server does not recognize an e-mail virus attachment if the SMTP header is missing the "From" field

Discovered

Dec 31, 2000

...