SAINT Documentation
SAINT Corporation
SAINT Home
--------

CVE Cross Reference

The CVE Cross Reference is divided into three sections. The first section lists the SAINT tutorials that correspond to accepted CVEs. The second section lists the SAINT tutorials that correspond to candidate CVEs. The third section lists the SAINT tutorials that do not correspond to any accepted or candidate CVEs.

All three sections have a column indicating whether the tutorial is related to one of the vulnerabilities on the SANS Twenty Most Critical Internet Security Vulnerabilities. If the CVE or candidate CVE was specifically mentioned in the Top 20 list, it is marked with a check mark (). If the CVE or candidate CVE is related to those discussed in the Top 20, it is marked with an asterisk (*).

Current CVEs

(Based on CVE version 20020309 and SANS Top 20 version 2.008.)
  CVE # CVE Description SAINT™ Tutorial
SANS Top 20
BROWN CVE-1999-0002 Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. mountd vulnerabilities
CHECKMARK
RED CVE-1999-0003 Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd) tooltalk version
CHECKMARK
RED CVE-1999-0005 Arbitrary command execution via IMAP buffer overflow in authenticate command. imap version
 
RED CVE-1999-0006 Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. pop version
 
BROWN CVE-1999-0008 Buffer overflow in NIS+, in Sun's rpc.nisd program nisd vulnerability
*
RED CVE-1999-0009 Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. DNS vulnerabilities
CHECKMARK
RED CVE-1999-0010 Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. DNS vulnerabilities
*
RED CVE-1999-0011 Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. DNS vulnerabilities
*
RED CVE-1999-0013 Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. SSH vulnerabilities
 
YELLOW CVE-1999-0017 FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. FTP bounce
 
BROWN CVE-1999-0018 Buffer overflow in statd allows root privileges. rpc statd access
CHECKMARK
BROWN CVE-1999-0019 Delete or create a file via rpc.statd, due to invalid information. rpc statd access
CHECKMARK
RED CVE-1999-0021 Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. http cgi access
CHECKMARK
RED CVE-1999-0024 DNS cache poisoning via BIND, by predictable query IDs. DNS vulnerabilities
CHECKMARK
RED CVE-1999-0035 Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. FTP vulnerabilities
 
RED CVE-1999-0039 Arbitrary command execution using webdist CGI program in IRIX. http cgi access
CHECKMARK
RED CVE-1999-0042 Buffer overflow in University of Washington's implementation of IMAP and POP servers. imap version
 
RED CVE-1999-0042 Buffer overflow in University of Washington's implementation of IMAP and POP servers. pop version
 
RED CVE-1999-0043 Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. innd vulnerabilities
 
BROWN CVE-1999-0045 List of arbitrary files on Web host via nph-test-cgi script http cgi info
*
RED CVE-1999-0047 MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. Sendmail vulnerabilities
CHECKMARK
RED CVE-1999-0058 Buffer overflow in PHP cgi program, php.cgi allows shell access. http cgi access
CHECKMARK
YELLOW CVE-1999-0059 IRIX fam service allows an attacker to obtain a list of all files on the server. SGI fam vulnerability
 
RED CVE-1999-0067 CGI phf program allows remote command execution through shell metacharacters. http cgi access
CHECKMARK
BROWN CVE-1999-0070 test-cgi program allows an attacker to list files on the server http cgi info
*
RED CVE-1999-0080 wu-ftp FTP server allows root access via "site exec" command. FTP vulnerabilities
 
RED CVE-1999-0095 The debug command in Sendmail is enabled, allowing attackers to execute commands as root. Sendmail vulnerabilities
*
RED CVE-1999-0096 Sendmail decode alias can be used to overwrite sensitive files sendmail decode
*
RED CVE-1999-0100 Remote access in AIX innd 1.5.1, using control messages. innd vulnerabilities
 
RED CVE-1999-0103 Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. packet flooding problems
 
RED CVE-1999-0129 Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. Sendmail vulnerabilities
*
RED CVE-1999-0130 Local users can start Sendmail in daemon mode and gain root privileges. Sendmail vulnerabilities
CHECKMARK
RED CVE-1999-0131 Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. Sendmail vulnerabilities
CHECKMARK
RED CVE-1999-0146 The campas CGI program provided with some NCSA web servers allows an attacker to read arbitrary files. http cgi access
*
RED CVE-1999-0147 The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands http cgi access
*
RED CVE-1999-0148 The handler CGI program in IRIX allows arbitrary command execution. http cgi access
*
BROWN CVE-1999-0149 The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. http cgi info
*
BROWN CVE-1999-0151 The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. SAINT password disclosure
 
RED CVE-1999-0168 The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. NFS export via portmapper
 
RED CVE-1999-0174 The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. http cgi access
*
RED CVE-1999-0176 The Webgais program allows a remote user to execute arbitrary commands. http cgi access
*
RED CVE-1999-0177 The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. http cgi access
*
RED CVE-1999-0178 The win-c-sample program in the WebSite web server has a buffer overflow that allows remote execution of commands. http cgi access
*
RED CVE-1999-0196 The websendmail program in the Webgais program allows a remote user to access arbitrary files. http cgi access
*
RED CVE-1999-0203 In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. Sendmail vulnerabilities
CHECKMARK
RED CVE-1999-0204 Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. Sendmail vulnerabilities
CHECKMARK
RED CVE-1999-0206 MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. Sendmail vulnerabilities
CHECKMARK
BROWN CVE-1999-0210 Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. rpc statd access
CHECKMARK
RED CVE-1999-0219 Buffer overflow in Serv-U FTP server when user performs a cwd to a directory with a long name. Serv U vulnerabilities
 
BROWN CVE-1999-0237 Remote execution of arbitrary commands through Guestbook CGI program. http potential problems
*
RED CVE-1999-0248 A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. SSH vulnerabilities
 
RED CVE-1999-0260 The jj CGI program allows command execution via shell metacharacters. http cgi access
*
RED CVE-1999-0262 faxsurvey CGI script on Linux allows remote command execution via shell metacharacters. http cgi access
*
RED CVE-1999-0264 htmlscript CGI program allows remote read access to files. http cgi access
*
RED CVE-1999-0266 The info2www CGI script allows remote file access or remote command execution. http cgi access
*
RED CVE-1999-0270 pfdispaly CGI program for SGI's Performer API Search Tool allows read access to files. http cgi access
*
BROWN CVE-1999-0279 Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. http potential problems
*
RED CVE-1999-0320 SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. calendar manager
*
RED CVE-1999-0368 Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. FTP vulnerabilities
 
BROWN CVE-1999-0493 rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. rpc statd access
CHECKMARK
RED CVE-1999-0513 ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. packet flooding problems
 
RED CVE-1999-0514 UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. packet flooding problems
 
YELLOW CVE-1999-0526 An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. unrestricted X server access
 
YELLOW CVE-1999-0612 A version of finger is running that exposes valid user information to any entity on the network. excessive finger info
 
YELLOW CVE-1999-0626 A version of rusers is running that exposes valid user information to any entity on the network. rusersd vulnerability
 
RED CVE-1999-0627 The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. REXD access
 
RED CVE-1999-0696 Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd) calendar manager
CHECKMARK
BROWN CVE-1999-0704 Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. amd buffer overflow
CHECKMARK
RED CVE-1999-0705 Buffer overflow in INN inews program. innd vulnerabilities
 
BROWN CVE-1999-0710 The RedHat squid program installs cachemgr.cgi in a public web directory, allowing remote attackers to use it as an intermediary to connect to other systems. Squid vulnerabilities
 
RED CVE-1999-0744 Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. Netscape vulnerabilities
*
RED CVE-1999-0751 Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. Netscape vulnerabilities
*
RED CVE-1999-0752 Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. Netscape vulnerabilities
*
RED CVE-1999-0756 ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility. http Cold Fusion
*
RED CVE-1999-0758 Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL. Netscape vulnerabilities
 
RED CVE-1999-0758 Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL. http Website Pro
 
RED CVE-1999-0771 The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack. Compaq Insight Manager http server
*
RED CVE-1999-0772 Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301. Compaq Insight Manager http server
CHECKMARK
RED CVE-1999-0789 Buffer overflow in AIX ftpd in the libc library. FTP vulnerabilities
 
BROWN CVE-1999-0832 Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname. mountd vulnerabilities
*
RED CVE-1999-0833 Buffer overflow in BIND 8.2 via NXT records. DNS vulnerabilities
CHECKMARK
RED CVE-1999-0834 Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library. SSH vulnerabilities
 
RED CVE-1999-0835 Denial of service in BIND named via malformed SIG records. DNS vulnerabilities
CHECKMARK
RED CVE-1999-0837 Denial of service in BIND by improperly closing TCP sessions via so_linger. DNS vulnerabilities
*
RED CVE-1999-0838 Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command. Serv U vulnerabilities
 
RED CVE-1999-0848 Denial of service in BIND named via consuming more than "fdmax" file descriptors. DNS vulnerabilities
CHECKMARK
RED CVE-1999-0849 Denial of service in BIND named via maxdname. DNS vulnerabilities
CHECKMARK
RED CVE-1999-0851 Denial of service in BIND named via naptr. DNS vulnerabilities
CHECKMARK
RED CVE-1999-0853 Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure. Netscape vulnerabilities
*
RED CVE-1999-0868 ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. innd vulnerabilities
 
RED CVE-1999-0874 Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. http IIS access
*
RED CVE-1999-0878 Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR. FTP vulnerabilities
 
RED CVE-1999-0879 Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file. FTP vulnerabilities
 
RED CVE-1999-0880 Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly. FTP vulnerabilities
 
RED CVE-1999-0922 An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file. http Cold Fusion
*
RED CVE-1999-0924 The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service. http Cold Fusion
*
RED CVE-1999-0951 Buffer overflow in OmniHTTPd CGI program imagemap.cgi allows remote attackers to execute commands. http cgi access
*
BROWN CVE-1999-0953 WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. http cgi info
*
RED CVE-1999-0955 Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain root access via the SITE EXEC command. FTP vulnerabilities
 
RED CVE-1999-0977 Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request. sadmind
CHECKMARK
RED CVE-1999-1011 The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. ODBC RDS
CHECKMARK
BROWN CVE-1999-1481 Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair. Squid vulnerabilities
 
BROWN CVE-2000-0012 Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. http potential problems
CHECKMARK
RED CVE-2000-0026 Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. UnixWare i2odialogd
 
RED CVE-2000-0039 AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. http cgi access
CHECKMARK
BROWN CVE-2000-0062 The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities. Zope vulnerabilities
 
RED CVE-2000-0065 Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request. Inetserv vulnerabilities
 
BROWN CVE-2000-0097 The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. http potential problems
*
RED CVE-2000-0161 Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. http cgi access
*
BROWN CVE-2000-0179 HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555. HP Openview vulnerabilities
CHECKMARK
RED CVE-2000-0207 SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. http cgi access
CHECKMARK
RED CVE-2000-0208 The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. http cgi access
CHECKMARK
RED CVE-2000-0236 Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. Netscape vulnerabilities
 
BROWN CVE-2000-0245 Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts. objectserver vulnerability
 
BROWN CVE-2000-0260 Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. Visual Interdev vulnerability
*
RED CVE-2000-0282 TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program. http cgi access
*
BROWN CVE-2000-0283 The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. Performance Copilot
 
BROWN CVE-2000-0306 Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message. OpenServer calserver
 
BROWN CVE-2000-0322 The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters. http potential problems
*
BROWN CVE-2000-0389 Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. Kerberos detected
 
BROWN CVE-2000-0390 Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. Kerberos detected
 
BROWN CVE-2000-0391 Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. Kerberos detected
 
BROWN CVE-2000-0397 The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account. http potential problems
*
RED CVE-2000-0424 The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters. http cgi access
*
RED CVE-2000-0432 The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters. http cgi access
*
BROWN CVE-2000-0437 Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands. Gauntlet WebShield cyberdaemon
 
RED CVE-2000-0442 Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command. pop version
 
RED CVE-2000-0443 The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. JetAdmin vulnerabilities
*
RED CVE-2000-0472 Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID. innd vulnerabilities
 
BROWN CVE-2000-0483 The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization. Zope vulnerabilities
 
RED CVE-2000-0556 Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002. http Cmail access
 
RED CVE-2000-0557 Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request. http Cmail access
 
BROWN CVE-2000-0558 Buffer overflow in HP Openview Network Node Manager 6.1 allows remote attackers to execute arbitrary commands via the Alarm service (OVALARMSRV) on port 2345. HP Openview vulnerabilities
CHECKMARK
RED CVE-2000-0573 The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. FTP vulnerabilities
 
RED CVE-2000-0622 Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter. http Website Pro
 
BROWN CVE-2000-0628 The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files. http potential problems
*
RED CVE-2000-0638 Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. http cgi access
*
BROWN CVE-2000-0639 The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server. http potential problems
CHECKMARK
BROWN CVE-2000-0666 rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. rpc statd access
CHECKMARK
BROWN CVE-2000-0677 Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable. http potential problems
*
RED CVE-2000-0682 BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. WebLogic vulnerabilities
 
RED CVE-2000-0683 BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet. WebLogic vulnerabilities
 
RED CVE-2000-0684 BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file. WebLogic vulnerabilities
 
RED CVE-2000-0685 BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file. WebLogic vulnerabilities
 
RED CVE-2000-0699 Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command. FTP vulnerabilities
 
RED CVE-2000-0705 ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack. ntop server vulnerability
 
RED CVE-2000-0706 Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands. ntop server vulnerability
 
RED CVE-2000-0707 PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password. http cgi access
*
BROWN CVE-2000-0725 Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request. Zope vulnerabilities
 
BROWN CVE-2000-0733 Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request. IRIX telnetd
 
BROWN CVE-2000-0739 Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server. Net Tools PKI Server
 
BROWN CVE-2000-0740 Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port. Net Tools PKI Server
 
BROWN CVE-2000-0741 Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension. Net Tools PKI Server
 
BROWN CVE-2000-0743 Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value. gopher vulnerabilities
 
BROWN CVE-2000-0744 DEPRECATED. This entry has been deprecated. It is a duplicate of CVE-2000-0743. gopher vulnerabilities
 
RED CVE-2000-0778 IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. http IIS access
 
RED CVE-2000-0782 netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. http cgi access
*
RED CVE-2000-0837 FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes. Serv U vulnerabilities
 
RED CVE-2000-0853 YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack. http cgi access
*
RED CVE-2000-0884 IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. http IIS access
CHECKMARK
RED CVE-2000-0886 IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. http IIS access
 
RED CVE-2000-0887 named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug." DNS vulnerabilities
*
RED CVE-2000-0888 named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug." DNS vulnerabilities
*
RED CVE-2000-0900 Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack. http cgi access
*
RED CVE-2000-0912 MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter. http cgi access
*
RED CVE-2000-0915 fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name. finger vulnerabilities
 
BROWN CVE-2000-0917 Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands. LPRng vulnerability
CHECKMARK
RED CVE-2000-0920 Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "." http server read access
 
RED CVE-2000-0943 Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command. bftpd vulnerabilities
 
RED CVE-2000-0945 The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. Cisco Catalyst access
 
BROWN CVE-2000-0947 Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. CFEngine detected
 
BROWN CVE-2000-0978 bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter. http potential problems
*
BROWN CVE-2000-1014 Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter. http potential problems
*
RED CVE-2000-1047 Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command. Lotus Domino SMTP vulnerability
 
RED CVE-2000-1050 Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash"). JRun vulnerabilities
 
RED CVE-2000-1051 Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet. JRun vulnerabilities
*
YELLOW CVE-2000-1071 The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges. unrestricted X server access
 
BROWN CVE-2000-1075 Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services. http potential problems
*
BROWN CVE-2000-1077 Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension. iPlanet vulnerabilities
 
BROWN CVE-2000-1089 Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability. http potential problems
*
BROWN CVE-2000-1149 Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability. Microsoft Terminal Server
 
BROWN CVE-2001-0008 Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures. Interbase detected
 
RED CVE-2001-0009 Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack. Lotus Domino HTTP vulnerability
 
RED CVE-2001-0010 Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges. DNS vulnerabilities
CHECKMARK
RED CVE-2001-0011 Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. DNS vulnerabilities
CHECKMARK
RED CVE-2001-0012 BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables. DNS vulnerabilities
*
RED CVE-2001-0013 Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. DNS vulnerabilities
CHECKMARK
RED CVE-2001-0021 MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template paramater. http cgi access
*
BROWN CVE-2001-0036 KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file. Kerberos detected
 
RED CVE-2001-0039 IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes. IMail vulnerabilities
 
RED CVE-2001-0053 One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges. FTP vulnerabilities
 
RED CVE-2001-0054 Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. Serv U vulnerabilities
 
YELLOW CVE-2001-0077 The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations. Sun Cluster vulnerabilities
 
RED CVE-2001-0123 Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter. http cgi access
*
BROWN CVE-2001-0128 Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. Zope vulnerabilities
 
RED CVE-2001-0129 Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request. tinyproxy vulnerability
 
RED CVE-2001-0130 Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier. Lotus Domino SMTP vulnerability
 
RED CVE-2001-0136 Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed. FTP vulnerabilities
 
RED CVE-2001-0144 CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow. SSH vulnerabilities
 
RED CVE-2001-0155 Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers. VShell vulnerability
 
RED CVE-2001-0156 VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users conduct arbitrary port forwarding to other systems. VShell vulnerability
 
BROWN CVE-2001-0164 Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field. http potential problems
*
RED CVE-2001-0179 Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." JRun vulnerabilities
 
RED CVE-2001-0189 Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request. http server read access
 
BROWN CVE-2001-0194 Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line. CUPS vulnerabilities
 
RED CVE-2001-0197 Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands. icecast vulnerability
 
RED CVE-2001-0236 Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event. SNMP to DMI mapper
CHECKMARK
RED CVE-2001-0241 Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. http IIS access
CHECKMARK
RED CVE-2001-0260 Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long "RCPT TO" command. Lotus Domino SMTP vulnerability
 
RED CVE-2001-0280 Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command. MERCUR vulnerabilities
 
RED CVE-2001-0295 Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command. FTP server directory traversal
 
RED CVE-2001-0318 Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd). FTP vulnerabilities
 
RED CVE-2001-0321 opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter. http cgi access
*
BROWN CVE-2001-0327 iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server. iPlanet vulnerabilities
 
BROWN CVE-2001-0330 Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed. http potential problems
*
BROWN CVE-2001-0331 Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands. espd vulnerability
*
RED CVE-2001-0333 Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. http IIS access
 
RED CVE-2001-0341 Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. http FrontPage
*
RED CVE-2001-0345 Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. Microsoft Telnet Server
 
RED CVE-2001-0346 Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. Microsoft Telnet Server
 
RED CVE-2001-0347 Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. Microsoft Telnet Server
 
RED CVE-2001-0348 Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. Microsoft Telnet Server
 
RED CVE-2001-0351 Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. Microsoft Telnet Server
 
RED CVE-2001-0353 Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine. Sun lpd
CHECKMARK
RED CVE-2001-0361 Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. SSH vulnerabilities
 
BROWN CVE-2001-0414 Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument. NTP vulnerabilities
 
RED CVE-2001-0442 Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command. pop version
 
RED CVE-2001-0462 Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. http server read access
 
RED CVE-2001-0463 Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter. http cgi access
*
RED CVE-2001-0467 Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request. http server read access
 
RED CVE-2001-0494 Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. IMail vulnerabilities
 
RED CVE-2001-0495 Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. (dot dot) attack. http server read access
 
RED CVE-2001-0500 Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. http IIS access
CHECKMARK
BROWN CVE-2001-0502 Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users. LDAP over SSL
 
RED CVE-2001-0504 Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying. Microsoft mail server vulnerabilities
 
BROWN CVE-2001-0514 SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network. Guessable Read Community
*
BROWN CVE-2001-0537 HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. Cisco web interface access
 
RED CVE-2001-0554 Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. telnetd vulnerabilities
 
RED CVE-2001-0574 Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows a remote attacker to download arbitrary files via a '..' (dot dot) in the URL. http server read access
 
RED CVE-2001-0615 Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'. http server read access
 
RED CVE-2001-0630 Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the 'loc' variable. http cgi access
*
RED CVE-2001-0653 Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number. Sendmail vulnerabilities
 
YELLOW CVE-2001-0658 Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message. Cross site scripting
 
BROWN CVE-2001-0663 Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets. Microsoft Terminal Server
 
BROWN CVE-2001-0668 Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands. HPUX rlpdaemon
CHECKMARK
BROWN CVE-2001-0670 Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue. BSD lpd
CHECKMARK
RED CVE-2001-0680 Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command. FTP server directory traversal
 
BROWN CVE-2001-0690 Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers. Exim vulnerability
 
BROWN CVE-2001-0716 Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server. Microsoft Terminal Server
 
RED CVE-2001-0717 Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function. tooltalk version
*
RED CVE-2001-0728 Buffer overflow in Compaq Management Agents before 5.2, included in Compaq Web-enabled Management Software, allows local users to gain privileges. Compaq Insight Manager http server
 
RED CVE-2001-0779 Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username. yppasswdd detected
*
RED CVE-2001-0803 Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands CDE Subprocess Control daemon
*
RED CVE-2001-0816 OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands. SSH vulnerabilities
 
YELLOW CVE-2001-0828 A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript. Cross site scripting
 
RED CVE-2001-0834 htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file. http cgi access
*
BROWN CVE-2001-0836 Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. Oracle Web Cache
 
BROWN CVE-2001-0843 Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request. Squid vulnerabilities
 
RED CVE-2001-0846 Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf). Lotus Domino HTTP vulnerability
 
BROWN CVE-2001-0876 Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL. MS Universal Plug and Play
 
BROWN CVE-2001-0877 Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system. MS Universal Plug and Play
 
BROWN CVE-2001-0879 Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. Microsoft SQL Server
 
RED CVE-2001-0963 Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... (modified dot dot) in the CD (CWD) command. FTP server directory traversal
 
BROWN CVE-2001-0965 glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters. FTP filename globbing
 
RED CVE-2001-0982 Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings. http server read access
 
RED CVE-2001-1037 Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. Cisco developers shell
 
RED CVE-2001-1038 Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. Cisco developers shell
 

Candidate CVEs

  CVE # CVE Description SAINT™ Tutorial
SANS Top 20
BROWN CAN-1999-0186 In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. Guessable Read Community
CHECKMARK
BROWN CAN-1999-0333 HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack. HP Openview vulnerabilities
 
RED CAN-1999-0455 The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. http Cold Fusion
CHECKMARK
RED CAN-1999-0477 The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. http Cold Fusion
CHECKMARK
RED CAN-1999-0501 A Unix account has a guessable password. guessed account password
CHECKMARK
RED CAN-1999-0502 A Unix account has a default, null, blank, or missing password. guessed account password
CHECKMARK
RED CAN-1999-0503 A Windows NT local user or administrator account has a guessable password. guessed account password
CHECKMARK
RED CAN-1999-0504 A Windows NT local user or administrator account has a default, null, blank, or missing password. guessed account password
*
RED CAN-1999-0505 A Windows NT domain user or administrator account has a guessable password. guessed account password
CHECKMARK
RED CAN-1999-0506 A Windows NT domain user or administrator account has a default, null, blank, or missing password. guessed account password
CHECKMARK
RED CAN-1999-0509 Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. http cgi access
CHECKMARK
RED CAN-1999-0509 Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. http cgi shells
*
BROWN CAN-1999-0512 A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers. SMTP mail relay
 
RED CAN-1999-0515 An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. remote shell access
 
BROWN CAN-1999-0516 An SNMP community name is guessable. Guessable Read Community
CHECKMARK
YELLOW CAN-1999-0517 An SNMP community name is the default (e.g. public), null, or missing. Cisco IOS SNMP access
CHECKMARK
BROWN CAN-1999-0517 An SNMP community name is the default (e.g. public), null, or missing. Guessable Read Community
CHECKMARK
RED CAN-1999-0520 A system-critical NETBIOS/SMB share has inappropriate access control. open SMB shares
CHECKMARK
RED CAN-1999-0527 The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten. writable FTP directory
 
BROWN CAN-1999-0531 An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO. sendmail info
*
RED CAN-1999-0554 NFS exports system-critical data to the world, e.g. / or a password file. unrestricted NFS export
 
YELLOW CAN-1999-0562 The registry in Windows NT can be accessed remotely by users who are not administrators. registry access
*
YELLOW CAN-1999-0589 A system-critical Windows NT registry key has inappropriate permissions. registry access
*
RED CAN-1999-0616 The TFTP service is running. TFTP file access
 
BROWN CAN-1999-0618 The rexec service is running. rexec on the Internet
 
BROWN CAN-1999-0624 The rstat/rstatd service is running. rstatd vulnerability
 
BROWN CAN-1999-0651 The rsh/rlogin service is running. remote login on the Internet
CHECKMARK
BROWN CAN-1999-0651 The rsh/rlogin service is running. remote shell on the Internet
CHECKMARK
BROWN CAN-1999-0652 A database service is running, e.g. a SQL server, Oracle, or mySQL. Microsoft SQL Server
 
RED CAN-1999-0660 A hacker utility or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc. backdoor found
 
RED CAN-1999-0660 A hacker utility or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc. hacker program found
 
RED CAN-1999-0660 A hacker utility or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc. rootkits
 
BROWN CAN-1999-0662 A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete. Windows updates needed
Note: Domain administrator password is required to detect this vulnerability
 
RED CAN-1999-0736 The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. http IIS samples
*
RED CAN-1999-0738 The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. http IIS samples
*
RED CAN-1999-0739 The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. http IIS samples
*
RED CAN-1999-0923 Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls. http Cold Fusion
*
BROWN CAN-1999-1273 Squid Internet Object Cache 1.1.20 allows users to bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences. Squid vulnerabilities
 
RED CAN-2000-0114 Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. http FrontPage
*
RED CAN-2000-0138 A system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K), (4) stacheldraht, (5) mstream, or (6) shaft. distributed denial of service
 
BROWN CAN-2000-0147 snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration. Guessable Write Community
*
BROWN CAN-2000-0158 Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon. MMDF vulnerability
 
RED CAN-2000-0176 The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist. Serv U vulnerabilities
 
RED CAN-2000-0198 Buffer overflow in POP3 and IMAP servers in the MERCUR mail server suite allows remote attackers to cause a denial of service. MERCUR vulnerabilities
 
RED CAN-2000-0239 Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request. MERCUR vulnerabilities
 
BROWN CAN-2000-0248 The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor passowrd that allows remote attackers to execute arbitrary commands. http potential problems
*
BROWN CAN-2000-0429 A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands. http potential problems
*
RED CAN-2000-0444 HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000. JetAdmin vulnerabilities
*
RED CAN-2000-0574 FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands. FTP vulnerabilities
 
RED CAN-2000-0590 Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter. http cgi access
*
RED CAN-2000-0623 Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header. http Website Pro
 
RED CAN-2000-0629 The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet. http cgi access
*
BROWN CAN-2000-0696 The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script. AnswerBook vulnerabilities
 
BROWN CAN-2000-0697 The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters. AnswerBook vulnerabilities
 
RED CAN-2000-0769 O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe. http cgi access
*
RED CAN-2000-0812 The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag. http cgi access
*
BROWN CAN-2000-0826 Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long GET request. http potential problems
*
BROWN CAN-2000-0827 Buffer overflow in the web authorization form of Mobius DocumentDirect for the Internet 1.2 allows remote attackers to cause a denial of service or execute arbitrary commands via a long username. http potential problems
*
BROWN CAN-2000-0828 Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long User-Agent parameter. http potential problems
*
RED CAN-2000-0832 Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter. http cgi access
*
RED CAN-2000-0842 The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. http cgi access
*
RED CAN-2000-1046 Buffer overflows in ESMTP service of Lotus Domino 5.0.2c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO," "SAML FROM," or "SOML FROM" command. Lotus Domino SMTP vulnerability
 
RED CAN-2000-1052 Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet. JRun vulnerabilities
*
RED CAN-2000-1053 Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. JRun vulnerabilities
 
RED CAN-2000-1176 Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catsearch" form field. http cgi access
*
RED CAN-2000-1186 Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header. http cgi access
*
RED CAN-2001-0037 Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers. http server read access
 
RED CAN-2001-0064 Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier allows remote attackers to cause a denial of service via a long URL terminated by a "\r\n" string. MDaemon vulnerabilities
 
RED CAN-2001-0065 Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long SITE CHOWN command. bftpd vulnerabilities
 
RED CAN-2001-0098 Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. http server read access
 
BROWN CAN-2001-1030 Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. Squid vulnerabilities
 
BROWN CAN-2001-0113 statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script. http potential problems
*
BROWN CAN-2001-0114 statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter. http potential problems
*
RED CAN-2001-0134 Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name. Compaq Insight Manager http server
 
RED CAN-2001-0186 Directory traversal vulnerability in Free Java Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. http server read access
 
RED CAN-2001-0192 Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions. XMail vulnerabilities
 
RED CAN-2001-0199 Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request. http server read access
 
RED CAN-2001-0202 Picserver web server allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTP GET request. http server read access
 
RED CAN-2001-0205 Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "..." into the requested pathname, a modified .. (dot dot) attack. http server read access
 
RED CAN-2001-0206 Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or ... into the requested pathname of an HTTP GET request. http server read access
 
BROWN CAN-2001-0213 Buffer overflow in pi program in PlanetIntra 2.5 allows remote attackers to execute arbitrary commands. http potential problems
*
BROWN CAN-2001-0223 Buffer overflow in wwwwais allows remote attackers to execute arbitrary commands via a long QUERY_STRING (HTTP GET request). http potential problems
*
RED CAN-2001-0226 Directory traversal vulnerability in BiblioWeb web server 2.0 allows remote attackers tor ead arbitrary files via a .. (dot dot) or ... attack in an HTTP GET request. http server read access
 
RED CAN-2001-0228 Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request. http server read access
 
BROWN CAN-2001-0247 Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3. FTP filename globbing
 
BROWN CAN-2001-0248 Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings. FTP filename globbing
 
BROWN CAN-2001-0249 Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. FTP filename globbing
 
RED CAN-2001-0250 The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command. Netscape vulnerabilities
 
RED CAN-2001-0283 Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT. FTP server directory traversal
 
RED CAN-2001-0286 Directory traversal vulnerability in A1 HTTP server 1.0a allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request. http server read access
 
BROWN CAN-2001-0291 Buffer overflow in post-query sample CGI program allows remote attackers to execute arbitrary commands via an HTTP POST request that contains at least 10001 parameters. http potential problems
*
RED CAN-2001-0293 Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows remote attackers to read arbitrary files via a .. (dot dot) in the GET command. FTP server directory traversal
 
RED CAN-2001-0294 Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in a GET command, or (2) a ... in a CWD command. FTP server directory traversal
 
BROWN CAN-2001-0296 Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command. WFTPD vulnerabilities
 
RED CAN-2001-0297 Directory traversal vulnerability in Simple Server HTTPd 1.0 (originally Free Java Server) allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. http server read access
 
RED CAN-2001-0304 Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a "\.." (dot dot) in a URL request. http server read access
 
RED CAN-2001-0306 Directory traversal vulnerability in ITAfrica WEBactive HTTP Server 1.00 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. http server read access
 
RED CAN-2001-0320 bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument. http cgi access
*
BROWN CAN-2001-0329 Bugzilla 2.10 allows remote attackers to execute arbitrary commands via shell metacharacters in a username that is then processed by (1) the Bugzilla_login cookie in post_bug.cgi, or (2) the who parameter in process_bug.cgi. http potential problems
*
RED CAN-2001-0349 Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability. Microsoft Telnet Server
 
RED CAN-2001-0350 Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability. Microsoft Telnet Server
 
BROWN CAN-2001-0380 Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'. Guessable Read Community
*
BROWN CAN-2001-0380 Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 allows a remote attacker SNMP read and write access via a default, undocumented community string 'ILMI'. Guessable Write Community
*
RED CAN-2001-0410 Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long "From" header. http cgi access
*
RED CAN-2001-0420 Directory traversal vulnerability in talkback.cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the article parameter. http cgi access
*
BROWN CAN-2001-0431 Vulnerability in iPlanet Web Server Enterprise Edition 4.x. iPlanet vulnerabilities
 
RED CAN-2001-0432 Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands. http cgi access
*
RED CAN-2001-0443 Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via (1) a long username, or (2) a long password. pop version
 
RED CAN-2001-0454 Directory traversal vulnerability in SlimServe HTTPd 1.1a allows remote attackers to read arbitrary files via a ... (modified dot dot) in the HTTP request. http server read access
 
BROWN CAN-2001-0464 Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter. http potential problems
*
RED CAN-2001-0480 Directory traversal vulnerability in Alex's FTP Server 0.7 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the (1) GET or (2) CD commands. FTP server directory traversal
 
RED CAN-2001-0484 Tektronix PhaserLink 850 does not require authentication for access to configuration pages such as _ncl_subjects.shtml and _ncl_items.shtml, which allows remote attackers to modify configuration information and cause a denial of service by accessing the pages. Tektronix printer
 
RED CAN-2001-0491 Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST. FTP server directory traversal
 
BROWN CAN-2001-0499 Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD. Oracle TNS Listener
 
RED CAN-2001-0535 Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script. http Cold Fusion
*
BROWN CAN-2001-0542 Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CAN-2001-0879. Microsoft SQL Server
 
BROWN CAN-2001-0550 wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob). FTP filename globbing
 
RED CAN-2001-0553 SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field. SSH vulnerabilities
 
RED CAN-2001-0555 ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor's Desktop or (2) the template parameter in SWEditServlet. http cgi access
*
RED CAN-2001-0557 T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a '..' (dot dot) attack which is URL encoded (%2e%2e). http server read access
 
RED CAN-2001-0561 Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi. http cgi access
*
RED CAN-2001-0562 a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters. http cgi access
*
BROWN CAN-2001-0568 Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes. Zope vulnerabilities
 
RED CAN-2001-0571 Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the requested URL. http server read access
 
RED CAN-2001-0582 Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbtrary files via a '..' (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR. FTP server directory traversal
 
RED CAN-2001-0583 Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a denial of service via the URL request of a MS-DOS device (such as GET /aux) to (1) the Worldclient service at port 3000, or (2) the Webconfig service at port 3001. MDaemon vulnerabilities
 
RED CAN-2001-0600 Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated URL requests with the same HTTP headers, such as (1) Accept, (2) Accept-Charset, (3) Accept-Encoding, (4) Accept-Language, and (5) Content-Type. Lotus Domino HTTP vulnerability
 
RED CAN-2001-0601 Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via HTTP requests containing certain combinations of UNICODE characters. Lotus Domino HTTP vulnerability
 
RED CAN-2001-0602 Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices. Lotus Domino HTTP vulnerability
 
RED CAN-2001-0603 Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeatedly sending large (> 10Kb) amounts of data to the DIIOP - CORBA service on TCP port 63148. Lotus Domino HTTP vulnerability
 
RED CAN-2001-0604 Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters. Lotus Domino HTTP vulnerability
 
BROWN CAN-2001-0609 Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. cfingerd vulnerability
 
BROWN CAN-2001-0671 Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges. AIX lpd
*
RED CAN-2001-0674 Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a hexidecimal encoded dot-dot attack (eg. http://www.server.com/%2e%2e/%2e%2e) in an HTTP URL request. http server read access
 
RED CAN-2001-0691 Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations. imap version
 
RED CAN-2001-0694 Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command. FTP server directory traversal
 
BROWN CAN-2001-0695 WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by making repeated requests to cd to the floppy drive (A:\). WFTPD vulnerabilities
 
BROWN CAN-2001-0711 Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. Guessable Read Community
*
BROWN CAN-2001-0746 Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request for a long URI with (1) GETPROPERTIES, (2) GETATTRIBUTENAMES, or other methods. iPlanet vulnerabilities
 
BROWN CAN-2001-0747 Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, service packs 3 through 7, allows remote attackers to cause a denial of sevice and possibly execute arbitrary code via a long method name in an HTTP request. iPlanet vulnerabilities
 
BROWN CAN-2001-0761 Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager 1.2 allows remote attackers to execute arbitrary code via a long value to a certain parameter. http potential problems
*
RED CAN-2001-0767 Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a .. in (1) LS or (2) GET. FTP server directory traversal
 
RED CAN-2001-0780 Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attacker to gain sensitive information via a .. (dot dot) in the SHOW parameter. http cgi access
*
RED CAN-2001-0781 Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST. SpoonFTP vulnerabilities
 
BROWN CAN-2001-0791 Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access. http potential problems
*
BROWN CAN-2001-0797 Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. login vulnerability
 
BROWN CAN-2001-0817 Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request. HPUX rlpdaemon
CHECKMARK
YELLOW CAN-2001-0824 Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. Cross site scripting
 
YELLOW CAN-2001-0829 A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message. Cross site scripting
 
RED CAN-2001-0838 Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers execute arbitrary code via format string specifiers in the -soa command. RWhois vulnerability
 
RED CAN-2001-0840 Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI. Compaq Insight Manager http server
*
RED CAN-2001-0847 Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID. Lotus Domino HTTP vulnerability
 
BROWN CAN-2001-0853 Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat. http potential problems
*
RED CAN-2001-0854 PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user. http cgi access
*
RED CAN-2001-0872 OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges. SSH vulnerabilities
 
BROWN CAN-2001-0886 Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character. FTP filename globbing
 
RED CAN-2001-0899 Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable. http cgi access
*
RED CAN-2001-0913 Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and earlier, when using syslog, allows remote attackers to corrupt memory and possibly execute arbitrary code via a rwhois request that contains format specifiers. RWhois vulnerability
 
BROWN CAN-2001-0918 Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely. http potential problems
*
RED CAN-2001-0924 Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter. http cgi access
*
BROWN CAN-2001-0927 Format string vulnerability in the permitted function of GNOME libgtop_daemon in libgtop 1.0.12 and earlier allows remote attackers to execute arbitrary code via an argument that contains format specifiers that are passed into the (1) syslog_message and (2) syslog_io_message functions. libgtop daemon vulnerability
 
BROWN CAN-2001-0928 Buffer overflow in the permitted function of GNOME libgtop_daemon in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data. libgtop daemon vulnerability
 
RED CAN-2001-0931 Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET. FTP server directory traversal
 
BROWN CAN-2001-0935 Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CAN-2001-0550. FTP filename globbing
 
RED CAN-2001-0937 PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters. http cgi access
*
RED CAN-2001-0938 Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp. http cgi access
*
RED CAN-2001-0939 Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443. Lotus Domino HTTP vulnerability
 
BROWN CAN-2001-0958 Buffer overflows in eManager plugin for Trend Micro InterScan VirusWall for NT 3.51 and 3.51J allow remote attackers to execute arbitrary code via long arguments to the CGI programs (1) register.dll, (2) ContentFilter.dll, (3) SFNofitication.dll, (4) register.dll, (5) TOP10.dll, (6) SpamExcp.dll, and (7) spamrule.dll. http potential problems
*
BROWN CAN-2001-0962 IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. http potential problems
*
RED CAN-2001-0971 Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. http server read access
 
BROWN CAN-2001-0974 Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-0975 Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-0977 slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. LDAP vulnerabilities
 
YELLOW CAN-2001-0991 Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error message. Cross site scripting
 
RED CAN-2001-0992 shopplus.cgi in ShopPlus shopping cart allows remote attackers to execute arbitrary commands via shell metacharacters in the "file" parameter. http cgi access
*
BROWN CAN-2001-1002 The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands. LPRng vulnerability
 
RED CAN-2001-1021 Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD. WS FTP vulnerabilities
 
BROWN CAN-2001-1022 Format string vulnerability in pic utility in groff 1.16.1 and other versions allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command. groff vulnerability
 
BROWN CAN-2001-1024 login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument. http potential problems
*
BROWN CAN-2001-1030 Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. Squid vulnerabilities
 
RED CAN-2001-1031 Directory traversal vulnerability in Meteor FTP 1.0 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the ls/LIST command, or (2) a ... in the cd/CWD command. FTP server directory traversal
 
RED CAN-2001-1032 admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy. http cgi access
*
RED CAN-2001-1045 Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter. http cgi access
*
RED CAN-2001-1046 Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers gain privileges via a long username. pop version
 
RED CAN-2001-1060 phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbirtrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. http cgi access
*
RED CAN-2001-1083 Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash). icecast vulnerability
 
YELLOW CAN-2001-1084 Cross-site scripting vulnerability in Allaire JRun 3.1 and earlier allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message. Cross site scripting
 
RED CAN-2001-1109 Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands. FTP server directory traversal
 
RED CAN-2001-1110 EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns the share, and allows the attacker to sniff the connection. EFTP vulnerabilities
 
RED CAN-2001-1112 Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters. EFTP vulnerabilities
 
RED CAN-2001-1114 book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter. http cgi access
*
RED CAN-2001-1115 generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter. http cgi access
*
RED CAN-2001-1120 Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates http Cold Fusion
*
YELLOW CAN-2001-1121 Cross-site scripting (CSS) vulnerability in JRun 3.0 and 2.3.3 allows remote attackers to execute JavaScript on other clients via a web page URL that references a non-existent JSP file or Servlet, which causes the script to be returned in an error message. Cross site scripting
 
RED CAN-2001-1131 Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command. FTP server directory traversal
 
RED CAN-2001-1138 Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker Power Up HTML 0.8033beta allows remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the FILE parameter. http cgi access
*
BROWN CAN-2001-1151 Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password. http cgi info
*
YELLOW CAN-2001-1161 Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script. Cross site scripting
 
BROWN CAN-2001-1162 Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file. Samba vulnerabilities
 
RED CAN-2001-1209 Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. http cgi access
*
BROWN CAN-2001-1216 Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. Oracle vulnerabilities
 
BROWN CAN-2001-1217 Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences. Oracle vulnerabilities
 
BROWN CAN-2001-1227 Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. Zope vulnerabilities
 
RED CAN-2001-1229 Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. icecast vulnerability
 
RED CAN-2001-1230 Buffer overflows in Icecast before 1.3.10 allow remote attackers to cause a denial of service (crash) and execute arbitrary code. icecast vulnerability
 
RED CAN-2001-1266 Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'. http server read access
 
BROWN CAN-2001-1278 Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. Zope vulnerabilities
 
RED CAN-2001-1281 Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the "Change User Information" web form. IMail vulnerabilities
 
RED CAN-2001-1282 Ipswitch IMail 7.04 and earlier records the physical path of attachments in an e-mail message header, which could allow remote attackers to obtain potentially sensitive configuration information. IMail vulnerabilities
 
RED CAN-2001-1283 The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code. IMail vulnerabilities
 
RED CAN-2001-1284 Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users. IMail vulnerabilities
 
RED CAN-2001-1285 Directory traversal vulnerability in readmail.cgi for Ipswitch IMail 7.04 and earlier allows remote attackers to access the mailboxes of other users via a .. (dot dot) in the mbx parameter. IMail vulnerabilities
 
RED CAN-2001-1286 Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control. IMail vulnerabilities
 
RED CAN-2001-1287 Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. IMail vulnerabilities
 
RED CAN-2001-1294 Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password. Inetserv_vulnerabilities
 
RED CAN-2001-1295 Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command. FTP server directory traversal
 
RED CAN-2001-1300 Directory traversal vulnerability in Dynu FTP server 1.05 and earlier allows remote attackers to read arbitrary files via a .. in the CD (CWD) command. FTP server directory traversal
 
BROWN CAN-2001-1306 iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1307 Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1308 Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1309 Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1310 IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1311 Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1312 Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1313 Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1314 Buffer overflows in Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1315 Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed BER encodings, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1316 Buffer overflows in Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1317 Teamware Office Enterprise Directory allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for certain BER object types, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1318 Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1319 Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1320 Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1321 Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite. LDAP vulnerabilities
 
BROWN CAN-2001-1323 Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function. Kerberos detected
 
RED CAN-2001-1328 Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code. ypbind detected
*
BROWN CAN-2001-1332 Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code. CUPS vulnerabilities
 
BROWN CAN-2001-1333 Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files. CUPS vulnerabilities
 
RED CAN-2001-1342 Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (crash) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer. Apache vulnerabilities
 
YELLOW CAN-2001-1349 Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers. signal handling problems
 
BROWN CAN-2002-0003 Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system. groff vulnerability
*
RED CAN-2002-0007 CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server. Bugzilla vulnerabilities
*
RED CAN-2002-0008 Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user comment via an HTTP request process_bug.cgi using the "who" parameter, instead of the Bugzilla_login cookie, or (2) post a bug as another user by modifying the reporter parameter to enter_bug.cgi, which is passed to post_bug.cgi. Bugzilla vulnerabilities
*
RED CAN-2002-0009 show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu. Bugzilla vulnerabilities
*
RED CAN-2002-0010 Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL code and create files or gain privileges via (1) the sql parameter in buglist.cgi, (2) invalid field names from the "boolean chart" query in buglist.cgi, (3) the mybugslink parameter in userprefs.cgi, (4) a malformed bug ID in the buglist parameter in long_list.cgi, and (5) the value parameter in editusers.cgi, which allows groupset privileges to be modified by attackers with blessgroupset privileges. Bugzilla vulnerabilities
*
RED CAN-2002-0011 Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login. Bugzilla vulnerabilities
*
BROWN CAN-2002-0012 Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. SNMP vulnerabilities
 
BROWN CAN-2002-0013 Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. SNMP vulnerabilities
 
RED CAN-2002-0020 Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options. Microsoft Telnet Server
 
BROWN CAN-2002-0028 Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request. AOL ICQ vulnerability
 
RED CAN-2002-0048 Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server. rsyncd vulnerabilities
 
YELLOW CAN-2002-0049 Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys. registry access
*
BROWN CAN-2002-0053 Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CAN-2002-0012 and CAN-2002-0013, will be updated when more accurate information is available. SNMP vulnerabilities
 
BROWN CAN-2002-0053 Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other candidates. This and other PROTOS-related candidates, especially CAN-2002-0012 and CAN-2002-0013, will be updated when more accurate information is available. Windows updates needed
Note: Domain administrator password is required to detect this vulnerability
 
RED CAN-2002-0054 SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via the server. Microsoft mail server vulnerabilities
 
RED CAN-2002-0055 SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 to cause a denial of service via a command with a malformed data transfer (BDAT) request. Microsoft mail server vulnerabilities
 
BROWN CAN-2002-0056 Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection. Microsoft SQL Server
 
BROWN CAN-2002-0058 Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. Windows updates needed
Note: Domain administrator password is required to detect this vulnerability
 
RED CAN-2002-0061 Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe. Apache vulnerabilities
 
BROWN CAN-2002-0063 Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values. CUPS vulnerabilities
 
BROWN CAN-2002-0067 Squid 2.4 STABLE2 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions. Squid vulnerabilities
 
BROWN CAN-2002-0070 Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled. Windows updates needed
Note: Domain administrator password is required to detect this vulnerability
 
RED CAN-2002-0071 Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. http IIS access
*
RED CAN-2002-0072 The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. http IIS access
 
RED CAN-2002-0073 The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request. http IIS access
 
RED CAN-2002-0074 Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. http IIS access
 
RED CAN-2002-0075 Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. http IIS access
 
RED CAN-2002-0079 Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. http IIS access
 
BROWN CAN-2002-0076 Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. Windows updates needed
Note: Domain administrator password is required to detect this vulnerability
 
RED CAN-2002-0081 Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled. PHP vulnerabilities
 
RED CAN-2002-0082 The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session. Apache module vulnerabilities
 
RED CAN-2002-0083 Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. SSH vulnerabilities
 
RED CAN-2002-0084 Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument. cachefsd vulnerability
*
RED CAN-2002-0098 Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner. http cgi access
*
RED CAN-2002-0106 BEA Systems Weblogic Server 6.1 allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name. WebLogic vulnerabilities
 
RED CAN-2002-0111 Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL. http server read access
 
RED CAN-2002-0124 MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote attackers to exploit directory traversal vulnerability via a ../ (dot dot) containing URL-encoded slashes in the HTTP request. http server read access
 
RED CAN-2002-0133 Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long header fields to the HTTP proxy, or (2) a long string to the telnet proxy. Avirt Gateway vulnerabilities
 
RED CAN-2002-0134 Telnet proxy in Avirt Gateway Suite 4.2 does not require authentication for connecting to the proxy system itself, which allows remote attackers to list file contents of the proxy and execute arbitrary commands via a "dos" command. Avirt Gateway vulnerabilities
 
YELLOW CAN-2002-0139 Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command. FTP bounce
 
RED CAN-2002-0147 Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." http IIS access
 
RED CAN-2002-0148 Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. http IIS access
 
RED CAN-2002-0149 Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. http IIS access
 
RED CAN-2002-0150 Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. http IIS access
 
BROWN CAN-2002-0151 Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. Windows updates needed
Note: Domain administrator password is required to detect this vulnerability
 
BROWN CAN-2002-0154 Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments. Microsoft SQL Server
 
BROWN CAN-2002-0163 Heap overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses. Squid vulnerabilities
 
BROWN CAN-2002-0170 Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. Zope vulnerabilities
 
RED CAN-2002-0177 Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client. icecast vulnerability
 
YELLOW CAN-2002-0222 Etype Eserv 2.97 allows remote attackers to to redirect traffic to other sites (aka FTP bounce) via the PORT command. FTP bounce
 
RED CAN-2002-0233 Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request. http server read access
 
RED CAN-2002-0261 Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ... (modified dot dot) in the GET command. FTP server directory traversal
 
BROWN CAN-2002-0273 Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter. http potential problems
 
RED CAN-2002-0288 Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request. http server read access
 
BROWN CAN-2002-0290 Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument. http potential problems
 
BROWN CAN-2002-0310 Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879. http potential problems
 
RED CAN-2002-0312 Directory traversal vulnerability in Essentia Web Server 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. http server read access
 
RED CAN-2002-0323 comment2.jse in ScriptEase:WebServer allows remote attackers to read arbitrary files by specifying the target file as an argument in the URL. http cgi access
 
RED CAN-2002-0325 Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the URL. http server read access
 
YELLOW CAN-2002-0326 Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows remote attackers to execute arbitrary script and possibly additional commands via a URL that contains Javascript. Cross site scripting
 
RED CAN-2002-0331 Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request. http server read access
 
RED CAN-2002-0332 Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse DNS lookups, (2) a long AUTH string, or (3) certain data in the xtell request. xtell vulnerabilities
 
RED CAN-2002-0333 Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument. xtell vulnerabilities
 
RED CAN-2002-0346 Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi. Cobalt RaQ vulnerabilities
 
RED CAN-2002-0347 Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request. Cobalt RaQ vulnerabilities
 
RED CAN-2002-0348 service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument. Cobalt RaQ vulnerabilities
 
RED CAN-2002-0379 Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute code via long mailbox attribute requests. imap version
 

No CVEs

  SAINT™ Tutorial
SANS Top 20
BROWN Alcatel ADSL modem
 
RED Apache authentication modules
 
BROWN Linux lpd
*
RED Microsoft BackOffice
 
RED MS SQL Server default password
 
RED NFS export to unprivileged programs
 
RED NIS password file access
 
BROWN NetWare Remote Manager
 
BROWN POP server
 
BROWN RADIUS vulnerabilities
 
RED Sambar vulnerabilities
 
BROWN Tivoli Storage Manager
 
BROWN Vulnerability Exploits
 
RED WebTrends vulnerabilities
 
RED Worm detected
 
RED default router password
*
BROWN dhcpd vulnerabilities
 
RED http put
 
BROWN iPlanet Messaging Server
 
BROWN netbios over the internet
*
RED rpc walld vulnerability
*
RED switch access
 
RED unrestricted modem
 

Back to the Documentation TOC