The CVE Cross Reference is divided into three sections. The first section
lists the SAINT tutorials that correspond to accepted CVEs. The second
section lists the SAINT tutorials that correspond to candidate CVEs. The
third section lists the SAINT tutorials that do not correspond to any
accepted or candidate CVEs.
All three sections have a column indicating whether the tutorial is related
to one of the vulnerabilities on the
SANS Ten Most Critical Internet
Security Threats. If the CVE or candidate CVE was specifically
mentioned in the Top 10 list, it is marked with a check mark
(
). If the CVE or candidate CVE
is related to those discussed in the Top 10, it is marked with an asterisk
(*).
|
CVE # |
CVE Description |
SAINT Tutorial |
SANS Top 10 |
 |
CVE-1999-0002 |
Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. |
mountd vulnerabilities |
 |
 |
CVE-1999-0003 |
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd) |
tooltalk version |
 |
 |
CVE-1999-0005 |
Arbitrary command execution via IMAP buffer overflow in authenticate command. |
imap version |
 |
 |
CVE-1999-0006 |
Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. |
pop version |
 |
 |
CVE-1999-0008 |
Buffer overflow in NIS+, in Sun's rpc.nisd program |
nisd vulnerability |
* |
 |
CVE-1999-0009 |
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. |
DNS vulnerabilities |
 |
 |
CVE-1999-0010 |
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. |
DNS vulnerabilities |
* |
 |
CVE-1999-0011 |
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. |
DNS vulnerabilities |
* |
 |
CVE-1999-0013 |
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. |
SSH vulnerabilities |
|
 |
CVE-1999-0017 |
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
FTP bounce |
|
 |
CVE-1999-0018 |
Buffer overflow in statd allows root privileges. |
rpc statd access |
 |
 |
CVE-1999-0019 |
Delete or create a file via rpc.statd, due to invalid information. |
rpc statd access |
 |
 |
CVE-1999-0021 |
Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. |
http cgi access |
 |
 |
CVE-1999-0024 |
DNS cache poisoning via BIND, by predictable query IDs. |
DNS vulnerabilities |
* |
 |
CVE-1999-0035 |
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. |
FTP vulnerabilities |
|
 |
CVE-1999-0039 |
Arbitrary command execution using webdist CGI program in IRIX. |
http cgi access |
 |
 |
CVE-1999-0042 |
Buffer overflow in University of Washington's implementation of IMAP and POP servers. |
imap version |
 |
 |
CVE-1999-0042 |
Buffer overflow in University of Washington's implementation of IMAP and POP servers. |
pop version |
 |
 |
CVE-1999-0043 |
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. |
innd vulnerabilities |
|
 |
CVE-1999-0045 |
List of arbitrary files on Web host via nph-test-cgi script |
http cgi info |
* |
 |
CVE-1999-0047 |
MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. |
Sendmail vulnerabilities |
 |
 |
CVE-1999-0058 |
Buffer overflow in PHP cgi program, php.cgi allows shell access. |
http cgi access |
 |
 |
CVE-1999-0059 |
IRIX fam service allows an attacker to obtain a list of all files on the server. |
SGI fam vulnerability |
|
 |
CVE-1999-0067 |
CGI phf program allows remote command execution through shell metacharacters. |
http cgi access |
 |
 |
CVE-1999-0070 |
test-cgi program allows an attacker to list files on the server |
http cgi info |
* |
 |
CVE-1999-0080 |
wu-ftp FTP server allows root access via "site exec" command. |
FTP vulnerabilities |
|
 |
CVE-1999-0095 |
The debug command in Sendmail is enabled, allowing attackers to execute commands as root. |
Sendmail vulnerabilities |
* |
 |
CVE-1999-0096 |
Sendmail decode alias can be used to overwrite sensitive files |
sendmail decode |
* |
 |
CVE-1999-0100 |
Remote access in AIX innd 1.5.1, using control messages. |
innd vulnerabilities |
|
 |
CVE-1999-0103 |
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. |
packet flooding problems |
|
 |
CVE-1999-0129 |
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. |
Sendmail vulnerabilities |
* |
 |
CVE-1999-0130 |
Local users can start Sendmail in daemon mode and gain root privileges. |
Sendmail vulnerabilities |
 |
 |
CVE-1999-0131 |
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. |
Sendmail vulnerabilities |
 |
 |
CVE-1999-0146 |
The campas CGI program provided with some NCSA web servers allows an attacker to read arbitrary files. |
http cgi access |
* |
 |
CVE-1999-0147 |
The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands |
http cgi access |
 |
 |
CVE-1999-0148 |
The handler CGI program in IRIX allows arbitrary command execution. |
http cgi access |
 |
 |
CVE-1999-0149 |
The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. |
http cgi info |
 |
 |
CVE-1999-0151 |
The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. |
SAINT password disclosure |
|
 |
CVE-1999-0168 |
The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. |
NFS export via portmapper |
|
 |
CVE-1999-0174 |
The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
http cgi access |
 |
 |
CVE-1999-0176 |
The Webgais program allows a remote user to execute arbitrary commands. |
http cgi access |
* |
 |
CVE-1999-0177 |
The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. |
http cgi access |
 |
 |
CVE-1999-0178 |
The win-c-sample program in the WebSite web server has a buffer overflow that allows remote execution of commands. |
http cgi access |
 |
 |
CVE-1999-0196 |
The websendmail program in the Webgais program allows a remote user to access arbitrary files. |
http cgi access |
* |
 |
CVE-1999-0203 |
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. |
Sendmail vulnerabilities |
 |
 |
CVE-1999-0204 |
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. |
Sendmail vulnerabilities |
 |
 |
CVE-1999-0206 |
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. |
Sendmail vulnerabilities |
 |
 |
CVE-1999-0210 |
Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. |
rpc statd access |
* |
 |
CVE-1999-0237 |
Remote execution of arbitrary commands through Guestbook CGI program. |
http potential problems |
 |
 |
CVE-1999-0260 |
The jj CGI program allows command execution via shell metacharacters. |
http cgi access |
* |
 |
CVE-1999-0262 |
faxsurvey CGI script on Linux allows remote command execution via shell metacharacters. |
http cgi access |
 |
 |
CVE-1999-0264 |
htmlscript CGI program allows remote read access to files. |
http cgi access |
* |
 |
CVE-1999-0266 |
The info2www CGI script allows remote file access or remote command execution. |
http cgi access |
* |
 |
CVE-1999-0270 |
pfdispaly CGI program for SGI's Performer API Search Tool allows read access to files. |
http cgi access |
 |
 |
CVE-1999-0279 |
Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. |
http potential problems |
 |
 |
CVE-1999-0320 |
SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. |
calendar manager |
* |
 |
CVE-1999-0368 |
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. |
FTP vulnerabilities |
|
 |
CVE-1999-0493 |
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. |
rpc statd access |
* |
 |
CVE-1999-0513 |
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. |
packet flooding problems |
|
 |
CVE-1999-0514 |
UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. |
packet flooding problems |
|
 |
CVE-1999-0526 |
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. |
unrestricted X server access |
|
 |
CVE-1999-0612 |
A version of finger is running that exposes valid user information to any entity on the network. |
excessive finger info |
|
 |
CVE-1999-0626 |
A version of rusers is running that exposes valid user information to any entity on the network. |
rusersd vulnerability |
|
 |
CVE-1999-0627 |
The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. |
REXD access |
|
 |
CVE-1999-0696 |
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd) |
calendar manager |
 |
 |
CVE-1999-0704 |
Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. |
amd buffer overflow |
|
 |
CVE-1999-0705 |
Buffer overflow in INN inews program. |
innd vulnerabilities |
|
 |
CVE-1999-0744 |
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. |
Netscape vulnerabilities |
* |
 |
CVE-1999-0751 |
Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. |
Netscape vulnerabilities |
* |
 |
CVE-1999-0752 |
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. |
Netscape vulnerabilities |
* |
 |
CVE-1999-0771 |
The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack. |
Compaq Insight Manager http server |
 |
 |
CVE-1999-0772 |
Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301. |
Compaq Insight Manager http server |
* |
 |
CVE-1999-0789 |
Buffer overflow in AIX ftpd in the libc library. |
FTP vulnerabilities |
|
 |
CVE-1999-0832 |
Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname. |
mountd vulnerabilities |
* |
 |
CVE-1999-0833 |
Buffer overflow in BIND 8.2 via NXT records. |
DNS vulnerabilities |
 |
 |
CVE-1999-0834 |
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library. |
SSH vulnerabilities |
|
 |
CVE-1999-0835 |
Denial of service in BIND named via malformed SIG records. |
DNS vulnerabilities |
 |
 |
CVE-1999-0837 |
Denial of service in BIND by improperly closing TCP sessions via so_linger. |
DNS vulnerabilities |
* |
 |
CVE-1999-0848 |
Denial of service in BIND named via consuming more than "fdmax" file descriptors. |
DNS vulnerabilities |
 |
 |
CVE-1999-0849 |
Denial of service in BIND named via maxdname. |
DNS vulnerabilities |
 |
 |
CVE-1999-0851 |
Denial of service in BIND named via naptr. |
DNS vulnerabilities |
 |
 |
CVE-1999-0853 |
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure. |
Netscape vulnerabilities |
* |
 |
CVE-1999-0868 |
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. |
innd vulnerabilities |
|
 |
CVE-1999-0874 |
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. |
http IIS access |
* |
 |
CVE-1999-0878 |
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR. |
FTP vulnerabilities |
|
 |
CVE-1999-0879 |
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file. |
FTP vulnerabilities |
|
 |
CVE-1999-0880 |
Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly. |
FTP vulnerabilities |
|
 |
CVE-1999-0951 |
Buffer overflow in OmniHTTPd CGI program imagemap.cgi allows remote attackers to execute commands. |
http cgi access |
 |
 |
CVE-1999-0953 |
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. |
http cgi info |
* |
 |
CVE-1999-0955 |
Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain root access via the SITE EXEC command. |
FTP vulnerabilities |
|
 |
CVE-1999-0977 |
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request. |
sadmind |
 |
 |
CVE-1999-1011 |
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. |
ODBC RDS |
 |
 |
CVE-2000-0012 |
Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. |
http potential problems |
 |
 |
CVE-2000-0026 |
Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. |
UnixWare i2odialogd |
|
 |
CVE-2000-0039 |
AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. |
http cgi access |
 |
 |
CVE-2000-0161 |
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. |
http cgi access |
* |
 |
CVE-2000-0207 |
SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. |
http cgi access |
 |
 |
CVE-2000-0208 |
The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. |
http cgi access |
 |
 |
CVE-2000-0236 |
Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. |
Netscape vulnerabilities |
|
 |
CVE-2000-0245 |
Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts. |
objectserver vulnerability |
|
 |
CVE-2000-0260 |
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. |
Visual Interdev vulnerability |
* |
 |
CVE-2000-0389 |
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. |
Kerberos detected |
|
 |
CVE-2000-0390 |
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. |
Kerberos detected |
|
 |
CVE-2000-0391 |
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. |
Kerberos detected |
|
 |
CVE-2000-0397 |
The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account. |
http potential problems |
* |
 |
CVE-2000-0424 |
The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters. |
http cgi access |
* |
 |
CVE-2000-0432 |
The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters. |
http cgi access |
* |
 |
CVE-2000-0437 |
Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands. |
Gauntlet WebShield cyberdaemon |
|
 |
CVE-2000-0442 |
Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command. |
pop version |
* |
|
CVE # |
CVE Description |
SAINT Tutorial |
SANS Top 10 |
 |
CAN-1999-0186 |
In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. |
Guessable Read Community |
 |
 |
CAN-1999-0333 |
HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack. |
HP Openview vulnerabilities |
|
 |
CAN-1999-0455 |
The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. |
http Cold Fusion |
 |
 |
CAN-1999-0477 |
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. |
http Cold Fusion |
* |
 |
CAN-1999-0501 |
A Unix account has a guessable password. |
guessed account password |
 |
 |
CAN-1999-0502 |
A Unix account has a default, null, blank, or missing password. |
guessed account password |
 |
 |
CAN-1999-0509 |
Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. |
http cgi access |
 |
 |
CAN-1999-0509 |
Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. |
http cgi shells |
 |
 |
CAN-1999-0512 |
Mail relay is enabled, allowing abuse by spammers. |
SMTP mail relay |
|
 |
CAN-1999-0515 |
An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. |
remote shell access |
|
 |
CAN-1999-0516 |
An SNMP community name is guessable. |
Guessable Read Community |
 |
 |
CAN-1999-0517 |
An SNMP community name is the default (e.g. public), null, or missing. |
Guessable Read Community |
 |
 |
CAN-1999-0527 |
The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten. |
writable FTP home directory |
|
 |
CAN-1999-0531 |
An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO. |
sendmail info |
* |
 |
CAN-1999-0554 |
NFS exports system-critical data to the world, e.g. / or a password file. |
unrestricted NFS export |
 |
 |
CAN-1999-0616 |
The TFTP service is running. |
TFTP file access |
|
 |
CAN-1999-0618 |
The rexec service is running. |
rexec on the Internet |
|
 |
CAN-1999-0624 |
The rstat/rstatd service is running. |
rstatd vulnerability |
|
 |
CAN-1999-0651 |
The rsh/rlogin service is running. |
remote login on the Internet |
|
 |
CAN-1999-0651 |
The rsh/rlogin service is running. |
remote shell on the Internet |
|
 |
CAN-1999-0660 |
A hacker utility or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc. |
backdoor found |
|
 |
CAN-1999-0660 |
A hacker utility or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc. |
rootkits |
|
 |
CAN-1999-0736 |
The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
http IIS samples |
 |
 |
CAN-1999-0738 |
The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
http IIS samples |
* |
 |
CAN-1999-0739 |
The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. |
http IIS samples |
* |
 |
CAN-2000-0114 |
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. |
http FrontPage |
* |
 |
CAN-2000-0138 |
A system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K), (4) stacheldraht, (5) mstream, or (6) shaft. |
distributed denial of service |
|
 |
CAN-2000-0147 |
snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration. |
Guessable Write Community |
* |
 |
CAN-2000-0158 |
Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon. |
MMDF vulnerability |
|
 |
CAN-2000-0179 |
HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555. |
HP Openview vulnerabilities |
|
 |
CAN-2000-0248 |
The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor passowrd that allows remote attackers to execute arbitrary commands. |
http potential problems |
* |
 |
CAN-2000-0283 |
The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. |
Performance Copilot |
|
 |
CAN-2000-0322 |
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters. |
http potential problems |
* |
 |
CAN-2000-0429 |
A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands. |
http potential problems |
* |
 |
CAN-2000-0443 |
The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
JetAdmin vulnerabilities |
* |
 |
CAN-2000-0444 |
HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000. |
JetAdmin vulnerabilities |
* |
 |
CAN-2000-0472 |
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID. |
innd vulnerabilities |
|
 |
CAN-2000-0520 |
Buffer overflow in restore program 0.4b17 and earlier in dump package allows local users to execute arbitrary commands via a long tape name. |
open SMB shares |
* |
 |
CAN-2000-0556 |
Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002. |
http Cmail access |
|
 |
CAN-2000-0557 |
Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request. |
http Cmail access |
|
 |
CAN-2000-0558 |
Buffer overflow in HP Openview Network Node Manager 6.1 allows remote attackers to execute arbitrary commands via the Alarm service (OVALARMSRV) on port 2345. |
HP Openview vulnerabilities |
|
 |
CAN-2000-0573 |
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. |
FTP vulnerabilities |
|
 |
CAN-2000-0574 |
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands. |
FTP vulnerabilities |
|
 |
CAN-2000-0590 |
Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter. |
http cgi access |
* |
 |
CAN-2000-0622 |
Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter. |
http Website Pro |
|
 |
CAN-2000-0623 |
Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header. |
http Website Pro |
|
 |
CAN-2000-0628 |
The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files. |
http potential problems |
* |
 |
CAN-2000-0638 |
Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
http cgi access |
* |
 |
CAN-2000-0639 |
The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server. |
http cgi access |
* |
 |
CAN-2000-0666 |
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. |
rpc statd access |
* |