SAINT Documentation
WWDSI
SAINT Home
--------

CVE Cross Reference

The CVE Cross Reference is divided into three sections. The first section lists the SAINT tutorials that correspond to accepted CVEs. The second section lists the SAINT tutorials that correspond to candidate CVEs. The third section lists the SAINT tutorials that do not correspond to any accepted or candidate CVEs.

All three sections have a column indicating whether the tutorial is related to one of the vulnerabilities on the SANS Ten Most Critical Internet Security Threats. If the CVE or candidate CVE was specifically mentioned in the Top 10 list, it is marked with a check mark (). If the CVE or candidate CVE is related to those discussed in the Top 10, it is marked with an asterisk (*).

Current CVEs

(Based on CVE version 20000712 and SANS Top 10 version 1.25.)
  CVE # CVE Description SAINT™ Tutorial
SANS Top 10
BROWN CVE-1999-0002 Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems. mountd vulnerabilities
CHECKMARK
RED CVE-1999-0003 Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd) tooltalk version
CHECKMARK
RED CVE-1999-0005 Arbitrary command execution via IMAP buffer overflow in authenticate command. imap version
CHECKMARK
BROWN CVE-1999-0006 Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command. pop version
CHECKMARK
BROWN CVE-1999-0008 Buffer overflow in NIS+, in Sun's rpc.nisd program nisd vulnerability
*
RED CVE-1999-0009 Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. DNS vulnerabilities
CHECKMARK
RED CVE-1999-0010 Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. DNS vulnerabilities
*
RED CVE-1999-0011 Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. DNS vulnerabilities
*
RED CVE-1999-0013 Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. SSH vulnerabilities
 
YELLOW CVE-1999-0017 FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. FTP bounce
 
BROWN CVE-1999-0018 Buffer overflow in statd allows root privileges. rpc statd access
CHECKMARK
BROWN CVE-1999-0019 Delete or create a file via rpc.statd, due to invalid information. rpc statd access
CHECKMARK
RED CVE-1999-0021 Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program. http cgi access
CHECKMARK
RED CVE-1999-0024 DNS cache poisoning via BIND, by predictable query IDs. DNS vulnerabilities
*
RED CVE-1999-0035 Race condition in signal handling routine in ftpd, allowing read/write arbitrary files. FTP vulnerabilities
 
RED CVE-1999-0039 Arbitrary command execution using webdist CGI program in IRIX. http cgi access
CHECKMARK
RED CVE-1999-0042 Buffer overflow in University of Washington's implementation of IMAP and POP servers. imap version
CHECKMARK
BROWN CVE-1999-0042 Buffer overflow in University of Washington's implementation of IMAP and POP servers. pop version
CHECKMARK
RED CVE-1999-0043 Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. innd vulnerabilities
 
BROWN CVE-1999-0045 List of arbitrary files on Web host via nph-test-cgi script http cgi info
*
RED CVE-1999-0047 MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. Sendmail vulnerabilities
CHECKMARK
RED CVE-1999-0058 Buffer overflow in PHP cgi program, php.cgi allows shell access. http cgi access
CHECKMARK
YELLOW CVE-1999-0059 IRIX fam service allows an attacker to obtain a list of all files on the server. SGI fam vulnerability
 
RED CVE-1999-0067 CGI phf program allows remote command execution through shell metacharacters. http cgi access
CHECKMARK
BROWN CVE-1999-0070 test-cgi program allows an attacker to list files on the server http cgi info
*
RED CVE-1999-0080 wu-ftp FTP server allows root access via "site exec" command. FTP vulnerabilities
 
RED CVE-1999-0095 The debug command in Sendmail is enabled, allowing attackers to execute commands as root. Sendmail vulnerabilities
*
RED CVE-1999-0096 Sendmail decode alias can be used to overwrite sensitive files sendmail decode
*
RED CVE-1999-0100 Remote access in AIX innd 1.5.1, using control messages. innd vulnerabilities
 
RED CVE-1999-0103 Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm. packet flooding problems
 
RED CVE-1999-0129 Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file. Sendmail vulnerabilities
*
RED CVE-1999-0130 Local users can start Sendmail in daemon mode and gain root privileges. Sendmail vulnerabilities
CHECKMARK
RED CVE-1999-0131 Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. Sendmail vulnerabilities
CHECKMARK
RED CVE-1999-0146 The campas CGI program provided with some NCSA web servers allows an attacker to read arbitrary files. http cgi access
*
RED CVE-1999-0147 The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands http cgi access
CHECKMARK
RED CVE-1999-0148 The handler CGI program in IRIX allows arbitrary command execution. http cgi access
CHECKMARK
BROWN CVE-1999-0149 The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack. http cgi info
CHECKMARK
BROWN CVE-1999-0151 The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access. SAINT password disclosure
 
RED CVE-1999-0168 The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. NFS export via portmapper
 
RED CVE-1999-0174 The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack. http cgi access
CHECKMARK
RED CVE-1999-0176 The Webgais program allows a remote user to execute arbitrary commands. http cgi access
*
RED CVE-1999-0177 The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs. http cgi access
CHECKMARK
RED CVE-1999-0178 The win-c-sample program in the WebSite web server has a buffer overflow that allows remote execution of commands. http cgi access
CHECKMARK
RED CVE-1999-0196 The websendmail program in the Webgais program allows a remote user to access arbitrary files. http cgi access
*
RED CVE-1999-0203 In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. Sendmail vulnerabilities
CHECKMARK
RED CVE-1999-0204 Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. Sendmail vulnerabilities
CHECKMARK
RED CVE-1999-0206 MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. Sendmail vulnerabilities
CHECKMARK
BROWN CVE-1999-0210 Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. rpc statd access
*
BROWN CVE-1999-0237 Remote execution of arbitrary commands through Guestbook CGI program. http potential problems
CHECKMARK
RED CVE-1999-0260 The jj CGI program allows command execution via shell metacharacters. http cgi access
*
RED CVE-1999-0262 faxsurvey CGI script on Linux allows remote command execution via shell metacharacters. http cgi access
CHECKMARK
RED CVE-1999-0264 htmlscript CGI program allows remote read access to files. http cgi access
*
RED CVE-1999-0266 The info2www CGI script allows remote file access or remote command execution. http cgi access
*
RED CVE-1999-0270 pfdispaly CGI program for SGI's Performer API Search Tool allows read access to files. http cgi access
CHECKMARK
BROWN CVE-1999-0279 Excite for Web Servers (EWS) allows remote command execution via shell metacharacters. http potential problems
CHECKMARK
RED CVE-1999-0320 SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. calendar manager
*
RED CVE-1999-0368 Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. FTP vulnerabilities
 
BROWN CVE-1999-0493 rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. rpc statd access
*
RED CVE-1999-0513 ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. packet flooding problems
 
RED CVE-1999-0514 UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. packet flooding problems
 
YELLOW CVE-1999-0526 An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. unrestricted X server access
 
YELLOW CVE-1999-0612 A version of finger is running that exposes valid user information to any entity on the network. excessive finger info
 
YELLOW CVE-1999-0626 A version of rusers is running that exposes valid user information to any entity on the network. rusersd vulnerability
 
RED CVE-1999-0627 The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. REXD access
 
RED CVE-1999-0696 Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd) calendar manager
CHECKMARK
BROWN CVE-1999-0704 Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others. amd buffer overflow
 
RED CVE-1999-0705 Buffer overflow in INN inews program. innd vulnerabilities
 
RED CVE-1999-0744 Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. Netscape vulnerabilities
*
RED CVE-1999-0751 Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. Netscape vulnerabilities
*
RED CVE-1999-0752 Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. Netscape vulnerabilities
*
RED CVE-1999-0771 The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack. Compaq Insight Manager http server
CHECKMARK
RED CVE-1999-0772 Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301. Compaq Insight Manager http server
*
RED CVE-1999-0789 Buffer overflow in AIX ftpd in the libc library. FTP vulnerabilities
 
BROWN CVE-1999-0832 Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname. mountd vulnerabilities
*
RED CVE-1999-0833 Buffer overflow in BIND 8.2 via NXT records. DNS vulnerabilities
CHECKMARK
RED CVE-1999-0834 Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library. SSH vulnerabilities
 
RED CVE-1999-0835 Denial of service in BIND named via malformed SIG records. DNS vulnerabilities
CHECKMARK
RED CVE-1999-0837 Denial of service in BIND by improperly closing TCP sessions via so_linger. DNS vulnerabilities
*
RED CVE-1999-0848 Denial of service in BIND named via consuming more than "fdmax" file descriptors. DNS vulnerabilities
CHECKMARK
RED CVE-1999-0849 Denial of service in BIND named via maxdname. DNS vulnerabilities
CHECKMARK
RED CVE-1999-0851 Denial of service in BIND named via naptr. DNS vulnerabilities
CHECKMARK
RED CVE-1999-0853 Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure. Netscape vulnerabilities
*
RED CVE-1999-0868 ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN. innd vulnerabilities
 
YELLOW CVE-1999-0874 Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. http IIS access
*
RED CVE-1999-0878 Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR. FTP vulnerabilities
 
RED CVE-1999-0879 Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file. FTP vulnerabilities
 
RED CVE-1999-0880 Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly. FTP vulnerabilities
 
RED CVE-1999-0951 Buffer overflow in OmniHTTPd CGI program imagemap.cgi allows remote attackers to execute commands. http cgi access
CHECKMARK
BROWN CVE-1999-0953 WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. http cgi info
*
RED CVE-1999-0955 Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain root access via the SITE EXEC command. FTP vulnerabilities
 
RED CVE-1999-0977 Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request. sadmind
CHECKMARK
RED CVE-1999-1011 The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. ODBC RDS
CHECKMARK
BROWN CVE-2000-0012 Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. http potential problems
CHECKMARK
RED CVE-2000-0026 Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. UnixWare i2odialogd
 
RED CVE-2000-0039 AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. http cgi access
CHECKMARK
RED CVE-2000-0161 Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. http cgi access
*
RED CVE-2000-0207 SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. http cgi access
CHECKMARK
RED CVE-2000-0208 The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. http cgi access
CHECKMARK
RED CVE-2000-0236 Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. Netscape vulnerabilities
 
BROWN CVE-2000-0245 Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts. objectserver vulnerability
 
BROWN CVE-2000-0260 Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. Visual Interdev vulnerability
*
BROWN CVE-2000-0389 Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. Kerberos detected
 
BROWN CVE-2000-0390 Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. Kerberos detected
 
BROWN CVE-2000-0391 Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. Kerberos detected
 
BROWN CVE-2000-0397 The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account. http potential problems
*
RED CVE-2000-0424 The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters. http cgi access
*
RED CVE-2000-0432 The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters. http cgi access
*
BROWN CVE-2000-0437 Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands. Gauntlet WebShield cyberdaemon
 
BROWN CVE-2000-0442 Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command. pop version
*

Candidate CVEs

  CVE # CVE Description SAINT™ Tutorial
SANS Top 10
BROWN CAN-1999-0186 In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. Guessable Read Community
CHECKMARK
BROWN CAN-1999-0333 HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack. HP Openview vulnerabilities
 
RED CAN-1999-0455 The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly. http Cold Fusion
CHECKMARK
RED CAN-1999-0477 The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly. http Cold Fusion
*
RED CAN-1999-0501 A Unix account has a guessable password. guessed account password
CHECKMARK
RED CAN-1999-0502 A Unix account has a default, null, blank, or missing password. guessed account password
CHECKMARK
RED CAN-1999-0509 Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. http cgi access
CHECKMARK
RED CAN-1999-0509 Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. http cgi shells
CHECKMARK
BROWN CAN-1999-0512 Mail relay is enabled, allowing abuse by spammers. SMTP mail relay
 
RED CAN-1999-0515 An unrestricted remote trust relationship for Unix systems has been set up, e.g. by using a + sign in /etc/hosts.equiv. remote shell access
 
BROWN CAN-1999-0516 An SNMP community name is guessable. Guessable Read Community
CHECKMARK
BROWN CAN-1999-0517 An SNMP community name is the default (e.g. public), null, or missing. Guessable Read Community
CHECKMARK
RED CAN-1999-0527 The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten. writable FTP home directory
 
BROWN CAN-1999-0531 An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO. sendmail info
*
RED CAN-1999-0554 NFS exports system-critical data to the world, e.g. / or a password file. unrestricted NFS export
CHECKMARK
RED CAN-1999-0616 The TFTP service is running. TFTP file access
 
BROWN CAN-1999-0618 The rexec service is running. rexec on the Internet
 
BROWN CAN-1999-0624 The rstat/rstatd service is running. rstatd vulnerability
 
BROWN CAN-1999-0651 The rsh/rlogin service is running. remote login on the Internet
 
BROWN CAN-1999-0651 The rsh/rlogin service is running. remote shell on the Internet
 
RED CAN-1999-0660 A hacker utility or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc. backdoor found
 
RED CAN-1999-0660 A hacker utility or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc. rootkits
 
RED CAN-1999-0736 The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. http IIS samples
CHECKMARK
RED CAN-1999-0738 The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. http IIS samples
*
RED CAN-1999-0739 The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. http IIS samples
*
RED CAN-2000-0114 Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. http FrontPage
*
RED CAN-2000-0138 A system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K), (4) stacheldraht, (5) mstream, or (6) shaft. distributed denial of service
 
BROWN CAN-2000-0147 snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration. Guessable Write Community
*
BROWN CAN-2000-0158 Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon. MMDF vulnerability
 
BROWN CAN-2000-0179 HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555. HP Openview vulnerabilities
 
BROWN CAN-2000-0248 The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor passowrd that allows remote attackers to execute arbitrary commands. http potential problems
*
BROWN CAN-2000-0283 The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. Performance Copilot
 
BROWN CAN-2000-0322 The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters. http potential problems
*
BROWN CAN-2000-0429 A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands. http potential problems
*
RED CAN-2000-0443 The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. JetAdmin vulnerabilities
*
RED CAN-2000-0444 HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000. JetAdmin vulnerabilities
*
RED CAN-2000-0472 Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID. innd vulnerabilities
 
RED CAN-2000-0520 Buffer overflow in restore program 0.4b17 and earlier in dump package allows local users to execute arbitrary commands via a long tape name. open SMB shares
*
RED CAN-2000-0556 Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002. http Cmail access
 
RED CAN-2000-0557 Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request. http Cmail access
 
BROWN CAN-2000-0558 Buffer overflow in HP Openview Network Node Manager 6.1 allows remote attackers to execute arbitrary commands via the Alarm service (OVALARMSRV) on port 2345. HP Openview vulnerabilities
 
RED CAN-2000-0573 The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. FTP vulnerabilities
 
RED CAN-2000-0574 FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands. FTP vulnerabilities
 
RED CAN-2000-0590 Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter. http cgi access
*
RED CAN-2000-0622 Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter. http Website Pro
 
RED CAN-2000-0623 Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header. http Website Pro
 
BROWN CAN-2000-0628 The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files. http potential problems
*
RED CAN-2000-0638 Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. http cgi access
*
RED CAN-2000-0639 The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server. http cgi access
*
BROWN CAN-2000-0666 rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. rpc statd access
*

No CVEs

  SAINT™ Tutorial
SANS Top 10
BROWN AnswerBook vulnerabilities
 
BROWN gopher vulnerabilities
 
RED hacker program found
 
BROWN IRIX telnetd
 
BROWN Linux lpd
 
BROWN netbios over the internet
*
RED ntop server vulnerability
 
RED NFS export to unprivileged programs
*
RED NIS password file access
 
BROWN POP server
 
RED unrestricted modem
 
BROWN WebLogic vulnerabilities
 
BROWN Windows detected
 

Back to the Documentation TOC