SARA Home

SARA Search

Data Management

Target selection

Data Analysis

Configuration Mgt

Documents/CVE

Troubleshooting

SARA Tests by CVE (version 20030402)

CVE No.	Description	SARA Test
CVE-1999-0002	Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.	rpc(mountd) check
CVE-1999-0003	Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd)	rpc(tooltalk) check
CVE-1999-0005	Arbitrary command execution via IMAP buffer overflow in authenticate command.	imap version check
CVE-1999-0006	Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.	pop version check
CVE-1999-0008	Buffer overflow in NIS+, in Sun's rpc.nisd program	rpc(nisd) check
CVE-1999-0009	Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.	dns version check
CVE-1999-0010	Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.	dns version check
CVE-1999-0011	Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.	dns version check
CVE-1999-0013	Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.	ssh version check
CVE-1999-0017	FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.	ftp bounce test
CVE-1999-0018	Buffer overflow in statd allows root privileges.	rpc(statd) check
CVE-1999-0019	Delete or create a file via rpc.statd, due to invalid information.	rpc(statd) check
CVE-1999-0021	Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program.	cgi(Count.cgi) check
CVE-1999-0024	DNS cache poisoning via BIND, by predictable query IDs.	dns version check
CVE-1999-0039	Arbitrary command execution using webdist CGI program in IRIX.	cgi(webdist) test
CVE-1999-0042	Buffer overflow in University of Washington's implementation of IMAP and POP servers.	imap and pop3 version check
CVE-1999-0043	Command execution via shell metachars in INN daemon (innd) 1.5 using newgroup and rmgroup control messages, and others.	inn version check
CVE-1999-0045	List of arbitrary files on Web host via nph-test-cgi script	cgi(nph-test-cgi) check
CVE-1999-0046	Buffer overflow of rlogin program using TERM environmental variable.	rlogin check
CVE-1999-0047	MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.	sendmail check
CVE-1999-0058	Buffer overflow in PHP cgi program, php.cgi allows shell access.	cgi(php.cgi) test
CVE-1999-0059	IRIX fam service allows an attacker to obtain a list of all files on the server.	rpc(sgi_fam) check
CVE-1999-0067	CGI phf program allows remote command execution through shell metacharacters.	cgi(phf) test
CVE-1999-0068	CGI PHP mylog script allows an attacker to read any file on the target server.	cgi(php) test
CVE-1999-0070	test-cgi program allows an attacker to list files on the server	cgi(test-cgi) check
CVE-1999-0071	Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.	Apache version check
CVE-1999-0080	wu-ftp FTP server allows root access via site exec command.	wu-ftp version check
CVE-1999-0081	wu-ftp allows files to be overwritten via the rnfr command.	wu-ftp version check
CVE-1999-0082	CWD ~root command in ftpd allows root access.	ftp version check
CVE-1999-0083	getcwd() file descriptor leak in FTP	ftp version check
CVE-1999-0095	The debug command in Sendmail is enabled, allowing attackers to execute commands as root.	sendmail check
CVE-1999-0096	Sendmail decode alias can be used to overwrite sensitive files	sendmail check
CVE-1999-0100	Remote access in AIX innd 1.5.1, using control messages.	inn version check
CVE-1999-0103	Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.	chargen check
CVE-1999-0129	Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.	sendmail check
CVE-1999-0130	Local users can start Sendmail in daemon mode and gain root privileges.	sendmail check
CVE-1999-0131	Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.	sendmail check
CVE-1999-0146	The campas CGI program provided with some NCSA web servers allows an attacker to read arbitrary files.	cgi(campas) check
CVE-1999-0147	The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands	cgi(aglimpse) check
CVE-1999-0148	The handler CGI program in IRIX allows arbitrary command execution.	cgi(handler) test
CVE-1999-0149	The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack.	cgi(wrap) test
CVE-1999-0150	The Perl fingerd program allows arbitrary command execution from remote users.	finger check
CVE-1999-0152	The DG/UX finger daemon allows remote command execution through shell metacharacters.	finger check
CVE-1999-0161	In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.	tacacs check
CVE-1999-0166	NFS allows users to use a cd .. command to access other directories besides the exported file system.	Service check
CVE-1999-0168	The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.	portmapper test
CVE-1999-0170	Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.	portmapper test
CVE-1999-0174	The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.	cgi(view-source) test
CVE-1999-0176	The Webgais program allows a remote user to execute arbitrary commands.	cgi(webgais) check
CVE-1999-0177	The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs.	cgi(uploader) check
CVE-1999-0178	The win-c-sample program in the WebSite web server has a buffer overflow that allows remote execution of commands.	cgi(win-c) check
CVE-1999-0180	in.rshd allows users to login with a NULL username and execute commands.	rsh check
CVE-1999-0183	Linux implementations of TFTP would allow access to files outside the restricted directory.	tftp check
CVE-1999-0185	In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.	ftp bounce test
CVE-1999-0191	IIS newdsn.exe CGI script allows remote users to overwrite files.	newdsn.exe check
CVE-1999-0196	The websendmail program in the Webgais program allows a remote user to access arbitrary files.	cgi(websendmail) check
CVE-1999-0203	In Sendmail, attackers can gain root privileges via SMTP by specifying an improper mail from address and an invalid rcpt to address that would cause the mail to bounce to a program.	sendmail version check
CVE-1999-0204	Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.	sendmail version check
CVE-1999-0206	MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.	sendmail version check
CVE-1999-0211	Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.	nfs check
CVE-1999-0219	Buffer overflow in Serv-U FTP server when user performs a cwd to a directory with a long name.	dtspcd check
CVE-1999-0233	IIS allows users to execute arbitrary commands using .bat or .cmd files.	cgi(args) check
CVE-1999-0236	ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.	cgi(ScriptAlias) test
CVE-1999-0237	Remote execution of arbitrary commands through Guestbook CGI program.	Guestbook test
CVE-1999-0239	Netscape FastTrack Web server lists files when a lowercase get command is used instead of an uppercase GET.	FastTrack server test
CVE-1999-0247	Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.	inn version check
CVE-1999-0248	A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.	ssh version check
CVE-1999-0260	The jj CGI program allows command execution via shell metacharacters.	cgi(jj) check
CVE-1999-0262	faxsurvey CGI script on Linux allows remote command execution via shell metacharacters.	cgi(faxsurvey) test
CVE-1999-0264	htmlscript CGI program allows remote read access to files.	cgi(htmlscript) test
CVE-1999-0266	The info2www CGI script allows remote file access or remote command execution.	cgi(info2www) check
CVE-1999-0270	pfdispaly CGI program for SGI's Performer API Search Tool allows read access to files.	cgi(pfdispaly) test
CVE-1999-0289	The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.	Apache version test
CVE-1999-0294	All records in a WINS database can be deleted through SNMP for a denial of service.	SNMP Check
CVE-1999-0310	SSH 1.2.25 on HP-UX allows access to new user accounts.	ssh version check
CVE-1999-0320	SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.	rpc(cmsd) check
CVE-1999-0365	The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry.	sendmail version check
CVE-1999-0366	In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.	open SMB shares
CVE-1999-0368	Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.	wu-ftp version check
CVE-1999-0439	Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file.	sendmail version check
CVE-1999-0472	The SNMP default community name public is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it.	snmp test
CVE-1999-0493	rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.	rpc(statd) check
CVE-1999-0514	UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target.	chargen check
CVE-1999-0526	An X server's access control is disabled (e.g. through an xhost + command) and allows anyone to connect to the server.	X-server test
CVE-1999-0566	An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.	syslog check
CVE-1999-0612	A version of finger is running that exposes valid user information to any entity on the network.	finger test
CVE-1999-0626	A version of rusers is running that exposes valid user information to any entity on the network.	rusers check
CVE-1999-0627	The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.	rex check
CVE-1999-0685	Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.	Netscape version check
CVE-1999-0695	The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack.	dot..dot server attack
CVE-1999-0696	Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd)	rpc(cmsd) test
CVE-1999-0704	Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.	amd check
CVE-1999-0705	Buffer overflow in INN inews program.	inn version check
CVE-1999-0722	The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.	Cobalt server test
CVE-1999-0744	Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.	Netscape version check
CVE-1999-0751	Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.	Netscape version check
CVE-1999-0752	Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.	Netscape version check
CVE-1999-0771	The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack.	CIM version check
CVE-1999-0772	Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301.	CIM version check
CVE-1999-0815	Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.	snmpd test
CVE-1999-0819	NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.	sendmail check
CVE-1999-0833	Buffer overflow in BIND 8.2 via NXT records.	dns version check
CVE-1999-0834	Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.	ssh version check
CVE-1999-0835	Denial of service in BIND named via malformed SIG records.	dns version check
CVE-1999-0837	Denial of service in BIND by improperly closing TCP sessions via so_linger.	dns version check
CVE-1999-0842	Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-1999-0848	Denial of service in BIND named via consuming more than fdmax file descriptors.	dns version check
CVE-1999-0849	Denial of service in BIND named via maxdname.	dns version check
CVE-1999-0853	Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.	Netscape version check
CVE-1999-0868	ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.	inn version check
CVE-1999-0878	Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.	wu-ftp version check
CVE-1999-0879	Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.	wu-ftp version check
CVE-1999-0880	Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.	wu-ftp version check
CVE-1999-0881	Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-1999-0887	FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack.	dot..dot server attack
CVE-1999-0897	iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-1999-0915	URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-1999-0922	An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.	ColdFusion test
CVE-1999-0927	NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-1999-0933	TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-1999-0950	Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.	wu-ftp version check
CVE-1999-0955	Race condition in wu-ftpd and BSDI ftpd allows remote attackers gain root access via the SITE EXEC command.	wu-ftp version check
CVE-1999-0967	Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.	Registry Check
CVE-1999-0977	Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.	rpc(sadmind) checks
CVE-1999-0978	htdig allows remote attackers to execute commands via filenames with shell metacharacters.	cgi(htdig) test
CVE-1999-1005	Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.	dot..dot server attack
CVE-1999-1010	An SSH 1.2.27 server allows a client to use the none cipher, even if it is not allowed by the server policy.	ssh version check
CVE-1999-1011	The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.	IIS RDS Check
CVE-1999-1085	SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the SSH insertion attack.	ssh version check
CVE-2000-0012	Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.	Nimda worm check
CVE-2000-0036	Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the HTML Mail Attachment vulnerability.	Registry Check
CVE-2000-0039	AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program.	dot..dot server attack
CVE-2000-0045	MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.	Null session test
CVE-2000-0144	Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.	dot..dot server attack
CVE-2000-0148	MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.	Multiple mysql vulnerabilities
CVE-2000-0159	HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.	password check
CVE-2000-0189	ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.	cgi(coldfusion) check
CVE-2000-0191	Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.	dot..dot server attack
CVE-2000-0202	Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.	MSSQL overflow test
CVE-2000-0207	SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.	cgi(infosrch) check
CVE-2000-0208	The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch.	cgi(htsearch) check
CVE-2000-0222	The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.	Account with no password
CVE-2000-0233	SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.	IMAP version check
CVE-2000-0245	Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.	Objectserver check
CVE-2000-0260	Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the Link View Server-Side Component vulnerability.	cgi(interdev) test
CVE-2000-0261	The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-2000-0267	Cisco Catalyst 5.4.x allows a user to gain access to the enable mode without a password.	Cisco_catalyst_check
CVE-2000-0282	TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program.	webplus dot..dot server attack
CVE-2000-0303	Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack.	dot..dot server attack
CVE-2000-0377	The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the Remote Registry Access Authentication vulnerability.	Resgistry Access
CVE-2000-0389	Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.	kerberos check
CVE-2000-0390	Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.	kerberos check
CVE-2000-0431	Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.	Cobalt server test
CVE-2000-0436	MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-2000-0443	The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-2000-0472	Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.	inn version check
CVE-2000-0505	The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.	Apache version check
CVE-2000-0567	Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the Malformed E-mail Header vulnerability.	Registry Check
CVE-2000-0573	The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.	wu-ftp version check
CVE-2000-0638	Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-2000-0660	The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-2000-0662	Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED).	Registry Check
CVE-2000-0666	rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.	rpc(statd) check
CVE-2000-0682	BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.	BEA Webserver check
CVE-2000-0683	BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.	BEA Webserver check
CVE-2000-0684	BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.	BEA Webserver check
CVE-2000-0685	BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.	BEA Webserver check
CVE-2000-0705	ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-2000-0733	Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.	IRIX telnetd version
CVE-2000-0753	The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.	Registry Check
CVE-2000-0782	netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.	netauth directory traversal
CVE-2000-0788	The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.	Registry Check
CVE-2000-0810	Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.	dot..dot server attack
CVE-2000-0811	Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.	dot..dot server attack
CVE-2000-0818	The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.	vulnerability test
CVE-2000-0860	The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.	PHP check
CVE-2000-0868	The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.	Apache check
CVE-2000-0869	The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.	Apache check
CVE-2000-0883	The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.	Apache check
CVE-2000-0884	IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the Web Server Folder Traversal vulnerability.	IIS check
CVE-2000-0886	IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the Web Server File Request Parsing vulnerability.	executable file parsing check
CVE-2000-0900	Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a %2e%2e string, a variation of the .. (dot dot) attack.	dot..dot server attack
CVE-2000-0913	mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.	Apache check
CVE-2000-0917	Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.	LPGng check
CVE-2000-0919	Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-2000-0920	Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a %2E instead of a .	dot..dot server attack
CVE-2000-0921	Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.	dot..dot server attack
CVE-2000-0922	Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter.	dot..dot server attack
CVE-2000-0924	Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catigory parameter.	dot..dot server attack
CVE-2000-0967	PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.	PHP check
CVE-2000-0975	Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack.	dot..dot server attack
CVE-2000-0979	File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the Share Level Password vulnerability.	Open share test
CVE-2000-1005	Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.	dot..dot server attack
CVE-2000-1036	Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter.	dot..dot server attack
CVE-2000-1051	Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.	dot..dot server attack
CVE-2000-1068	pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter.	pollit.cgi check
CVE-2000-1069	pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.	pollit.cgi check
CVE-2000-1070	pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information.	pollit.cgi check
CVE-2000-1077	Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension.	iPlanet check
CVE-2000-1200	Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.	Null session test
CVE-2001-0008	Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.	Possbile Interbase backdoor
CVE-2001-0010	Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.	Buffer overflow in DNS
CVE-2001-0011	Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.	Buffer overflow in DNS
CVE-2001-0012	BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.	Buffer overflow in DNS
CVE-2001-0013	Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.	Buffer overflow in DNS
CVE-2001-0021	MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template paramater.	Web Mailman test
CVE-2001-0144	CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.	Version check
CVE-2001-0149	Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.	Registry Check
CVE-2001-0236	Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long indication event.	Service check
CVE-2001-0333	Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and \ characters twice.	IIS traversal check
CVE-2001-0340	An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.	Registry Check
CVE-2001-0341	Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.	overflow test
CVE-2001-0368	Directory traversal vulnerability in BearShare 2.2.2 and earlier allows a remote attacker to read certain files via a URL containing a series of . characters, a variation of the .. (dot dot) attack.	Port check
CVE-2001-0500	Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.	IIS overflow test
CVE-2001-0538	Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.	Registry Check
CVE-2001-0660	Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).	Registry Check
CVE-2001-0666	Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.	Registry Check
CVE-2001-0717	Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function.	tooltalk check
CVE-2001-0726	Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.	Registry Check
CVE-2001-0779	Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.	Service check
CVE-2001-0803	Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands	dtspcd check
CVE-2001-0816	OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.	ssh version check
CVE-2001-1088	Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the Automatically put people I reply to in my address book option enabled, do not notify the user when the Reply-To address is different than the From address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.	Registry Check
CVE-2001-1380	OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the from option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.	Version check
CVE-2002-0003	Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.	service check
CVE-2002-0027	Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the Frame Domain Verification vulnerability described in MS:MS01-058/CAN-2001-0874.	Registry test
CVE-2002-0033	Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.	service check
CVE-2002-0071	Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.	URL test
CVE-2002-0075	Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (302 Object Moved) message.	URL test
CVE-2002-0079	Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.	URL test
CVE-2002-0081	Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.	URL test
CVE-2002-0082	The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.	version check
CVE-2002-0139	Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command.	ftp bounce test
CVE-2002-0148	Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.	URL Check
CVE-2002-0152	Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.	Registry Check
CVE-2002-0364	Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise.	URL Check
CVE-2002-0392	Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.	Web Server Version Check
CVE-2002-0394	Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attackers to conduct a brute force guessing attack due to the smaller space of possible passwords.	Web Server Version Check
CVE-2002-0538	FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's FTP PORT responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the FTP bounce vulnerability.	ftp bounce test
CVE-2002-0573	Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.	walld check
CVE-2002-0575	Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.	ssh version check
CVE-2002-0639	Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.	ssh version check
CVE-2002-0679	Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.	tooltalk check
CVE-2002-0685	Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message.	Registry Check
CVE-2002-0845	Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding.	version test
CVE-2002-1056	Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.	Registry Check

CVE References

     CVE No.   

              References