CVE-2000-0960

The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse...

Inktomi Search Software 3.0 - Information Disclosure

source: https://www.securityfocus.com/bid/2062/info A vulnerability exists in version 3.0 of Ultrseek server aka Inktomi Search. Due to a failure to properly validate user-supplied input, URLs submitted by a remote user of the form: http://target:8765/example/ will, if the file 'example' does not...

CVE-2000-0876

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname...

FWTK x-gw Security Advisory [GSA2000-01]

geekgang Security Advisory gsa2000-01 www.geekgang.co.uk © Copyright 2000 geekgang ID: geekgang GSA2000-01 01 v1.0 Topic: FWTK x-gw format bug Status: Release 26th October, 2000 Author: pre Credit: Pekka Savola found the potential problem in the code Abstract The x-gw X Windows gateway component ...

Squid doesn't quote urls in error messages.

Hi, I noticed that Squid 2.3.STABLE4 doesn't quote urls in error messages. For example if a user visits the following url http://www.dotcom.com/ btest/b The user will get an invalid url page with test in bold. Or even more fun with: http://www.somecompany.com/img...

CVE-2000-0746

Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting CSS attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those...

Buffer overflow in cURL

Unchecked buffer during error message generation...

CURL-CVE-2000-0973 FTP Server Response Buffer Overflow

When storing an FTP server's error message on failure, there was no check for input length and thus a malicious FTP server could overflow curl's stack based buffer...

FTP Server Response Buffer Overflow

When storing an FTP server's error message on failure, there was no check for input length and thus a malicious FTP server could overflow curl's stack based buffer...

CVE-2000-0601

CVE-2000-0601 affects LeafChat 1.7 IRC client. A remote IRC server can cause a denial of service by rapidly sending a large amount of error messages. No exploitation details or fixes are provided in the supplied documents.

CVE-2000-0759

The CVE-2000-0759 entry concerns Jakarta Tomcat 3.1 running under Apache, where requesting a nonexistent URL causes an error page that reveals the full physical path of the webroot. Root cause: information disclosure via error handling that leaks filesystem paths, enabling an attacker to map the ...

CVE-2000-0759

Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path...

Apache Tomcat 3.1 - Path Revealing

Apache Tomcat 3.1 - Path Revealing source: https://www.securityfocus.com/bid/1531/info A vulnerability exists in the JSP portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent JSP file, too much information is presented by the server as part o...

Apache Tomcat 3.1 - Path Revealing

source: https://www.securityfocus.com/bid/1531/info A vulnerability exists in the JSP portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent JSP file, too much information is presented by the server as part of the error message. This informati...

Tomcat 3.0/3.1 Snoop Servlet - Information Disclosure

source: https://www.securityfocus.com/bid/1532/info A vulnerability exists in the snoop servlet portion of the Tomcat package, version 3.1, from the Apache Software Foundation. Upon hitting an nonexistent file with the .snp extension, too much information is presented by the server as part of the...

HP JetDirect J3111A - Invalid FTP Command Denial of Service

HP JetDirect J3111A - Invalid FTP Command Denial of Service source: https://www.securityfocus.com/bid/1491/info HP JetDirect firmware is vulnerable to a Denial of Service attack. JetDirect devices have an FTP service which fails to properly handle bad FTP commands sent with the ftp "quote" comman...

VIGILANTE-2000004.txt

HP Jetdirect - Invalid FTP Command DoS Advisory Code: VIGILANTE-2000004 Release Date: July 19, 2000 Systems Affected: HP Jetdirect printers using firmware versions: - G.08.04 - H.08.05 - G.08.20 - H.08.20 Older firmware versions, prior to G.08.20 and H.08.20, are probably also vulnerable. THE...

CVE-2000-0413

The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path...

Gossamer Threads DBMan 2.0.4 - DBMan Information Leakage

Gossamer Threads DBMan 2.0.4 - DBMan Information Leakage source: https://www.securityfocus.com/bid/1178/info Requesting an invalid database file from a web server implementing Gossamer Threads DBMan scripts will return a CGI error message containing environmental variables to a remote user withou...

Gossamer Threads DBMan 2.0.4 - DBMan Information Leakage

source: https://www.securityfocus.com/bid/1178/info Requesting an invalid database file from a web server implementing Gossamer Threads DBMan scripts will return a CGI error message containing environmental variables to a remote user without any authorization. The parameters displayed include the...