Security Vulnerabilities, CVEs, Published In February 2000

The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters.

Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to execute commands via the STOR, RNTO, MKD, XMKD, RMD, XRMD, APPE, SIZE, and RNFR commands.

Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field.

Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name.

Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.

The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.

Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.

The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The SalesCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The Shoptron shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields.

wwwthreads does not properly cleanse numeric data or table names that are passed to SQL queries, which allows remote attackers to gain privileges for wwwthreads forums.

The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll.

The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The @Retail shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The CartIt shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.

The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.

MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.