CVE List

Id CVE No. Status Description Phase Votes Comments Actions
2671  CVE-2000-1104  Candidate  Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.  Proposed (20001219)  ACCEPT(3) Baker, Cole, Wall | MODIFY(1) Frech  Frech> XF:iis-cross-site-scripting(5156)  View
2672  CVE-2000-1105  Candidate  The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.  Proposed (20001219)  ACCEPT(2) Baker, Cole | MODIFY(1) Frech | REVIEWING(2) Christey, Wall  Frech> XF:win2k-index-service-ixsso(5502) | Christey> ADDREF MS:MS00-098 | ADDREF XF:win2k-index-service-activex | URL:http://xforce.iss.net/static/5800.php | Add "aka the "Indexing Service File Enumeration" vulnerability" | to the description. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> DUPE CVE-2001-0245? Need to check w/Microsoft.  View
2677  CVE-2000-1110  Candidate  document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.  Proposed (20001219)  ACCEPT(1) Baker | MODIFY(1) Frech | NOOP(2) Cole, Wall  Frech> XF:ibm-netdata-reveal-path(5599)  View
2681  CVE-2000-1114  Candidate  Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".  Proposed (20001219)  ACCEPT(1) Baker | MODIFY(1) Frech | NOOP(2) Cole, Wall  Frech> XF:ewave-jsp-source-read(5562)  View
2683  CVE-2000-1116  Candidate  Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long command.  Proposed (20001219)  MODIFY(1) Frech | NOOP(2) Cole, Wall  Frech> XF:broker-user-dos(3482)  View

Page 20615 of 20943, showing 5 records out of 104715 total, starting on record 103071, ending on 103075

Actions