CVE-2000-0332

UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte.

Publication date: Wed, 03 May 2000 09:00:00 +0000

Cyber News related to CVE-2000-0332

CVE-2017-0332 - An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged ...
5 years ago

CVE-2000-0332 - UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte. ...
16 years ago

CVE-2000-0744 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0743. Reason: This candidate is a duplicate of CVE-2000-0743. Notes: All CVE users should reference CVE-2000-0743 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

CVE-2008-5416 - Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 ...
6 years ago

CVE-2008-0086 - Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. ...
6 years ago

CVE-2008-0107 - Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 ...
5 years ago

CVE-2008-0085 - SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize ...
5 years ago

CVE-2021-47460 - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") uncovered a latent bug in ocfs2 ...
8 months ago Tenable.com

CVE-2024-49883 - In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), we'll use ...
3 months ago Tenable.com

CVE-2015-0335 - Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a ...
7 years ago

CVE-2015-0339 - Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a ...
7 years ago

CVE-2015-0333 - Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a ...
7 years ago

CVE-2015-0332 - Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a ...
7 years ago

CVE-2022-0332 - A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. ...
3 years ago

CVE-2010-0332 - SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. ...
13 years ago

CVE-2013-0332 - Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter. ...
11 years ago

CVE-2002-0332 - Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to execute arbitrary code via (1) a long DNS hostname that is determined using reverse DNS lookups, (2) a long AUTH string, or (3) certain data in the ...
8 years ago

CVE-2003-0332 - The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats ...
8 years ago

CVE-2011-0332 - Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow. ...
8 years ago

CVE-2004-0332 - Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges. ...
7 years ago

CVE-2005-0332 - Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP ...
7 years ago

CVE-2006-0332 - Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files. ...
7 years ago

CVE-2009-0332 - Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components. ...
7 years ago

CVE-2016-0332 - IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM ...
7 years ago

CVE-2014-0332 - Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id ...
6 years ago

Latest Cyber News

Roundtable: Is DOGE Flouting Cybersecurity for US Data? - 43 minutes ago
How Public & Private Sectors Can Better Align Cyber Defense - 1 hour ago
Chinese APT 'Emperor Dragonfly' Moonlights With Ransomware - 1 hour ago
New Windows UI 0-Day Vulnerability Actively Exploited in the Wild - 2 hours ago
Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News - 3 hours ago
Burp AI - Burp Suite Now Integrate AI Powered Extension for Web Pentesting - 3 hours ago
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster - 4 hours ago
Threat Actors In Russia, China, and Iran Targeting Local Communities In The U.S - New Report - 4 hours ago
Hacker leaks account data of 12 million Zacks Investment users - 5 hours ago
APT43 Hackers Attacking Academic Institutions With Exposed Credentials - 6 hours ago
An Italian journalist speaks about being targeted with Paragon spyware | The Record from Recorded Future News - 6 hours ago
CVE-2025-25901 - 6 hours ago
CVE-2025-24904 - 6 hours ago
CVE-2025-25355 - 6 hours ago
CVE-2024-12011 - 6 hours ago
ANYRUN Safebrowsing Extension - Analyse Any Malicious URL for Free - 7 hours ago
CVE-2025-0426 - 7 hours ago
Munich Cyber Security and Security Conferences 2025 [Live Updates] | The Record from Recorded Future News - 8 hours ago
Chinese espionage tools deployed in RA World ransomware attack - 8 hours ago
CVE-2025-26580 - 8 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Roundtable: Is DOGE Flouting Cybersecurity for US Data? - 43 minutes ago
Chinese APT 'Emperor Dragonfly' Moonlights With Ransomware - 1 hour ago
New Windows UI 0-Day Vulnerability Actively Exploited in the Wild - 2 hours ago
Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News - 3 hours ago
Burp AI - Burp Suite Now Integrate AI Powered Extension for Web Pentesting - 3 hours ago
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster - 4 hours ago
Threat Actors In Russia, China, and Iran Targeting Local Communities In The U.S - New Report - 4 hours ago
Hacker leaks account data of 12 million Zacks Investment users - 5 hours ago
CVE-2025-0995 - 1 day ago
CVE-2025-0996 - 1 day ago
CVE-2025-0997 - 1 day ago
CVE-2025-0998 - 1 day ago
CVE-2025-24528 - 1 day ago
CVE-2024-11343 - 1 day ago
CVE-2024-12629 - 1 day ago
CVE-2024-9870 - 1 day ago
CVE-2025-0332 - 1 day ago
CVE-2025-0516 - 1 day ago
CVE-2025-1208 - 1 day ago
CVE-2025-25349 - 1 day ago