CVE-2000-0676

Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.

Publication date: Fri, 20 Oct 2000 09:00:00 +0000

Cyber News related to CVE-2000-0676

CVE-2000-0676 - Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as ...
16 years ago

CVE-2000-0744 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0743. Reason: This candidate is a duplicate of CVE-2000-0743. Notes: All CVE users should reference CVE-2000-0743 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

CVE-2008-5416 - Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 ...
6 years ago

CVE-2008-0086 - Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. ...
6 years ago

CVE-2008-0107 - Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 ...
5 years ago

CVE-2008-0085 - SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize ...
5 years ago

CVE-2021-47460 - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") uncovered a latent bug in ocfs2 ...
8 months ago Tenable.com

CVE-2024-49883 - In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), we'll use ...
3 months ago Tenable.com

CVE-2020-0756 - An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a ...
3 years ago

CVE-2020-0748 - An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a ...
3 years ago

CVE-2020-0755 - An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a ...
3 years ago

CVE-2020-0675 - An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a ...
3 years ago

CVE-2020-0676 - An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a ...
3 years ago

CVE-2020-0677 - An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a ...
3 years ago

CVE-2021-0676 - In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ...
1 year ago

CVE-2002-0676 - SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, ...
16 years ago

CVE-2005-0676 - index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability. ...
16 years ago

CVE-2010-0676 - Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter. ...
14 years ago

CVE-2013-0676 - Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via ...
11 years ago

CVE-2003-0676 - Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences. ...
8 years ago

CVE-2016-0676 - Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel. ...
8 years ago

CVE-2004-0676 - Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter. ...
7 years ago

CVE-2014-0676 - Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367. ...
7 years ago

CVE-2008-0676 - Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter. ...
7 years ago

CVE-2001-0676 - Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment. ...
7 years ago

Latest Cyber News

Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 12 minutes ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 20 minutes ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 3 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 3 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 3 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 4 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 5 hours ago
Feds Sanction Russian Hosting Provider Over LockBit Attacks - 6 hours ago
Sarcoma ransomware claims breach at giant PCB maker Unimicron - 6 hours ago
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News - 7 hours ago
DPRK hackers dupe targets into typing PowerShell commands as admin - 7 hours ago
Ivanti fixes three critical flaws in Connect Secure & Policy Secure - 8 hours ago
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - 9 hours ago
BadPilot network hacking campaign fuels Russian SandWorm attacks - 9 hours ago
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - 9 hours ago
CVE-2025-1207 - 10 hours ago
CVE-2025-0556 - 10 hours ago
CVE-2025-1206 - 11 hours ago
CVE-2025-1212 - 11 hours ago
CVE-2025-1244 - 11 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 12 minutes ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 20 minutes ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 3 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 3 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 3 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 4 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 5 hours ago
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News - 7 hours ago
BadPilot network hacking campaign fuels Russian SandWorm attacks - 9 hours ago
Ivanti fixes three critical flaws in Connect Secure & Policy Secure - 8 hours ago
DPRK hackers dupe targets into typing PowerShell commands as admin - 7 hours ago
Sarcoma ransomware claims breach at giant PCB maker Unimicron - 6 hours ago
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - 9 hours ago
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - 9 hours ago
Feds Sanction Russian Hosting Provider Over LockBit Attacks - 6 hours ago
CVE-2023-40721 - 1 day ago
CVE-2024-12755 - 1 day ago
CVE-2024-12756 - 1 day ago
CVE-2024-27780 - 1 day ago
CVE-2024-27781 - 1 day ago