CyberSecurityBoard
Sponsor Register Login

CVE-2000-1234

violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters.

Publication date: Sun, 31 Dec 2000 11:00:00 +0000


Cyber News related to CVE-2000-1234

CVE-2012-45971 - 1) McAfee Email and Web Security and Email Gateway contains a flaw related to the /admin/cgi-bin/localadmin script. The issue is due to the script calling the SCMAdmin::AuthManagement::localLogin() function when $ENV{WS_SOURCE_IP} is 127.0.0.1. ...
54 years ago Tenable.com
CVE-2000-1234 - violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters. ...
16 years ago
CVE-2000-0744 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0743. Reason: This candidate is a duplicate of CVE-2000-0743. Notes: All CVE users should reference CVE-2000-0743 instead of this candidate. All references and descriptions in ...
54 years ago Tenable.com
CVE-2008-5416 - Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 ...
6 years ago
CVE-2008-0086 - Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. ...
6 years ago
CVE-2008-0107 - Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 ...
5 years ago
CVE-2008-0085 - SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize ...
5 years ago
CVE-2021-47460 - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") uncovered a latent bug in ocfs2 ...
5 months ago Tenable.com
CVE-2024-49883 - In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), we'll use ...
2 weeks ago Tenable.com
CVE-2002-1234 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-0180. Reason: This candidate is a an out-of-band assignment duplicate of CVE-2002-0180. Notes: All CVE users should reference CVE-2002-0180 instead of this candidate. All ...
54 years ago Tenable.com
CVE-2012-1234 - SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. ...
12 years ago
CVE-2006-3940 - Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already ...
6 years ago
CVE-2022-22172 - A Missing Release of Memory after Effective Lifetime vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a memory leak. Continued ...
2 years ago
CVE-2021-40330 - git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. ...
1 year ago
CVE-2015-1234 - Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact by manipulating OpenGL ES ...
3 years ago
CVE-2016-1234 - Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. ...
3 years ago
CVE-2001-1234 - Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable. ...
16 years ago
CVE-2013-1234 - The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472. ...
11 years ago
CVE-2014-1234 - The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process. ...
11 months ago
CVE-2015-3969 - Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235. ...
9 years ago
CVE-2015-6016 - ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows remote attackers to obtain administrative access via ...
7 years ago
CVE-2015-7283 - The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. ...
7 years ago
CVE-2017-1234 - IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ...
7 years ago
CVE-2010-1234 - Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to truncate the URL shown in the HTTP Basic Authentication dialog via unknown vectors. ...
7 years ago
CVE-2009-1234 - Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected. ...
7 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)