-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy path2000.tsv
We can make this file beautiful and searchable if this error is corrected: Illegal quoting in line 9.
1236 lines (1236 loc) · 240 KB
/
2000.tsv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
CVE-2000-0001 2000-07-12 n/a RealMedia server allows remote attackers to cause a denial of service via a long ramgen request.
CVE-2000-0002 2000-10-13 n/a Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.
CVE-2000-0003 2000-03-22 n/a Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.
CVE-2000-0004 2000-06-02 n/a ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.
CVE-2000-0005 2000-02-04 n/a HP-UX aserver program allows local users to gain privileges via a symlink attack.
CVE-2000-0006 2002-03-09 n/a strace allows local users to read arbitrary files via memory mapped file names.
CVE-2000-0007 2002-03-09 n/a Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service.
CVE-2000-0008 2000-02-04 n/a FTPPro allows local users to read sensitive information, which is stored in plain text.
CVE-2000-0009 2000-10-13 n/a The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.
CVE-2000-0010 2000-04-25 n/a WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.
CVE-2000-0011 2000-07-12 n/a Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request.
CVE-2000-0012 2000-04-25 n/a Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.
CVE-2000-0013 2000-07-12 n/a IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.
CVE-2000-0014 2000-04-25 n/a Denial of service in Savant web server via a null character in the requested URL.
CVE-2000-0015 2000-07-12 n/a CascadeView TFTP server allows local users to gain privileges via a symlink attack.
CVE-2000-0016 2000-02-04 n/a Buffer overflow in Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service or execute commands via a long username.
CVE-2000-0017 2000-02-04 n/a Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.
CVE-2000-0018 2000-07-12 n/a wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file.
CVE-2000-0019 2000-02-04 n/a IMail POP3 daemon uses weak encryption, which allows local users to read files.
CVE-2000-0020 2000-04-25 n/a DNS PRO allows remote attackers to conduct a denial of service via a large number of connections.
CVE-2000-0021 2000-02-04 n/a Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin.
CVE-2000-0022 2000-03-22 n/a Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory.
CVE-2000-0023 2000-03-22 n/a Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL.
CVE-2000-0024 2000-04-25 n/a IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
CVE-2000-0025 2000-03-22 n/a IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
CVE-2000-0026 2000-03-22 n/a Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.
CVE-2000-0027 2002-03-09 n/a IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.
CVE-2000-0028 2000-02-04 n/a Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
CVE-2000-0029 2000-03-22 n/a UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack.
CVE-2000-0030 2000-07-12 n/a Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.
CVE-2000-0031 2000-03-22 n/a The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.
CVE-2000-0032 2000-07-12 n/a Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.
CVE-2000-0033 2000-04-25 n/a InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments.
CVE-2000-0034 2000-07-12 n/a Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."
CVE-2000-0035 2000-02-04 n/a resend command in Majordomo allows local users to gain privileges via shell metacharacters.
CVE-2000-0036 2000-03-22 n/a Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
CVE-2000-0037 2000-03-22 n/a Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.
CVE-2000-0038 2000-02-04 n/a glFtpD includes a default glftpd user account with a default password and a UID of 0.
CVE-2000-0039 2000-03-22 n/a AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program.
CVE-2000-0040 2000-03-22 n/a glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.
CVE-2000-0041 2000-03-22 n/a Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.
CVE-2000-0042 2000-04-25 n/a Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.
CVE-2000-0043 2000-04-25 n/a Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.
CVE-2000-0044 2000-04-18 n/a Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands.
CVE-2000-0045 2000-07-12 n/a MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.
CVE-2000-0046 2000-02-04 n/a Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message.
CVE-2000-0047 2000-02-04 n/a Buffer overflow in Yahoo Pager/Messenger client allows remote attackers to cause a denial of service via a long URL within a message.
CVE-2000-0048 2001-01-22 n/a get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.
CVE-2000-0049 2000-02-04 n/a Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.
CVE-2000-0050 2000-04-25 n/a The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs.
CVE-2000-0051 2000-04-25 n/a The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL.
CVE-2000-0052 2000-04-18 n/a Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
CVE-2000-0053 2000-04-18 n/a Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.
CVE-2000-0054 2000-02-04 n/a search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack.
CVE-2000-0055 2000-02-04 n/a Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.
CVE-2000-0056 2000-10-13 n/a IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.
CVE-2000-0057 2000-04-18 n/a Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information.
CVE-2000-0058 2000-02-04 n/a Network HotSync program in Handspring Visor does not have authentication, which allows remote attackers to retrieve email and files.
CVE-2000-0059 2000-02-04 n/a PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
CVE-2000-0060 2002-06-25 n/a Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.
CVE-2000-0061 2000-02-04 n/a Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.
CVE-2000-0062 2000-04-18 n/a The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.
CVE-2000-0063 2000-10-13 n/a cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script.
CVE-2000-0064 2000-10-13 n/a cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters.
CVE-2000-0065 2000-10-13 n/a Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request.
CVE-2000-0066 2000-02-04 n/a WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request.
CVE-2000-0067 2000-02-04 n/a CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack.
CVE-2000-0068 2000-02-04 n/a daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail.
CVE-2000-0069 2000-02-04 n/a The recover program in Solstice Backup allows local users to restore sensitive files.
CVE-2000-0070 2000-04-25 n/a NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."
CVE-2000-0071 2000-02-04 n/a IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
CVE-2000-0072 2002-06-25 n/a Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges.
CVE-2000-0073 2000-04-18 n/a Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.
CVE-2000-0074 2000-02-04 n/a PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions.
CVE-2000-0075 2000-10-13 n/a Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session.
CVE-2000-0076 2000-10-13 n/a nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
CVE-2000-0077 2000-02-04 n/a The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.
CVE-2000-0078 2000-02-04 n/a The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command.
CVE-2000-0079 2000-02-04 n/a The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.
CVE-2000-0080 2001-01-22 n/a AIX techlibss allows local users to overwrite files via a symlink attack.
CVE-2000-0081 2000-02-04 n/a Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.
CVE-2000-0082 2000-02-04 n/a WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML.
CVE-2000-0083 2000-04-18 n/a HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.
CVE-2000-0084 2000-02-04 n/a CuteFTP uses weak encryption to store password information in its tree.dat file.
CVE-2000-0085 2000-02-04 n/a Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag.
CVE-2000-0086 2000-02-04 n/a Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing.
CVE-2000-0087 2002-06-25 n/a Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.
CVE-2000-0088 2000-03-22 n/a Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.
CVE-2000-0089 2000-03-22 n/a The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.
CVE-2000-0090 2000-10-13 n/a VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.
CVE-2000-0091 2000-04-18 n/a Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.
CVE-2000-0092 2000-07-12 n/a The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
CVE-2000-0093 2000-02-08 n/a An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5.
CVE-2000-0094 2000-10-13 n/a procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr.
CVE-2000-0095 2000-04-18 n/a The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier.
CVE-2000-0096 2000-02-08 n/a Buffer overflow in qpopper 3.0 beta versions allows local users to gain privileges via a long LIST command.
CVE-2000-0097 2000-03-22 n/a The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.
CVE-2000-0098 2000-03-22 n/a Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.
CVE-2000-0099 2000-04-18 n/a Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument.
CVE-2000-0100 2000-04-18 n/a The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.
CVE-2000-0101 2000-02-08 n/a The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2000-0102 2000-02-08 n/a The SalesCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2000-0103 2000-02-08 n/a The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2000-0104 2000-02-08 n/a The Shoptron shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2000-0105 2000-02-08 n/a Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers to view a user's email messages via a script that accesses a variable that references subsequent email messages that are read by the client.
CVE-2000-0106 2000-02-08 n/a The EasyCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2000-0107 2000-04-18 n/a Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.
CVE-2000-0108 2000-02-08 n/a The Intellivend shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2000-0109 2000-02-08 n/a The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.
CVE-2000-0110 2000-02-08 n/a The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2000-0111 2001-01-22 n/a The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions.
CVE-2000-0112 2000-04-25 n/a The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.
CVE-2000-0113 2000-06-02 n/a The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics.
CVE-2000-0114 2000-02-08 n/a Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
CVE-2000-0115 2000-02-08 n/a IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page.
CVE-2000-0116 2000-10-13 n/a Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag.
CVE-2000-0117 2000-10-13 n/a The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).
CVE-2000-0118 2000-02-08 n/a The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
CVE-2000-0119 2000-02-08 n/a The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.
CVE-2000-0120 2001-05-07 n/a The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter.
CVE-2000-0121 2000-03-22 n/a The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.
CVE-2000-0122 2000-02-08 n/a Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program.
CVE-2000-0123 2000-02-08 n/a The shopping cart application provided with Filemaker allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2000-0124 2000-02-08 n/a surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions.
CVE-2000-0125 2000-02-08 n/a wwwthreads does not properly cleanse numeric data or table names that are passed to SQL queries, which allows remote attackers to gain privileges for wwwthreads forums.
CVE-2000-0126 2000-02-08 n/a Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.
CVE-2000-0127 2000-10-13 n/a The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll.
CVE-2000-0128 2000-10-13 n/a The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters.
CVE-2000-0129 2000-02-08 n/a Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file.
CVE-2000-0130 2000-10-13 n/a Buffer overflow in SCO scohelp program allows remote attackers to execute commands.
CVE-2000-0131 2000-04-18 n/a Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.
CVE-2000-0132 2000-02-08 n/a Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.
CVE-2000-0133 2000-02-08 n/a Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to execute commands via the STOR, RNTO, MKD, XMKD, RMD, XRMD, APPE, SIZE, and RNFR commands.
CVE-2000-0134 2000-02-08 n/a The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2000-0135 2000-02-08 n/a The @Retail shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2000-0136 2000-02-08 n/a The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2000-0137 2000-02-08 n/a The CartIt shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.
CVE-2000-0138 2000-02-15 n/a A system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K), (4) stacheldraht, (5) mstream, or (6) shaft.
CVE-2000-0139 2000-03-22 n/a Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.
CVE-2000-0140 2000-04-18 n/a Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections.
CVE-2000-0141 2000-10-13 n/a Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field.
CVE-2000-0142 2000-02-16 n/a The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417.
CVE-2000-0143 2000-02-16 n/a The SSH protocol server sshd allows local users without shell access to redirect a TCP connection through a service that uses the standard system password database for authentication, such as POP or FTP.
CVE-2000-0144 2000-04-18 n/a Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.
CVE-2000-0145 2000-03-22 n/a The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.
CVE-2000-0146 2000-10-13 n/a The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.
CVE-2000-0147 2000-02-16 n/a snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration.
CVE-2000-0148 2000-03-22 n/a MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.
CVE-2000-0149 2000-03-22 n/a Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL.
CVE-2000-0150 2000-03-22 n/a Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt.
CVE-2000-0151 2000-02-16 n/a GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands.
CVE-2000-0152 2000-03-22 n/a Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000.
CVE-2000-0153 2000-02-23 n/a FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack.
CVE-2000-0154 2000-02-23 n/a The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.
CVE-2000-0155 2000-02-23 n/a Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive.
CVE-2000-0156 2000-03-22 n/a Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.
CVE-2000-0157 2000-07-12 n/a NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process.
CVE-2000-0158 2000-02-23 n/a Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon.
CVE-2000-0159 2000-04-18 n/a HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.
CVE-2000-0160 2000-02-23 n/a The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft.
CVE-2000-0161 2000-03-22 n/a Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.
CVE-2000-0162 2000-03-22 n/a The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
CVE-2000-0163 2000-02-23 n/a asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file.
CVE-2000-0164 2000-10-13 n/a The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords.
CVE-2000-0165 2000-04-25 n/a The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands.
CVE-2000-0166 2000-10-13 n/a Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name.
CVE-2000-0167 2000-02-23 n/a IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
CVE-2000-0168 2000-07-12 n/a Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability.
CVE-2000-0169 2000-06-02 n/a Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.
CVE-2000-0170 2000-04-10 n/a Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.
CVE-2000-0171 2000-06-02 n/a atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges.
CVE-2000-0172 2000-04-10 n/a The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.
CVE-2000-0173 2000-03-22 n/a Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote attackers to cause a denial of service.
CVE-2000-0174 2000-07-12 n/a StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0175 2000-07-12 n/a Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.
CVE-2000-0176 2000-03-22 n/a The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist.
CVE-2000-0177 2000-03-22 n/a DNSTools CGI applications allow remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2000-0178 2000-04-10 n/a ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions.
CVE-2000-0179 2000-10-13 n/a HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555.
CVE-2000-0180 2002-03-09 n/a Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0181 2000-04-25 n/a Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection.
CVE-2000-0182 2000-04-10 n/a iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic.
CVE-2000-0183 2000-04-18 n/a Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability.
CVE-2000-0184 2000-04-25 n/a Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
CVE-2000-0185 2000-04-25 n/a RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private.
CVE-2000-0186 2000-04-10 n/a Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
CVE-2000-0187 2000-03-22 n/a EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
CVE-2000-0188 2000-03-22 n/a EZShopper 3.0 search.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
CVE-2000-0189 2000-04-10 n/a ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.
CVE-2000-0190 2000-03-22 n/a AOL Instant Messenger (AIM) client allows remote attackers to cause a denial of service via a message with a malformed ASCII value.
CVE-2000-0191 2000-10-13 n/a Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.
CVE-2000-0192 2000-04-25 n/a The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system.
CVE-2000-0193 2000-10-13 n/a The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges.
CVE-2000-0194 2000-04-10 n/a buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters.
CVE-2000-0195 2000-07-12 n/a setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file.
CVE-2000-0196 2000-04-10 n/a Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message.
CVE-2000-0197 2000-03-22 n/a The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a Trojan horse batch file in place of the original batch file.
CVE-2000-0198 2000-03-22 n/a Buffer overflow in POP3 and IMAP servers in the MERCUR mail server suite allows remote attackers to cause a denial of service.
CVE-2000-0199 2000-03-22 n/a When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
CVE-2000-0200 2000-04-10 n/a Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability.
CVE-2000-0201 2000-04-10 n/a The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.
CVE-2000-0202 2000-04-10 n/a Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
CVE-2000-0203 2000-03-22 n/a The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345.
CVE-2000-0204 2000-03-22 n/a The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%.
CVE-2000-0205 2000-03-22 n/a Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.
CVE-2000-0206 2000-04-25 n/a The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.
CVE-2000-0207 2000-04-10 n/a SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.
CVE-2000-0208 2000-04-10 n/a The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch.
CVE-2000-0209 2000-04-10 n/a Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.
CVE-2000-0210 2000-04-10 n/a The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.
CVE-2000-0211 2000-04-10 n/a The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability.
CVE-2000-0212 2000-04-10 n/a InterAccess TelnetD Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information.
CVE-2000-0213 2000-03-22 n/a The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters.
CVE-2000-0214 2000-03-22 n/a FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites.
CVE-2000-0215 2000-04-10 n/a Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges.
CVE-2000-0216 2000-03-22 n/a Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.
CVE-2000-0217 2000-04-10 n/a The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.
CVE-2000-0218 2000-04-10 n/a Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.
CVE-2000-0219 2000-03-22 n/a Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt.
CVE-2000-0220 2000-03-22 n/a ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event.
CVE-2000-0221 2000-04-10 n/a The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port.
CVE-2000-0222 2000-04-10 n/a The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.
CVE-2000-0223 2000-04-25 n/a Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter.
CVE-2000-0224 2000-04-10 n/a ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.
CVE-2000-0225 2000-10-13 n/a The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled.
CVE-2000-0226 2000-06-02 n/a IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."
CVE-2000-0227 2000-04-12 n/a The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets.
CVE-2000-0228 2000-06-02 n/a Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability.
CVE-2000-0229 2000-06-02 n/a gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.
CVE-2000-0230 2000-06-02 n/a Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.
CVE-2000-0231 2000-06-02 n/a Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.
CVE-2000-0232 2000-06-02 n/a Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.
CVE-2000-0233 2000-06-02 n/a SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.
CVE-2000-0234 2000-06-02 n/a The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.
CVE-2000-0235 2000-06-02 n/a Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
CVE-2000-0236 2000-07-12 n/a Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump.
CVE-2000-0237 2000-10-13 n/a Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.
CVE-2000-0238 2000-10-13 n/a Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL.
CVE-2000-0239 2000-04-12 n/a Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request.
CVE-2000-0240 2000-10-13 n/a vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack.
CVE-2000-0241 2000-04-12 n/a vqSoft vqServer stores sensitive information such as passwords in cleartext in the server.cfg file, which allows attackers to gain privileges.
CVE-2000-0242 2000-04-12 n/a WindMail allows remote attackers to read arbitrary files or execute commands via shell metacharacters.
CVE-2000-0243 2001-09-18 n/a AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin.
CVE-2000-0244 2000-04-12 n/a The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication.
CVE-2000-0245 2000-06-02 n/a Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.
CVE-2000-0246 2000-06-02 n/a IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
CVE-2000-0247 2004-09-01 n/a Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges.
CVE-2000-0248 2000-04-26 n/a The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.
CVE-2000-0249 2000-07-12 n/a The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program.
CVE-2000-0250 2000-04-26 n/a The crypt function in QNX uses weak encryption, which allows local users to decrypt passwords.
CVE-2000-0251 2000-07-12 n/a HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.
CVE-2000-0252 2001-01-22 n/a The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable.
CVE-2000-0253 2001-01-22 n/a The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.
CVE-2000-0254 2001-01-22 n/a The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.
CVE-2000-0255 2001-01-22 n/a The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program.
CVE-2000-0256 2000-04-26 n/a Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the "Server-Side Image Map Components" vulnerability.
CVE-2000-0257 2000-10-13 n/a Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.
CVE-2000-0258 2000-06-02 n/a IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
CVE-2000-0259 2000-04-26 n/a The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users.
CVE-2000-0260 2000-06-02 n/a Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
CVE-2000-0261 2000-07-12 n/a The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0262 2000-07-12 n/a The AVM KEN! ISDN Proxy server allows remote attackers to cause a denial of service via a malformed request.
CVE-2000-0263 2000-10-13 n/a The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.
CVE-2000-0264 2000-07-12 n/a Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.
CVE-2000-0265 2000-10-13 n/a Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet.
CVE-2000-0266 2000-04-26 n/a Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
CVE-2000-0267 2000-06-02 n/a Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.
CVE-2000-0268 2000-06-02 n/a Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.
CVE-2000-0269 2000-04-26 n/a Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
CVE-2000-0270 2000-04-26 n/a The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.
CVE-2000-0271 2000-04-26 n/a read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords.
CVE-2000-0272 2000-10-13 n/a RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070.
CVE-2000-0273 2000-10-13 n/a PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt.
CVE-2000-0274 2000-06-02 n/a The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name.
CVE-2000-0275 2000-04-26 n/a CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN.
CVE-2000-0276 2001-01-22 n/a BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37.
CVE-2000-0277 2000-06-02 n/a Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
CVE-2000-0278 2001-01-22 n/a The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user.
CVE-2000-0279 2000-07-12 n/a BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers.
CVE-2000-0280 2000-04-26 n/a Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.
CVE-2000-0281 2000-04-26 n/a Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message.
CVE-2000-0282 2000-10-13 n/a TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program.
CVE-2000-0283 2001-01-22 n/a The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.
CVE-2000-0284 2000-04-26 n/a Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
CVE-2000-0285 2000-10-13 n/a Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
CVE-2000-0286 2000-04-26 n/a X fontserver xfs allows local users to cause a denial of service via malformed input to the server.
CVE-2000-0287 2001-01-22 n/a The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter.
CVE-2000-0288 2000-04-26 n/a Infonautics getdoc.cgi allows remote attackers to bypass the payment phase for accessing documents via a modified form variable.
CVE-2000-0289 2000-10-13 n/a IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.
CVE-2000-0290 2002-03-09 n/a Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request.
CVE-2000-0291 2000-04-26 n/a Buffer overflow in Star Office 5.1 allows attackers to cause a denial of service by embedding a long URL within a document.
CVE-2000-0292 2001-01-22 n/a The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash.
CVE-2000-0293 2000-04-26 n/a aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaa_base when it deletes expired files from the /tmp directory.
CVE-2000-0294 2000-06-02 n/a Buffer overflow in healthd for FreeBSD allows local users to gain root privileges.
CVE-2000-0295 2000-04-26 n/a Buffer overflow in LCDproc allows remote attackers to gain root privileges via the screen_add command.
CVE-2000-0296 2001-01-22 n/a fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck.
CVE-2000-0297 2000-07-12 n/a Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables.
CVE-2000-0298 2002-03-09 n/a The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.
CVE-2000-0299 2000-04-26 n/a Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept.
CVE-2000-0300 2000-04-26 n/a The default encryption method of PcAnywhere 9.x uses weak encryption, which allows remote attackers to sniff and decrypt PcAnywhere or NT domain accounts.
CVE-2000-0301 2000-10-13 n/a Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.
CVE-2000-0302 2001-05-07 n/a Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.
CVE-2000-0303 2000-07-12 n/a Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack.
CVE-2000-0304 2000-07-12 n/a Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.
CVE-2000-0305 2000-07-12 n/a Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability.
CVE-2000-0306 2001-05-07 n/a Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message.
CVE-2000-0307 2001-05-07 n/a Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024.
CVE-2000-0308 2001-05-07 n/a Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges.
CVE-2000-0309 2001-05-07 n/a The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.
CVE-2000-0310 2001-05-07 n/a IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.
CVE-2000-0311 2000-07-12 n/a The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
CVE-2000-0312 2001-02-14 n/a cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
CVE-2000-0313 2001-05-07 n/a Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.
CVE-2000-0314 2001-05-07 n/a traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.
CVE-2000-0315 2001-05-07 n/a traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.
CVE-2000-0316 2000-07-12 n/a Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.
CVE-2000-0317 2000-05-18 n/a Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.
CVE-2000-0318 2000-10-13 n/a Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack.
CVE-2000-0319 2000-10-13 n/a mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.
CVE-2000-0320 2000-10-13 n/a Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n.
CVE-2000-0321 2000-05-18 n/a Buffer overflow in IC Radius package allows a remote attacker to cause a denial of service via a long user name.
CVE-2000-0322 2000-10-13 n/a The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.
CVE-2000-0323 2000-06-02 n/a The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.
CVE-2000-0324 2002-03-09 n/a pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap.
CVE-2000-0325 2000-05-18 n/a The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.
CVE-2000-0326 2000-05-18 n/a Meeting Maker uses weak encryption (a polyalphabetic substitution cipher) for passwords, which allows remote attackers to sniff and decrypt passwords for Meeting Maker accounts.
CVE-2000-0327 2000-06-02 n/a Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability.
CVE-2000-0328 2000-06-02 n/a Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.
CVE-2000-0329 2000-06-02 n/a A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
CVE-2000-0330 2000-06-02 n/a The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability.
CVE-2000-0331 2000-07-12 n/a Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
CVE-2000-0332 2000-10-13 n/a UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte.
CVE-2000-0333 2000-05-18 n/a tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet.
CVE-2000-0334 2000-07-12 n/a The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.
CVE-2000-0335 2000-10-13 n/a The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.
CVE-2000-0336 2000-07-12 n/a Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
CVE-2000-0337 2000-07-12 n/a Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.
CVE-2000-0338 2000-10-13 n/a Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.
CVE-2000-0339 2000-07-12 n/a ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules.
CVE-2000-0340 2000-10-13 n/a Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable.
CVE-2000-0341 2001-01-22 n/a ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name.
CVE-2000-0342 2000-07-12 n/a Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."
CVE-2000-0343 2000-05-18 n/a Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header.
CVE-2000-0344 2000-10-13 n/a The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value.
CVE-2000-0345 2000-05-18 n/a The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
CVE-2000-0346 2000-07-12 n/a AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server.
CVE-2000-0347 2000-10-13 n/a Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name.
CVE-2000-0348 2001-05-07 n/a A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges.
CVE-2000-0349 2001-05-07 n/a Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service.
CVE-2000-0350 2000-07-12 n/a A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events.
CVE-2000-0351 2001-05-07 n/a Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages.
CVE-2000-0352 2000-07-12 n/a Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.
CVE-2000-0353 2000-07-12 n/a Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.
CVE-2000-0354 2000-07-12 n/a mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory.
CVE-2000-0355 2000-05-24 n/a pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrary files.
CVE-2000-0356 2000-07-12 n/a Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts.
CVE-2000-0357 2000-05-24 n/a ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys.
CVE-2000-0358 2000-05-24 n/a ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program.
CVE-2000-0359 2000-07-12 n/a Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.
CVE-2000-0360 2000-07-12 n/a Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.
CVE-2000-0361 2000-07-12 n/a The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.
CVE-2000-0362 2000-07-12 n/a Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.
CVE-2000-0363 2000-07-12 n/a Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.
CVE-2000-0364 2000-05-24 n/a screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys.
CVE-2000-0365 2000-05-24 n/a Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to write to other tty devices.
CVE-2000-0366 2000-10-13 n/a dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.
CVE-2000-0367 2000-07-12 n/a Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges.
CVE-2000-0368 2001-05-07 n/a Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
CVE-2000-0369 2000-10-13 n/a The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service.
CVE-2000-0370 2000-07-12 n/a The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command.
CVE-2000-0371 2000-07-12 n/a The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.
CVE-2000-0372 2000-07-12 n/a Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges.
CVE-2000-0373 2000-07-12 n/a Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.
CVE-2000-0374 2000-10-13 n/a The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions.
CVE-2000-0375 2001-05-07 n/a The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.
CVE-2000-0376 2000-07-12 n/a Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request.
CVE-2000-0377 2000-07-12 n/a The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.
CVE-2000-0378 2000-10-13 n/a The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.
CVE-2000-0379 2000-07-12 n/a The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so.
CVE-2000-0380 2000-07-12 n/a The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.
CVE-2000-0381 2000-07-12 n/a The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter.
CVE-2000-0382 2000-07-12 n/a ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site.
CVE-2000-0383 2000-06-15 n/a The file transfer component of AOL Instant Messenger (AIM) reveals the physical path of the transferred file to the remote recipient.
CVE-2000-0384 2000-06-15 n/a NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure's MAC address, which could allow remote attackers to gain root access.
CVE-2000-0385 2000-06-15 n/a FileMaker Pro 5 Web Companion allows remote attackers to bypass Field-Level database security restrictions via the XML publishing or email capabilities.
CVE-2000-0386 2000-06-15 n/a FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email.
CVE-2000-0387 2000-07-12 n/a The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.
CVE-2000-0388 2000-07-12 n/a Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable.
CVE-2000-0389 2000-07-12 n/a Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
CVE-2000-0390 2000-07-12 n/a Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
CVE-2000-0391 2000-07-12 n/a Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
CVE-2000-0392 2000-07-12 n/a Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
CVE-2000-0393 2000-07-12 n/a The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.
CVE-2000-0394 2000-07-12 n/a NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.
CVE-2000-0395 2000-07-12 n/a Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request.
CVE-2000-0396 2000-07-12 n/a The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files.
CVE-2000-0397 2000-07-12 n/a The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account.
CVE-2000-0398 2000-07-12 n/a Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request.
CVE-2000-0399 2000-07-12 n/a Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name.
CVE-2000-0400 2000-06-15 n/a The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user's system by encoding it within an email message or news post.
CVE-2000-0401 2000-06-15 n/a Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping cart allow remote attackers to execute arbitrary commands via a long query string.
CVE-2000-0402 2000-07-12 n/a The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
CVE-2000-0403 2000-07-12 n/a The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.
CVE-2000-0404 2000-07-12 n/a The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability.
CVE-2000-0405 2000-07-12 n/a Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet.
CVE-2000-0406 2000-07-12 n/a Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
CVE-2000-0407 2000-07-12 n/a Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.
CVE-2000-0408 2000-07-12 n/a IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability.
CVE-2000-0409 2000-07-12 n/a Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.
CVE-2000-0410 2000-07-12 n/a ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.
CVE-2000-0411 2000-07-12 n/a Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter.
CVE-2000-0412 2000-06-15 n/a The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file.
CVE-2000-0413 2000-06-15 n/a The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path.
CVE-2000-0414 2000-07-12 n/a Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.
CVE-2000-0415 2000-06-15 n/a Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.
CVE-2000-0416 2000-07-12 n/a NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server.
CVE-2000-0417 2000-07-12 n/a The HTTP administration interface to the Cayman 3220-H DSL router allows remote attackers to cause a denial of service via a long username or password.
CVE-2000-0418 2000-07-12 n/a The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests.
CVE-2000-0419 2000-07-12 n/a The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
CVE-2000-0420 2000-06-15 n/a The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data.
CVE-2000-0421 2000-07-12 n/a The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2000-0422 2000-06-15 n/a Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter.
CVE-2000-0423 2000-06-15 n/a Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag.
CVE-2000-0424 2000-07-12 n/a The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2000-0425 2000-07-12 n/a Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.
CVE-2000-0426 2000-10-13 n/a UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself.
CVE-2000-0427 2000-07-12 n/a The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM.
CVE-2000-0428 2000-07-12 n/a Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment.
CVE-2000-0429 2000-06-15 n/a A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands.
CVE-2000-0430 2000-10-13 n/a Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request.
CVE-2000-0431 2000-07-12 n/a Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.
CVE-2000-0432 2000-07-12 n/a The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2000-0433 2000-06-15 n/a The SuSE aaa_base package installs some system accounts with home directories set to /tmp, which allows local users to gain privileges to those accounts by creating standard user startup scripts such as profiles.
CVE-2000-0434 2000-06-15 n/a The administrative password for the Allmanage web site administration software is stored in plaintext in a file which could be accessed by remote attackers.
CVE-2000-0435 2000-07-12 n/a The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages.
CVE-2000-0436 2000-07-12 n/a MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack.
CVE-2000-0437 2000-07-12 n/a Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands.
CVE-2000-0438 2000-07-12 n/a Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.
CVE-2000-0439 2000-07-12 n/a Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.
CVE-2000-0440 2000-10-13 n/a NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.
CVE-2000-0441 2000-07-12 n/a Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems.
CVE-2000-0442 2000-07-12 n/a Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command.
CVE-2000-0443 2000-10-13 n/a The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0444 2000-06-15 n/a HP Web JetAdmin 6.0 allows remote attackers to cause a denial of service via a malformed URL to port 8000.
CVE-2000-0445 2000-10-13 n/a The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys.
CVE-2000-0446 2000-10-13 n/a Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string.
CVE-2000-0447 2000-10-13 n/a Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service.
CVE-2000-0448 2000-10-13 n/a The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command.
CVE-2000-0449 2000-06-15 n/a Omnis Studio 2.4 uses weak encryption (trivial encoding) for encrypting database fields.
CVE-2000-0450 2000-06-15 n/a Vulnerability in bbd server in Big Brother System and Network Monitor allows an attacker to execute arbitrary commands.
CVE-2000-0451 2000-10-13 n/a The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets.
CVE-2000-0452 2000-07-12 n/a Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command.
CVE-2000-0453 2000-07-12 n/a XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
CVE-2000-0454 2000-07-12 n/a Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter.
CVE-2000-0455 2000-07-12 n/a Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option.
CVE-2000-0456 2000-07-12 n/a NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog".
CVE-2000-0457 2002-03-09 n/a ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.
CVE-2000-0458 2000-10-13 n/a The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information.
CVE-2000-0459 2000-10-13 n/a IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request.
CVE-2000-0460 2000-07-12 n/a Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
CVE-2000-0461 2000-07-12 n/a The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
CVE-2000-0462 2000-07-12 n/a ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.
CVE-2000-0463 2000-07-12 n/a BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets.
CVE-2000-0464 2000-07-12 n/a Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability.
CVE-2000-0465 2000-07-12 n/a Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability.
CVE-2000-0466 2000-10-13 n/a AIX cdmount allows local users to gain root privileges via shell metacharacters.
CVE-2000-0467 2000-10-13 n/a Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function.
CVE-2000-0468 2000-10-13 n/a man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.
CVE-2000-0469 2000-10-13 n/a Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0470 2000-10-13 n/a Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request.
CVE-2000-0471 2000-10-13 n/a Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.
CVE-2000-0472 2000-10-13 n/a Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.
CVE-2000-0473 2000-07-12 n/a Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker to cause a denial of service via a long GET request for a program in the cgi-bin directory.
CVE-2000-0474 2000-10-13 n/a Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory.
CVE-2000-0475 2000-10-13 n/a Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability.
CVE-2000-0476 2000-07-12 n/a xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
CVE-2000-0477 2000-10-13 n/a Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names.
CVE-2000-0478 2000-10-13 n/a In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server.
CVE-2000-0479 2000-07-12 n/a Dragon FTP server allows remote attackers to cause a denial of service via a long USER command.
CVE-2000-0480 2000-07-12 n/a Dragon telnet server allows remote attackers to cause a denial of service via a long username.
CVE-2000-0481 2000-10-13 n/a Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.
CVE-2000-0482 2000-10-13 n/a Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets.
CVE-2000-0483 2000-10-13 n/a The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.
CVE-2000-0484 2000-10-13 n/a Small HTTP Server ver 3.06 contains a memory corruption bug causing a memory overflow. The overflowed buffer crashes into a Structured Exception Handler resulting in a Denial of Service.
CVE-2000-0485 2000-10-13 n/a Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.
CVE-2000-0486 2000-10-13 n/a Buffer overflow in Cisco TACACS+ tac_plus server allows remote attackers to cause a denial of service via a malformed packet with a long length field.
CVE-2000-0487 2000-07-12 n/a The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption, aka the "Protected Store Key Length" vulnerability.
CVE-2000-0488 2001-01-22 n/a Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command.
CVE-2000-0489 2000-10-13 n/a FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.
CVE-2000-0490 2000-10-13 n/a Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request.
CVE-2000-0491 2000-07-12 n/a Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.
CVE-2000-0492 2000-07-12 n/a PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords.
CVE-2000-0493 2000-10-13 n/a Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string.
CVE-2000-0494 2000-10-13 n/a Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script.
CVE-2000-0495 2000-10-13 n/a Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability.
CVE-2000-0497 2000-10-13 n/a IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
CVE-2000-0498 2001-01-22 n/a Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
CVE-2000-0499 2000-10-13 n/a The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
CVE-2000-0500 2000-10-13 n/a The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
CVE-2000-0501 2000-10-13 n/a Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server.
CVE-2000-0502 2003-04-02 n/a Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion.
CVE-2000-0503 2000-07-12 n/a The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.
CVE-2000-0504 2001-05-07 n/a libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
CVE-2000-0505 2000-10-13 n/a The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
CVE-2000-0506 2000-10-13 n/a The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."
CVE-2000-0507 2000-10-13 n/a Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.
CVE-2000-0508 2000-10-13 n/a rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.
CVE-2000-0509 2000-07-12 n/a Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname.
CVE-2000-0510 2000-10-13 n/a CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request.
CVE-2000-0511 2000-10-13 n/a CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request.
CVE-2000-0512 2000-10-13 n/a CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.
CVE-2000-0513 2000-10-13 n/a CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.
CVE-2000-0514 2000-10-13 n/a GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.
CVE-2000-0515 2000-10-13 n/a The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges.
CVE-2000-0516 2000-10-13 n/a When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server.
CVE-2000-0517 2000-10-13 n/a Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.
CVE-2000-0518 2000-10-13 n/a Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
CVE-2000-0519 2000-10-13 n/a Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
CVE-2000-0520 2000-07-12 n/a Buffer overflow in restore program 0.4b17 and earlier in dump package allows local users to execute arbitrary commands via a long tape name.
CVE-2000-0521 2000-10-13 n/a Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number.
CVE-2000-0522 2000-10-13 n/a RSA ACE/Server allows remote attackers to cause a denial of service by flooding the server's authentication request port with UDP packets, which causes the server to crash.
CVE-2000-0523 2001-01-22 n/a Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command.
CVE-2000-0524 2000-07-12 n/a Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From.
CVE-2000-0525 2000-10-13 n/a OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
CVE-2000-0526 2000-07-12 n/a mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0527 2000-07-12 n/a userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2000-0528 2000-10-13 n/a Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files.
CVE-2000-0529 2000-10-13 n/a Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP request.
CVE-2000-0530 2000-10-13 n/a The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
CVE-2000-0531 2000-07-12 n/a Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.
CVE-2000-0532 2000-10-13 n/a A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered.
CVE-2000-0533 2000-10-13 n/a Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files.
CVE-2000-0534 2000-10-13 n/a The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user.
CVE-2000-0535 2000-07-12 n/a OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
CVE-2000-0536 2000-10-13 n/a xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry.
CVE-2000-0537 2000-10-13 n/a BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable.
CVE-2000-0538 2000-10-13 n/a ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.
CVE-2000-0539 2000-10-13 n/a Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.
CVE-2000-0540 2000-10-13 n/a JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information.
CVE-2000-0541 2001-05-07 n/a The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command.
CVE-2000-0542 2001-01-22 n/a Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds.
CVE-2000-0543 2000-07-12 n/a The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows remote attackers to cause a denial of service if their hostname does not have a reverse DNS entry and they connect to port 4000.
CVE-2000-0544 2000-07-12 n/a Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length.
CVE-2000-0545 2000-07-12 n/a Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter.
CVE-2000-0546 2000-07-12 n/a Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.
CVE-2000-0547 2000-07-12 n/a Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function.
CVE-2000-0548 2000-10-13 n/a Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
CVE-2000-0549 2000-10-13 n/a Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
CVE-2000-0550 2000-10-13 n/a Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.
CVE-2000-0551 2002-03-09 n/a The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files.
CVE-2000-0552 2000-10-13 n/a ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
CVE-2000-0553 2000-10-13 n/a Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions.
CVE-2000-0554 2000-07-12 n/a Ceilidh allows remote attackers to obtain the real path of the Ceilidh directory via the translated_path hidden form field.
CVE-2000-0555 2000-10-13 n/a Ceilidh allows remote attackers to cause a denial of service via a large number of POST requests.
CVE-2000-0556 2000-10-13 n/a Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002.
CVE-2000-0557 2000-10-13 n/a Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request.
CVE-2000-0558 2000-10-13 n/a Buffer overflow in HP Openview Network Node Manager 6.1 allows remote attackers to execute arbitrary commands via the Alarm service (OVALARMSRV) on port 2345.
CVE-2000-0559 2000-07-12 n/a eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.
CVE-2000-0561 2000-10-13 n/a Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbitrary commands via a long HTTP GET request.
CVE-2000-0562 2000-07-12 n/a BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower.
CVE-2000-0563 2000-07-12 n/a The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
CVE-2000-0564 2000-07-12 n/a The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long name parameter.
CVE-2000-0565 2001-01-22 n/a SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.
CVE-2000-0566 2000-10-13 n/a makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
CVE-2000-0567 2000-10-13 n/a Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.
CVE-2000-0568 2001-09-18 n/a Sybergen Secure Desktop 2.1 does not properly protect against false router advertisements (ICMP type 9), which allows remote attackers to modify default routes.
CVE-2000-0569 2001-09-18 n/a Sybergen Sygate allows remote attackers to cause a denial of service by sending a malformed DNS UDP packet to its internal interface.
CVE-2000-0570 2002-03-09 n/a FirstClass Internet Services server 5.770, and other versions before 6.1, allows remote attackers to cause a denial of service by sending an email with a long To: mail header.
CVE-2000-0571 2000-10-13 n/a LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request.
CVE-2000-0572 2000-07-19 n/a The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges.
CVE-2000-0573 2001-05-07 n/a The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
CVE-2000-0574 2000-07-19 n/a FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
CVE-2000-0575 2002-03-09 n/a SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS.
CVE-2000-0576 2001-09-18 n/a Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.
CVE-2000-0577 2001-05-07 n/a Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0578 2000-07-19 n/a SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user.
CVE-2000-0579 2000-10-13 n/a IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited.
CVE-2000-0580 2000-07-19 n/a Windows 2000 Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros to various TCP and UDP ports, which significantly increases the CPU utilization.
CVE-2000-0581 2002-03-09 n/a Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.
CVE-2000-0582 2000-10-13 n/a Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy.
CVE-2000-0583 2000-10-13 n/a vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.
CVE-2000-0584 2000-10-13 n/a Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.
CVE-2000-0585 2000-10-13 n/a ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2000-0586 2000-10-13 n/a Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to cause a denial of service or execute arbitrary commands via the SUMMON command.
CVE-2000-0587 2000-10-13 n/a The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.
CVE-2000-0588 2000-10-13 n/a SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands.
CVE-2000-0589 2000-07-19 n/a SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration.
CVE-2000-0590 2003-04-02 n/a Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter.
CVE-2000-0591 2000-10-13 n/a Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL.
CVE-2000-0592 2000-07-19 n/a Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow remote attackers to execute arbitrary commands via long USER, PASS, LIST, RETR, or DELE commands.
CVE-2000-0593 2002-03-09 n/a WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of service by sending an HTTP GET request without listing an HTTP version number.
CVE-2000-0594 2000-10-13 n/a BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
CVE-2000-0595 2000-10-13 n/a libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.
CVE-2000-0596 2000-10-13 n/a Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.
CVE-2000-0597 2000-10-13 n/a Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
CVE-2000-0598 2000-10-13 n/a Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy.
CVE-2000-0599 2000-10-13 n/a Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port.
CVE-2000-0600 2002-03-09 n/a Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.
CVE-2000-0601 2000-10-13 n/a LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages.
CVE-2000-0602 2000-10-13 n/a Secure Locate (slocate) in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATE_PATH environmental variable.
CVE-2000-0603 2000-10-13 n/a Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability.
CVE-2000-0604 2000-10-13 n/a gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp.
CVE-2000-0605 2000-07-19 n/a Blackboard CourseInfo 4.0 stores the local and SQL administrator user names and passwords in cleartext in a registry key whose access control allows users to access the passwords.
CVE-2000-0606 2000-07-19 n/a Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
CVE-2000-0607 2000-07-19 n/a Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.
CVE-2000-0608 2000-07-19 n/a NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost).
CVE-2000-0609 2000-07-19 n/a NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to cause a denial of service via a long username parameter.
CVE-2000-0610 2000-10-13 n/a NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return.
CVE-2000-0611 2000-10-13 n/a The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service.
CVE-2000-0612 2000-07-19 n/a Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table.
CVE-2000-0613 2000-10-13 n/a Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.
CVE-2000-0614 2000-07-19 n/a Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output.
CVE-2000-0615 2002-03-09 n/a LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files.
CVE-2000-0616 2000-10-13 n/a Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS.
CVE-2000-0617 2000-07-19 n/a Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long USER environmental variable.
CVE-2000-0618 2000-07-19 n/a Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long DISPLAY environmental variable.
CVE-2000-0619 2002-03-09 n/a Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets.
CVE-2000-0620 2001-09-18 n/a libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.
CVE-2000-0621 2000-10-13 n/a Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
CVE-2000-0622 2001-05-07 n/a Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter.
CVE-2000-0623 2000-08-03 n/a Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header.
CVE-2000-0624 2000-10-13 n/a Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.
CVE-2000-0625 2000-08-03 n/a NetZero 3.0 and earlier uses weak encryption for storing a user's login information, which allows a local user to decrypt the password.
CVE-2000-0626 2000-08-03 n/a Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request.
CVE-2000-0627 2000-10-13 n/a BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl.
CVE-2000-0628 2000-10-13 n/a The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
CVE-2000-0629 2000-08-03 n/a The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.
CVE-2000-0630 2000-10-13 n/a IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.
CVE-2000-0631 2000-10-13 n/a An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.
CVE-2000-0632 2000-10-13 n/a Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string.
CVE-2000-0633 2000-10-13 n/a Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
CVE-2000-0634 2000-10-13 n/a The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0635 2000-10-13 n/a The view_page.html sample page in the MiniVend shopping cart program allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2000-0636 2000-10-13 n/a HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command.
CVE-2000-0637 2000-10-13 n/a Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
CVE-2000-0638 2000-10-13 n/a bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.
CVE-2000-0639 2000-10-13 n/a The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.
CVE-2000-0640 2000-10-13 n/a Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not.
CVE-2000-0641 2000-10-13 n/a Savant web server allows remote attackers to execute arbitrary commands via a long GET request.
CVE-2000-0642 2000-10-13 n/a The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page.
CVE-2000-0643 2000-10-13 n/a Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL.
CVE-2000-0644 2000-10-13 n/a WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.
CVE-2000-0645 2000-08-03 n/a WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).
CVE-2000-0646 2000-08-03 n/a WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred.
CVE-2000-0647 2000-08-03 n/a WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server.
CVE-2000-0648 2000-08-03 n/a WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command.
CVE-2000-0649 2000-08-03 n/a IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
CVE-2000-0650 2001-05-07 n/a The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.
CVE-2000-0651 2000-10-13 n/a The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine.
CVE-2000-0652 2000-10-13 n/a IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.
CVE-2000-0653 2000-08-03 n/a Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.
CVE-2000-0654 2000-10-13 n/a Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability.
CVE-2000-0655 2000-10-13 n/a Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
CVE-2000-0656 2000-08-03 n/a Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long USER command in the FTP protocol.
CVE-2000-0657 2000-08-03 n/a Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long HELO command in the SMTP protocol.
CVE-2000-0658 2000-08-03 n/a Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long USER command in the POP3 protocol.
CVE-2000-0659 2000-08-03 n/a Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long user ID in a SOCKS4 CONNECT request.
CVE-2000-0660 2000-10-13 n/a The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0661 2000-10-13 n/a WircSrv IRC Server 5.07s allows remote attackers to cause a denial of service via a long string to the server port.
CVE-2000-0662 2002-03-09 n/a Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED).
CVE-2000-0663 2000-10-13 n/a The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability.
CVE-2000-0664 2000-10-13 n/a AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots.
CVE-2000-0665 2000-10-13 n/a GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username.
CVE-2000-0666 2000-10-13 n/a rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
CVE-2000-0667 2000-08-03 n/a Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service.
CVE-2000-0668 2000-10-13 n/a pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.
CVE-2000-0669 2000-10-13 n/a Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data.
CVE-2000-0670 2000-10-13 n/a The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.
CVE-2000-0671 2000-10-13 n/a Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL.
CVE-2000-0672 2001-01-22 n/a The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
CVE-2000-0673 2000-10-13 n/a The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.
CVE-2000-0674 2000-10-13 n/a ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack.
CVE-2000-0675 2000-10-13 n/a Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string.
CVE-2000-0676 2000-10-13 n/a Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.
CVE-2000-0677 2000-10-13 n/a Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.
CVE-2000-0678 2000-10-13 n/a PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.
CVE-2000-0679 2001-01-22 n/a The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
CVE-2000-0680 2000-09-21 n/a The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
CVE-2000-0681 2000-10-13 n/a Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.
CVE-2000-0682 2000-10-13 n/a BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
CVE-2000-0683 2000-10-13 n/a BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
CVE-2000-0684 2000-10-13 n/a BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.
CVE-2000-0685 2000-10-13 n/a BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.
CVE-2000-0686 2000-09-21 n/a Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.
CVE-2000-0687 2000-09-21 n/a Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter.
CVE-2000-0688 2000-09-21 n/a Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.
CVE-2000-0689 2000-09-21 n/a Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script with the setpasswd parameter.
CVE-2000-0690 2000-09-21 n/a Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter.
CVE-2000-0691 2000-09-21 n/a The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
CVE-2000-0692 2000-09-21 n/a ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a denial of service via a flood of fragmented packets with the SYN flag set.
CVE-2000-0693 2001-05-07 n/a pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying their path to point to an alternate "cp" program.
CVE-2000-0694 2001-05-07 n/a pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack.
CVE-2000-0695 2000-09-21 n/a Buffer overflows in pgxconfig in the Raptor GFX configuration tool allow local users to gain privileges via command line options.
CVE-2000-0696 2000-09-21 n/a The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.
CVE-2000-0697 2000-09-21 n/a The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters.
CVE-2000-0698 2001-01-22 n/a Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack.
CVE-2000-0699 2002-03-09 n/a Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.
CVE-2000-0700 2000-10-13 n/a Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets.
CVE-2000-0701 2000-09-21 n/a The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
CVE-2000-0702 2001-01-22 n/a The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.
CVE-2000-0703 2000-10-13 n/a suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
CVE-2000-0704 2000-09-21 n/a Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands.
CVE-2000-0705 2000-10-13 n/a ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0706 2000-10-13 n/a Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands.
CVE-2000-0707 2000-10-13 n/a PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password.
CVE-2000-0708 2000-10-13 n/a Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port.
CVE-2000-0709 2000-09-21 n/a The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
CVE-2000-0710 2000-09-21 n/a The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
CVE-2000-0711 2000-10-13 n/a Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
CVE-2000-0712 2000-10-13 n/a Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option.
CVE-2000-0713 2000-09-21 n/a Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and Fill In products that handle PDF files allows attackers to execute arbitrary commands via a long /Registry or /Ordering specifier.
CVE-2000-0714 2000-09-21 n/a umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable files.
CVE-2000-0715 2000-09-21 n/a DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2000-0716 2001-01-22 n/a WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.
CVE-2000-0717 2001-05-07 n/a GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands.
CVE-2000-0718 2000-10-13 n/a A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
CVE-2000-0719 2000-09-21 n/a VariCAD 7.0 is installed with world-writeable files, which allows local users to replace the VariCAD programs with a Trojan horse program.
CVE-2000-0720 2001-05-07 n/a news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.
CVE-2000-0721 2000-09-21 n/a The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses.
CVE-2000-0722 2000-09-21 n/a Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages.
CVE-2000-0723 2000-09-21 n/a Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config.
CVE-2000-0724 2000-09-21 n/a The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files.
CVE-2000-0725 2000-10-13 n/a Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
CVE-2000-0726 2001-05-07 n/a CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.
CVE-2000-0727 2000-10-13 n/a xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.
CVE-2000-0728 2000-10-13 n/a xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.
CVE-2000-0729 2001-01-22 n/a FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
CVE-2000-0730 2000-10-13 n/a Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.
CVE-2000-0731 2001-05-07 n/a Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0732 2001-01-22 n/a Worm HTTP server allows remote attackers to cause a denial of service via a long URL.
CVE-2000-0733 2000-10-13 n/a Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.
CVE-2000-0734 2000-09-21 n/a eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections.
CVE-2000-0735 2000-09-21 n/a Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user replies to a message.
CVE-2000-0736 2000-09-21 n/a Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user forwards a message.
CVE-2000-0737 2000-10-13 n/a The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.
CVE-2000-0738 2001-01-22 n/a WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail.
CVE-2000-0739 2002-03-09 n/a Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server.
CVE-2000-0740 2002-03-09 n/a Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port.
CVE-2000-0741 2002-03-09 n/a Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension.
CVE-2000-0742 2001-05-07 n/a The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.
CVE-2000-0743 2000-10-13 n/a Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value.
CVE-2000-0745 2000-10-13 n/a admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter.
CVE-2000-0746 2000-09-21 n/a Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site, aka the "IIS Cross-Site Scripting" vulnerabilities.
CVE-2000-0747 2004-09-01 n/a The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.
CVE-2000-0748 2000-09-21 n/a OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse.
CVE-2000-0749 2001-01-22 n/a Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.
CVE-2000-0750 2000-10-13 n/a Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.
CVE-2000-0751 2000-10-13 n/a mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
CVE-2000-0752 2000-09-21 n/a Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.
CVE-2000-0753 2002-03-09 n/a The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.
CVE-2000-0754 2000-10-13 n/a Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.
CVE-2000-0755 2000-09-21 n/a Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges.
CVE-2000-0756 2000-09-21 n/a Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
CVE-2000-0757 2000-09-21 n/a The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privileges by connecting to the service and specifying the commands to be executed.
CVE-2000-0758 2000-10-13 n/a The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field.
CVE-2000-0759 2000-09-21 n/a Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
CVE-2000-0760 2000-09-21 n/a The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
CVE-2000-0761 2000-10-13 n/a OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username.
CVE-2000-0762 2001-01-22 n/a The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.
CVE-2000-0763 2000-10-13 n/a xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option.
CVE-2000-0764 2001-01-22 n/a Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet.
CVE-2000-0765 2000-10-13 n/a Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
CVE-2000-0766 2001-01-22 n/a Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request.
CVE-2000-0767 2000-10-13 n/a The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.
CVE-2000-0768 2000-10-13 n/a A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
CVE-2000-0769 2000-09-21 n/a O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe.
CVE-2000-0770 2000-10-13 n/a IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.
CVE-2000-0771 2000-10-13 n/a Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
CVE-2000-0772 2000-09-21 n/a The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account "sa" with no password.
CVE-2000-0773 2004-09-01 n/a Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack.
CVE-2000-0774 2000-09-21 n/a The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root.
CVE-2000-0775 2000-09-21 n/a Buffer overflow in RobTex Viking server earlier than 1.06-370 allows remote attackers to cause a denial of service or execute arbitrary commands via a long HTTP GET request, or long Unless-Modified-Since, If-Range, or If-Modified-Since headers.
CVE-2000-0776 2002-03-09 n/a Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request.
CVE-2000-0777 2000-10-13 n/a The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability.
CVE-2000-0778 2000-10-13 n/a IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
CVE-2000-0779 2000-10-13 n/a Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests.
CVE-2000-0780 2000-10-13 n/a The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
CVE-2000-0781 2004-09-01 n/a uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.
CVE-2000-0782 2000-10-13 n/a netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0783 2001-01-22 n/a Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100.
CVE-2000-0784 2000-09-21 n/a sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh.
CVE-2000-0785 2000-09-21 n/a WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files via the importmotd command, which sets the Message of the Day (MOTD) to the specified file.
CVE-2000-0786 2000-10-13 n/a GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
CVE-2000-0787 2000-10-13 n/a IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser.
CVE-2000-0788 2002-03-09 n/a The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.
CVE-2000-0789 2000-09-21 n/a WinU 5.x and earlier uses weak encryption to store its configuration password, which allows local users to decrypt the password and gain privileges.
CVE-2000-0790 2002-03-09 n/a The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.
CVE-2000-0791 2000-09-21 n/a Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
CVE-2000-0792 2000-10-13 n/a Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available.
CVE-2000-0793 2000-09-21 n/a Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.
CVE-2000-0794 2000-09-21 n/a Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as (1) gmemusage and (2) gr_osview.
CVE-2000-0795 2002-03-09 n/a Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option.
CVE-2000-0796 2002-03-09 n/a Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.
CVE-2000-0797 2004-09-01 n/a Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option.
CVE-2000-0798 2000-09-21 n/a The truncate function in IRIX 6.x does not properly check for privileges when the file is in the xfs file system, which allows local users to delete the contents of arbitrary files.
CVE-2000-0799 2001-09-18 n/a inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.
CVE-2000-0800 2000-09-21 n/a String parsing error in rpc.kstatd in the linuxnfs or knfsd packages in SuSE and possibly other Linux systems allows remote attackers to gain root privileges.
CVE-2000-0801 2000-09-21 n/a Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option.
CVE-2000-0802 2000-09-21 n/a The BAIR program does not properly restrict access to the Internet Explorer Internet options menu, which allows local users to obtain access to the menu by modifying the registry key that starts BAIR.
CVE-2000-0803 2001-05-07 n/a GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
CVE-2000-0804 2001-01-22 n/a Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."
CVE-2000-0805 2001-01-22 n/a Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets."
CVE-2000-0806 2001-01-22 n/a The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass."
CVE-2000-0807 2001-01-22 n/a The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability."
CVE-2000-0808 2001-01-22 n/a The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication."
CVE-2000-0809 2001-01-22 n/a Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service.
CVE-2000-0810 2001-01-22 n/a Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.
CVE-2000-0811 2001-01-22 n/a Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.
CVE-2000-0812 2000-10-18 n/a The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.
CVE-2000-0813 2001-01-22 n/a Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass."
CVE-2000-0816 2001-05-07 n/a Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.
CVE-2000-0817 2000-11-29 n/a Buffer overflow in the HTTP protocol parser for Microsoft Network Monitor (Netmon) allows remote attackers to execute arbitrary commands via malformed data, aka the "Netmon Protocol Parsing" vulnerability.
CVE-2000-0818 2001-05-07 n/a The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.
CVE-2000-0824 2001-01-22 n/a The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.
CVE-2000-0825 2002-03-09 n/a Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.
CVE-2000-0826 2000-10-18 n/a Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long GET request.
CVE-2000-0827 2000-10-18 n/a Buffer overflow in the web authorization form of Mobius DocumentDirect for the Internet 1.2 allows remote attackers to cause a denial of service or execute arbitrary commands via a long username.
CVE-2000-0828 2000-10-18 n/a Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long User-Agent parameter.
CVE-2000-0829 2001-05-07 n/a The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.
CVE-2000-0830 2002-03-09 n/a annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.
CVE-2000-0831 2000-10-18 n/a Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long username.
CVE-2000-0832 2000-10-18 n/a Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter.
CVE-2000-0833 2000-10-18 n/a Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to cause a denial of service via a long (1) USER or (2) HELO command.
CVE-2000-0834 2001-01-22 n/a The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability.
CVE-2000-0835 2000-10-18 n/a search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query parameter.
CVE-2000-0836 2000-10-18 n/a Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to execute arbitrary commands via a long Authorization header.
CVE-2000-0837 2001-01-22 n/a FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes.
CVE-2000-0838 2002-03-09 n/a Fastream FUR HTTP server 1.0b allows remote attackers to cause a denial of service via a long GET request.
CVE-2000-0839 2002-03-09 n/a WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515).
CVE-2000-0840 2000-10-18 n/a Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long USER command.
CVE-2000-0841 2000-10-18 n/a Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long APOP command.
CVE-2000-0842 2000-10-18 n/a The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0843 2000-10-18 n/a Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote attackers to execute arbitrary commands via a login with a long user name.
CVE-2000-0844 2001-01-22 n/a Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
CVE-2000-0845 2000-10-18 n/a kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to read arbitrary files by specifying the full file name in the initialization packet.
CVE-2000-0846 2001-01-22 n/a Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to execute arbitrary commands via a long username or password.
CVE-2000-0847 2001-01-22 n/a Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header.
CVE-2000-0848 2001-01-22 n/a Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header.
CVE-2000-0849 2001-01-22 n/a Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.
CVE-2000-0850 2001-01-22 n/a Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.
CVE-2000-0851 2001-01-22 n/a Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.
CVE-2000-0852 2001-01-22 n/a Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.
CVE-2000-0853 2001-01-22 n/a YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0854 2001-05-07 n/a When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
CVE-2000-0855 2000-10-18 n/a SunFTP build 9(1) allows remote attackers to cause a denial of service by connecting to the server and disconnecting before sending a newline.
CVE-2000-0856 2001-05-07 n/a Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request.
CVE-2000-0857 2000-10-18 n/a The logging capability in muh 2.05d IRC server does not properly cleanse user-injected format strings, which allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed nickname.
CVE-2000-0858 2001-01-22 n/a Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.
CVE-2000-0859 2002-03-09 n/a The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests.
CVE-2000-0860 2001-01-22 n/a The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
CVE-2000-0861 2001-01-22 n/a Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
CVE-2000-0862 2001-01-22 n/a Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information.
CVE-2000-0863 2001-01-22 n/a Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges.
CVE-2000-0864 2001-01-22 n/a Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.
CVE-2000-0865 2001-01-22 n/a Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument.
CVE-2000-0866 2000-10-18 n/a Interbase 6 SuperServer for Linux allows an attacker to cause a denial of service via a query containing 0 bytes.
CVE-2000-0867 2001-01-22 n/a Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
CVE-2000-0868 2001-01-22 n/a The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
CVE-2000-0869 2001-01-22 n/a The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.
CVE-2000-0870 2001-01-22 n/a Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string.
CVE-2000-0871 2001-01-22 n/a Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server.
CVE-2000-0872 2000-10-18 n/a explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0873 2001-01-22 n/a netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.
CVE-2000-0874 2001-05-07 n/a Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF).
CVE-2000-0875 2001-05-07 n/a WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters.
CVE-2000-0876 2001-05-07 n/a WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.
CVE-2000-0877 2001-09-18 n/a mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.
CVE-2000-0878 2001-01-22 n/a The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field.
CVE-2000-0879 2000-10-18 n/a LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services.
CVE-2000-0880 2000-10-18 n/a LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file.
CVE-2000-0881 2000-10-18 n/a The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files.
CVE-2000-0882 2000-10-18 n/a Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed ICMP packet, which causes the CPU to crash.
CVE-2000-0883 2001-01-22 n/a The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
CVE-2000-0884 2001-01-22 n/a IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
CVE-2000-0885 2000-11-29 n/a Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.
CVE-2000-0886 2001-01-22 n/a IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
CVE-2000-0887 2001-01-22 n/a named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."
CVE-2000-0888 2001-01-22 n/a named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."
CVE-2000-0889 2001-02-02 n/a Two Sun security certificates have been compromised, which could allow attackers to insert malicious code such as applets and make it appear that it is signed by Sun.
CVE-2000-0890 2001-05-07 n/a periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.
CVE-2000-0891 2002-03-09 n/a A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email.
CVE-2000-0892 2002-03-09 n/a Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.
CVE-2000-0893 2001-02-02 n/a The presence of the Distributed GL Daemon (dgld) service on port 5232 on SGI IRIX systems allows remote attackers to identify the target host as an SGI system.
CVE-2000-0894 2004-09-01 n/a HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities.
CVE-2000-0895 2004-09-01 n/a Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request.
CVE-2000-0896 2001-05-07 n/a WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets.
CVE-2000-0897 2001-09-18 n/a Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed.
CVE-2000-0898 2000-12-19 n/a Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file.
CVE-2000-0899 2000-12-19 n/a Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the server and sending out multiple GET, HEAD, or POST requests and closing the connection before the server responds to the requests.
CVE-2000-0900 2001-01-22 n/a Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
CVE-2000-0901 2001-01-22 n/a Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable.
CVE-2000-0902 2000-11-29 n/a getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0903 2000-11-29 n/a Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0904 2000-11-29 n/a Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to obtain that information.
CVE-2000-0905 2000-11-29 n/a QNX Embedded Resource Manager in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read sensitive system statistics information via the embedded.html web page.
CVE-2000-0906 2000-11-29 n/a Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters.
CVE-2000-0907 2000-11-29 n/a EServ 2.92 Build 2982 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long HELO and MAIL FROM commands.
CVE-2000-0908 2001-01-22 n/a BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request.
CVE-2000-0909 2001-01-22 n/a Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.
CVE-2000-0910 2001-01-22 n/a Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.
CVE-2000-0911 2001-01-22 n/a IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.
CVE-2000-0912 2001-01-22 n/a MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter.
CVE-2000-0913 2001-01-22 n/a mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
CVE-2000-0914 2001-01-22 n/a OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.
CVE-2000-0915 2001-01-22 n/a fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.
CVE-2000-0916 2000-11-29 n/a FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an insufficient random number generator to generate initial TCP sequence numbers (ISN), which allows remote attackers to spoof TCP connections.
CVE-2000-0917 2001-01-22 n/a Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
CVE-2000-0918 2000-11-29 n/a Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters.
CVE-2000-0919 2001-01-22 n/a Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0920 2001-01-22 n/a Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "."
CVE-2000-0921 2001-01-22 n/a Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.
CVE-2000-0922 2001-01-22 n/a Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter.
CVE-2000-0923 2001-01-22 n/a authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
CVE-2000-0924 2001-01-22 n/a Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catigory" parameter.
CVE-2000-0925 2001-01-22 n/a The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information.
CVE-2000-0926 2001-01-22 n/a SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable.
CVE-2000-0927 2001-05-07 n/a WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.
CVE-2000-0928 2001-01-22 n/a WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares.
CVE-2000-0929 2001-01-22 n/a Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability.
CVE-2000-0930 2001-01-22 n/a Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch.
CVE-2000-0931 2000-11-29 n/a Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data.
CVE-2000-0932 2001-01-22 n/a MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service.
CVE-2000-0933 2001-01-22 n/a The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.
CVE-2000-0934 2001-01-22 n/a Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack.
CVE-2000-0935 2001-01-22 n/a Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.
CVE-2000-0936 2001-01-22 n/a Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.
CVE-2000-0937 2001-01-22 n/a Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.
CVE-2000-0938 2001-01-22 n/a Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.
CVE-2000-0939 2000-11-29 n/a Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart.
CVE-2000-0940 2000-11-29 n/a Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. (dot dot) attack on the "name" or "display" parameter.
CVE-2000-0941 2001-01-22 n/a Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter.
CVE-2000-0942 2001-01-22 n/a The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
CVE-2000-0943 2001-01-22 n/a Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command.
CVE-2000-0944 2001-01-22 n/a CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.
CVE-2000-0945 2001-09-18 n/a The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.
CVE-2000-0946 2001-01-22 n/a Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization.
CVE-2000-0947 2001-01-22 n/a Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
CVE-2000-0948 2001-01-22 n/a GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.
CVE-2000-0949 2001-01-22 n/a Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.
CVE-2000-0950 2000-11-29 n/a Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name.
CVE-2000-0951 2001-01-22 n/a A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.
CVE-2000-0952 2001-01-22 n/a global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2000-0953 2001-01-22 n/a Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection.
CVE-2000-0954 2000-11-29 n/a Shambala Server 4.5 stores passwords in plaintext, which could allow local users to obtain the passwords and compromise the server.
CVE-2000-0955 2000-11-29 n/a Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges.
CVE-2000-0956 2001-01-22 n/a cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.
CVE-2000-0957 2001-01-22 n/a The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.
CVE-2000-0958 2001-01-22 n/a HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.
CVE-2000-0959 2001-01-22 n/a glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
CVE-2000-0960 2001-01-22 n/a The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse.
CVE-2000-0961 2001-01-22 n/a Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.
CVE-2000-0962 2001-01-22 n/a The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.
CVE-2000-0963 2000-11-29 n/a Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
CVE-2000-0964 2001-05-07 n/a Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
CVE-2000-0965 2001-01-22 n/a The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization).
CVE-2000-0966 2001-01-22 n/a Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges.
CVE-2000-0967 2001-01-22 n/a PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
CVE-2000-0968 2001-01-22 n/a Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command.
CVE-2000-0969 2001-01-22 n/a Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon.
CVE-2000-0970 2001-01-22 n/a IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.
CVE-2000-0971 2000-11-29 n/a Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command.
CVE-2000-0972 2001-01-22 n/a HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
CVE-2000-0973 2001-01-22 n/a Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.
CVE-2000-0974 2001-01-22 n/a GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
CVE-2000-0975 2001-01-22 n/a Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2000-0976 2002-06-25 n/a Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.
CVE-2000-0977 2001-01-22 n/a mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.
CVE-2000-0978 2001-01-22 n/a bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter.
CVE-2000-0979 2001-01-22 n/a File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.
CVE-2000-0980 2001-01-22 n/a NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network.
CVE-2000-0981 2001-01-22 n/a MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.
CVE-2000-0982 2001-01-22 n/a Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability.
CVE-2000-0983 2001-01-22 n/a Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.
CVE-2000-0984 2001-01-22 n/a The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.
CVE-2000-0985 2000-11-29 n/a Buffer overflow in All-Mail 1.1 allows remote attackers to execute arbitrary commands via a long "MAIL FROM" or "RCPT TO" command.
CVE-2000-0986 2000-11-29 n/a Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable.
CVE-2000-0987 2000-11-29 n/a Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.
CVE-2000-0988 2000-11-29 n/a WinU 1.0 through 5.1 has a backdoor password that allows remote attackers to gain access to its administrative interface and modify configuration.
CVE-2000-0989 2001-01-22 n/a Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username.
CVE-2000-0990 2001-01-22 n/a cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username.
CVE-2000-0991 2001-01-22 n/a Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability.
CVE-2000-0992 2001-01-22 n/a Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
CVE-2000-0993 2001-01-22 n/a Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
CVE-2000-0994 2001-01-22 n/a Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.
CVE-2000-0995 2001-01-22 n/a Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.
CVE-2000-0996 2001-01-22 n/a Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.
CVE-2000-0997 2000-11-29 n/a Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.
CVE-2000-0998 2000-11-29 n/a Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
CVE-2000-0999 2000-11-29 n/a Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
CVE-2000-1000 2001-01-22 n/a Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters.
CVE-2000-1001 2001-01-22 n/a add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable.
CVE-2000-1002 2001-01-22 n/a POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks.
CVE-2000-1003 2001-01-22 n/a NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.
CVE-2000-1004 2001-01-22 n/a Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.
CVE-2000-1005 2001-01-22 n/a Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.
CVE-2000-1006 2001-01-22 n/a Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability.
CVE-2000-1007 2001-01-22 n/a I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors.
CVE-2000-1008 2000-11-29 n/a PalmOS 3.5.2 and earlier uses weak encryption to store the user password, which allows attackers with physical access to the Palm device to decrypt the password and gain access to the device.
CVE-2000-1009 2000-11-29 n/a dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
CVE-2000-1010 2001-01-22 n/a Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.