CVE List - 2000 / October
Showing 1 - 100 of 283 CVEs for October 2000 (Page 1 of 3)
| CVE ID | Date | Title |
|---|---|---|
| CVE-1999-0247 | 2000-10-13 | Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands. |
| CVE-1999-0248 | 2000-10-13 | A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. |
| CVE-1999-0358 | 2000-10-13 | Digital Unix 4.0 has a buffer overflow in the inc program of the mh package. |
| CVE-1999-0393 | 2000-10-13 | Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. |
| CVE-1999-0395 | 2000-10-13 | A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. |
| CVE-1999-0403 | 2000-10-13 | A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. |
| CVE-1999-0429 | 2000-10-13 | The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. |
| CVE-1999-0440 | 2000-10-13 | The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. |
| CVE-1999-0671 | 2000-10-13 | Buffer overflow in ToxSoft NextFTP client through CWD command. |
| CVE-1999-0672 | 2000-10-13 | Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics. |
| CVE-1999-0675 | 2000-10-13 | Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host. |
| CVE-1999-0679 | 2000-10-13 | Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option. |
| CVE-1999-0697 | 2000-10-13 | SCO Doctor allows local users to gain root privileges through a Tools option. |
| CVE-1999-0759 | 2000-10-13 | Buffer overflow in FuseMAIL POP service via long USER and PASS commands. |
| CVE-1999-0787 | 2000-10-13 | The SSH authentication agent follows symlinks via a UNIX domain socket. |
| CVE-1999-0788 | 2000-10-13 | Arkiea nlservd allows remote attackers to conduct a denial of service. |
| CVE-1999-0791 | 2000-10-13 | Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol. |
| CVE-1999-0823 | 2000-10-13 | Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument. |
| CVE-1999-0826 | 2000-10-13 | Buffer overflow in FreeBSD angband allows local users to gain privileges. |
| CVE-1999-0873 | 2000-10-13 | Buffer overflow in Skyfull mail server via MAIL FROM command. |
| CVE-1999-0904 | 2000-10-13 | Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username. |
| CVE-1999-0912 | 2000-10-13 | FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files. |
| CVE-1999-0927 | 2000-10-13 | NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-1999-0928 | 2000-10-13 | Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL. |
| CVE-1999-0932 | 2000-10-13 | Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file. |
| CVE-1999-0942 | 2000-10-13 | UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes. |
| CVE-1999-0946 | 2000-10-13 | Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. |
| CVE-1999-0954 | 2000-10-13 | WWWBoard has a default username and default password. |
| CVE-1999-0971 | 2000-10-13 | Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file. |
| CVE-1999-1004 | 2000-10-13 | Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command. |
| CVE-2000-0002 | 2000-10-13 | Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request. |
| CVE-2000-0009 | 2000-10-13 | The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands. |
| CVE-2000-0056 | 2000-10-13 | IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. |
| CVE-2000-0063 | 2000-10-13 | cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. |
| CVE-2000-0064 | 2000-10-13 | cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. |
| CVE-2000-0065 | 2000-10-13 | Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request. |
| CVE-2000-0075 | 2000-10-13 | Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO,... |
| CVE-2000-0076 | 2000-10-13 | nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. |
| CVE-2000-0090 | 2000-10-13 | VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. |
| CVE-2000-0094 | 2000-10-13 | procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr. |
| CVE-2000-0116 | 2000-10-13 | Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag. |
| CVE-2000-0117 | 2000-10-13 | The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root). |
| CVE-2000-0127 | 2000-10-13 | The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll. |
| CVE-2000-0128 | 2000-10-13 | The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters. |
| CVE-2000-0130 | 2000-10-13 | Buffer overflow in SCO scohelp program allows remote attackers to execute commands. |
| CVE-2000-0141 | 2000-10-13 | Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field. |
| CVE-2000-0146 | 2000-10-13 | The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet. |
| CVE-2000-0164 | 2000-10-13 | The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords. |
| CVE-2000-0166 | 2000-10-13 | Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name. |
| CVE-2000-0179 | 2000-10-13 | HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555. |
| CVE-2000-0191 | 2000-10-13 | Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack. |
| CVE-2000-0193 | 2000-10-13 | The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges. |
| CVE-2000-0225 | 2000-10-13 | The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled. |
| CVE-2000-0237 | 2000-10-13 | Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the... |
| CVE-2000-0238 | 2000-10-13 | Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL. |
| CVE-2000-0240 | 2000-10-13 | vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack. |
| CVE-2000-0257 | 2000-10-13 | Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. |
| CVE-2000-0263 | 2000-10-13 | The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request. |
| CVE-2000-0265 | 2000-10-13 | Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet. |
| CVE-2000-0272 | 2000-10-13 | RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070. |
| CVE-2000-0273 | 2000-10-13 | PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt. |
| CVE-2000-0282 | 2000-10-13 | TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program. |
| CVE-2000-0285 | 2000-10-13 | Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter. |
| CVE-2000-0289 | 2000-10-13 | IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of... |
| CVE-2000-0301 | 2000-10-13 | Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. |
| CVE-2000-0318 | 2000-10-13 | Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack. |
| CVE-2000-0319 | 2000-10-13 | mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or... |
| CVE-2000-0320 | 2000-10-13 | Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or... |
| CVE-2000-0322 | 2000-10-13 | The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters. |
| CVE-2000-0332 | 2000-10-13 | UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null... |
| CVE-2000-0335 | 2000-10-13 | The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. |
| CVE-2000-0338 | 2000-10-13 | Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created... |
| CVE-2000-0340 | 2000-10-13 | Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable. |
| CVE-2000-0344 | 2000-10-13 | The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value. |
| CVE-2000-0347 | 2000-10-13 | Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name. |
| CVE-2000-0366 | 2000-10-13 | dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. |
| CVE-2000-0369 | 2000-10-13 | The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service. |
| CVE-2000-0374 | 2000-10-13 | The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass... |
| CVE-2000-0378 | 2000-10-13 | The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the... |
| CVE-2000-0426 | 2000-10-13 | UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself. |
| CVE-2000-0430 | 2000-10-13 | Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request. |
| CVE-2000-0440 | 2000-10-13 | NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option. |
| CVE-2000-0443 | 2000-10-13 | The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0445 | 2000-10-13 | The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys. |
| CVE-2000-0446 | 2000-10-13 | Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string. |
| CVE-2000-0447 | 2000-10-13 | Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service. |
| CVE-2000-0448 | 2000-10-13 | The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers... |
| CVE-2000-0451 | 2000-10-13 | The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets. |
| CVE-2000-0458 | 2000-10-13 | The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information. |
| CVE-2000-0459 | 2000-10-13 | IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a... |
| CVE-2000-0466 | 2000-10-13 | AIX cdmount allows local users to gain root privileges via shell metacharacters. |
| CVE-2000-0467 | 2000-10-13 | Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function. |
| CVE-2000-0468 | 2000-10-13 | man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack. |
| CVE-2000-0469 | 2000-10-13 | Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0470 | 2000-10-13 | Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request. |
| CVE-2000-0471 | 2000-10-13 | Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname. |
| CVE-2000-0472 | 2000-10-13 | Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID. |
| CVE-2000-0474 | 2000-10-13 | Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory. |
| CVE-2000-0475 | 2000-10-13 | Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability. |
| CVE-2000-0477 | 2000-10-13 | Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names. |