CVE List - 2000 / March
Showing 1 - 70 of 70 CVEs for March 2000 (Page 1 of 1)
| CVE ID | Date | Title |
|---|---|---|
| CVE-1999-0390 | 2000-03-22 | Buffer overflow in Dosemu Slang library in Linux. |
| CVE-1999-0678 | 2000-03-22 | A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. |
| CVE-1999-0727 | 2000-03-22 | A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. |
| CVE-1999-0733 | 2000-03-22 | Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable. |
| CVE-1999-0740 | 2000-03-22 | Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable. |
| CVE-1999-0746 | 2000-03-22 | A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service. |
| CVE-1999-0778 | 2000-03-22 | Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter. |
| CVE-1999-0783 | 2000-03-22 | FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. |
| CVE-1999-0785 | 2000-03-22 | The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file. |
| CVE-1999-0786 | 2000-03-22 | The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. |
| CVE-1999-0789 | 2000-03-22 | Buffer overflow in AIX ftpd in the libc library. |
| CVE-1999-0796 | 2000-03-22 | FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks. |
| CVE-1999-0797 | 2000-03-22 | NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries. |
| CVE-1999-0806 | 2000-03-22 | Buffer overflow in Solaris dtprintinfo program. |
| CVE-1999-0890 | 2000-03-22 | iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error. |
| CVE-1999-0893 | 2000-03-22 | userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack. |
| CVE-1999-0896 | 2000-03-22 | Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password. |
| CVE-1999-0908 | 2000-03-22 | Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter. |
| CVE-1999-0916 | 2000-03-22 | WebTrends software stores account names and passwords in a file which does not have restricted access permissions. |
| CVE-1999-0920 | 2000-03-22 | Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command. |
| CVE-1999-0931 | 2000-03-22 | Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands. |
| CVE-1999-0964 | 2000-03-22 | Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable. |
| CVE-1999-0966 | 2000-03-22 | Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0]. |
| CVE-1999-0996 | 2000-03-22 | Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request. |
| CVE-1999-0998 | 2000-03-22 | Cisco Cache Engine allows an attacker to replace content in the cache. |
| CVE-1999-1000 | 2000-03-22 | The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics. |
| CVE-2000-0003 | 2000-03-22 | Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable. |
| CVE-2000-0022 | 2000-03-22 | Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory. |
| CVE-2000-0023 | 2000-03-22 | Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. |
| CVE-2000-0025 | 2000-03-22 | IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as... |
| CVE-2000-0026 | 2000-03-22 | Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. |
| CVE-2000-0029 | 2000-03-22 | UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack. |
| CVE-2000-0031 | 2000-03-22 | The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack. |
| CVE-2000-0036 | 2000-03-22 | Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. |
| CVE-2000-0037 | 2000-03-22 | Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. |
| CVE-2000-0039 | 2000-03-22 | AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. |
| CVE-2000-0040 | 2000-03-22 | glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. |
| CVE-2000-0041 | 2000-03-22 | Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. |
| CVE-2000-0088 | 2000-03-22 | Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability. |
| CVE-2000-0089 | 2000-03-22 | The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka... |
| CVE-2000-0097 | 2000-03-22 | The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. |
| CVE-2000-0098 | 2000-03-22 | Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. |
| CVE-2000-0121 | 2000-03-22 | The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory,... |
| CVE-2000-0139 | 2000-03-22 | Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command. |
| CVE-2000-0145 | 2000-03-22 | The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions. |
| CVE-2000-0148 | 2000-03-22 | MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. |
| CVE-2000-0149 | 2000-03-22 | Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL. |
| CVE-2000-0150 | 2000-03-22 | Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response... |
| CVE-2000-0152 | 2000-03-22 | Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000. |
| CVE-2000-0156 | 2000-03-22 | Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. |
| CVE-2000-0161 | 2000-03-22 | Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. |
| CVE-2000-0162 | 2000-03-22 | The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the... |
| CVE-2000-0173 | 2000-03-22 | Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote attackers to cause a denial of service. |
| CVE-2000-0176 | 2000-03-22 | The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does... |
| CVE-2000-0177 | 2000-03-22 | DNSTools CGI applications allow remote attackers to execute arbitrary commands via shell metacharacters. |
| CVE-2000-0187 | 2000-03-22 | EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters. |
| CVE-2000-0188 | 2000-03-22 | EZShopper 3.0 search.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters. |
| CVE-2000-0190 | 2000-03-22 | AOL Instant Messenger (AIM) client allows remote attackers to cause a denial of service via a message with a malformed ASCII value. |
| CVE-2000-0197 | 2000-03-22 | The Windows NT scheduler uses the drive mapping of the interactive user who is currently logged onto the system, which allows the local user to gain privileges by providing a... |
| CVE-2000-0198 | 2000-03-22 | Buffer overflow in POP3 and IMAP servers in the MERCUR mail server suite allows remote attackers to cause a denial of service. |
| CVE-2000-0199 | 2000-03-22 | When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the... |
| CVE-2000-0203 | 2000-03-22 | The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345. |
| CVE-2000-0204 | 2000-03-22 | The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%. |
| CVE-2000-0205 | 2000-03-22 | Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients. |
| CVE-2000-0213 | 2000-03-22 | The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters. |
| CVE-2000-0214 | 2000-03-22 | FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites. |
| CVE-2000-0216 | 2000-03-22 | Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses... |
| CVE-2000-0219 | 2000-03-22 | Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt. |
| CVE-2000-0220 | 2000-03-22 | ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event. |
| CVE-2000-0170 | 2000-04-10 | Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. |
| CVE-2000-0172 | 2000-04-10 | The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. |
| CVE-2000-0178 | 2000-04-10 | ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions. |
| CVE-2000-0182 | 2000-04-10 | iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic. |
| CVE-2000-0186 | 2000-04-10 | Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. |
| CVE-2000-0189 | 2000-04-10 | ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. |
| CVE-2000-0194 | 2000-04-10 | buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters. |
| CVE-2000-0196 | 2000-04-10 | Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message. |
| CVE-2000-0200 | 2000-04-10 | Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip... |
| CVE-2000-0201 | 2000-04-10 | The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via... |
| CVE-2000-0202 | 2000-04-10 | Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. |
| CVE-2000-0207 | 2000-04-10 | SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. |
| CVE-2000-0208 | 2000-04-10 | The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. |
| CVE-2000-0209 | 2000-04-10 | Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. |
| CVE-2000-0210 | 2000-04-10 | The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files. |
| CVE-2000-0211 | 2000-04-10 | The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered... |
| CVE-2000-0212 | 2000-04-10 | InterAccess TelnetD Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information. |
| CVE-2000-0215 | 2000-04-10 | Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges. |
| CVE-2000-0217 | 2000-04-10 | The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. |
| CVE-2000-0218 | 2000-04-10 | Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname. |
| CVE-2000-0221 | 2000-04-10 | The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port. |
| CVE-2000-0222 | 2000-04-10 | The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until... |
| CVE-2000-0224 | 2000-04-10 | ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack. |
| CVE-2000-0227 | 2000-04-12 | The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by... |
| CVE-2000-0239 | 2000-04-12 | Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request. |
| CVE-2000-0241 | 2000-04-12 | vqSoft vqServer stores sensitive information such as passwords in cleartext in the server.cfg file, which allows attackers to gain privileges. |
| CVE-2000-0242 | 2000-04-12 | WindMail allows remote attackers to read arbitrary files or execute commands via shell metacharacters. |
| CVE-2000-0244 | 2000-04-12 | The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication. |
| CVE-1999-0676 | 2000-04-18 | sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. |
| CVE-1999-0711 | 2000-04-18 | The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. |
| CVE-1999-0720 | 2000-04-18 | The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users. |