CVE List - 2000 / April
Showing 1 - 100 of 112 CVEs for April 2000 (Page 1 of 2)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2000-0172 | 2000-04-10 | The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. |
| CVE-2000-0178 | 2000-04-10 | ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions. |
| CVE-2000-0182 | 2000-04-10 | iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic. |
| CVE-2000-0186 | 2000-04-10 | Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. |
| CVE-2000-0189 | 2000-04-10 | ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. |
| CVE-2000-0194 | 2000-04-10 | buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters. |
| CVE-2000-0196 | 2000-04-10 | Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message. |
| CVE-2000-0200 | 2000-04-10 | Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip... |
| CVE-2000-0201 | 2000-04-10 | The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via... |
| CVE-2000-0202 | 2000-04-10 | Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. |
| CVE-2000-0207 | 2000-04-10 | SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. |
| CVE-2000-0208 | 2000-04-10 | The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. |
| CVE-2000-0209 | 2000-04-10 | Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. |
| CVE-2000-0210 | 2000-04-10 | The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files. |
| CVE-2000-0211 | 2000-04-10 | The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered... |
| CVE-2000-0212 | 2000-04-10 | InterAccess TelnetD Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information. |
| CVE-2000-0215 | 2000-04-10 | Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges. |
| CVE-2000-0217 | 2000-04-10 | The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. |
| CVE-2000-0218 | 2000-04-10 | Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname. |
| CVE-2000-0221 | 2000-04-10 | The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port. |
| CVE-2000-0222 | 2000-04-10 | The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until... |
| CVE-2000-0224 | 2000-04-10 | ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack. |
| CVE-2000-0227 | 2000-04-12 | The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by... |
| CVE-2000-0239 | 2000-04-12 | Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request. |
| CVE-2000-0241 | 2000-04-12 | vqSoft vqServer stores sensitive information such as passwords in cleartext in the server.cfg file, which allows attackers to gain privileges. |
| CVE-2000-0242 | 2000-04-12 | WindMail allows remote attackers to read arbitrary files or execute commands via shell metacharacters. |
| CVE-2000-0244 | 2000-04-12 | The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication. |
| CVE-1999-0676 | 2000-04-18 | sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. |
| CVE-1999-0711 | 2000-04-18 | The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. |
| CVE-1999-0720 | 2000-04-18 | The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users. |
| CVE-1999-0747 | 2000-04-18 | Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load. |
| CVE-1999-0773 | 2000-04-18 | Buffer overflow in Solaris lpset program allows local users to gain root access. |
| CVE-1999-0790 | 2000-04-18 | A remote attacker can read information from a Netscape user's cache via JavaScript. |
| CVE-1999-0799 | 2000-04-18 | Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location. |
| CVE-1999-0813 | 2000-04-18 | Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges. |
| CVE-1999-0888 | 2000-04-18 | dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script. |
| CVE-1999-0903 | 2000-04-18 | genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767. |
| CVE-1999-0906 | 2000-04-18 | Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable. |
| CVE-1999-0958 | 2000-04-18 | sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack. |
| CVE-1999-0961 | 2000-04-18 | HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. |
| CVE-1999-1008 | 2000-04-18 | xsoldier program allows local users to gain root access via a long argument. |
| CVE-2000-0044 | 2000-04-18 | Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands. |
| CVE-2000-0052 | 2000-04-18 | Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack. |
| CVE-2000-0053 | 2000-04-18 | Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. |
| CVE-2000-0057 | 2000-04-18 | Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. |
| CVE-2000-0062 | 2000-04-18 | The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities. |
| CVE-2000-0073 | 2000-04-18 | Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. |
| CVE-2000-0083 | 2000-04-18 | HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges. |
| CVE-2000-0091 | 2000-04-18 | Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password. |
| CVE-2000-0095 | 2000-04-18 | The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause... |
| CVE-2000-0099 | 2000-04-18 | Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument. |
| CVE-2000-0100 | 2000-04-18 | The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. |
| CVE-2000-0107 | 2000-04-18 | Linux apcd program allows local attackers to modify arbitrary files via a symlink attack. |
| CVE-2000-0131 | 2000-04-18 | Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands. |
| CVE-2000-0140 | 2000-04-18 | Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections. |
| CVE-2000-0144 | 2000-04-18 | Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack. |
| CVE-2000-0159 | 2000-04-18 | HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain... |
| CVE-2000-0183 | 2000-04-18 | Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability. |
| CVE-1999-0203 | 2000-04-25 | In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to... |
| CVE-1999-0780 | 2000-04-25 | KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. |
| CVE-1999-0781 | 2000-04-25 | KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. |
| CVE-1999-0782 | 2000-04-25 | KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. |
| CVE-1999-0803 | 2000-04-25 | The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack. |
| CVE-1999-0824 | 2000-04-25 | A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify... |
| CVE-1999-0889 | 2000-04-25 | Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set. |
| CVE-1999-0895 | 2000-04-25 | Firewall-1 does not properly restrict access to LDAP attributes. |
| CVE-1999-0897 | 2000-04-25 | iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-1999-0950 | 2000-04-25 | Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. |
| CVE-1999-0957 | 2000-04-25 | MajorCool mj_key_cache program allows local users to modify files via a symlink attack. |
| CVE-1999-0997 | 2000-04-25 | wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g.... |
| CVE-1999-1005 | 2000-04-25 | Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. |
| CVE-1999-1007 | 2000-04-25 | Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file. |
| CVE-1999-1010 | 2000-04-25 | An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. |
| CVE-2000-0010 | 2000-04-25 | WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter. |
| CVE-2000-0012 | 2000-04-25 | Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. |
| CVE-2000-0014 | 2000-04-25 | Denial of service in Savant web server via a null character in the requested URL. |
| CVE-2000-0020 | 2000-04-25 | DNS PRO allows remote attackers to conduct a denial of service via a large number of connections. |
| CVE-2000-0024 | 2000-04-25 | IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. |
| CVE-2000-0033 | 2000-04-25 | InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments. |
| CVE-2000-0042 | 2000-04-25 | Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command. |
| CVE-2000-0043 | 2000-04-25 | Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request. |
| CVE-2000-0050 | 2000-04-25 | The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. |
| CVE-2000-0051 | 2000-04-25 | The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL. |
| CVE-2000-0070 | 2000-04-25 | NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." |
| CVE-2000-0112 | 2000-04-25 | The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. |
| CVE-2000-0165 | 2000-04-25 | The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands. |
| CVE-2000-0181 | 2000-04-25 | Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection. |
| CVE-2000-0184 | 2000-04-25 | Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords. |
| CVE-2000-0185 | 2000-04-25 | RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private. |
| CVE-2000-0192 | 2000-04-25 | The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system. |
| CVE-2000-0206 | 2000-04-25 | The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges. |
| CVE-2000-0223 | 2000-04-25 | Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter. |
| CVE-2000-0248 | 2000-04-26 | The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands. |
| CVE-2000-0250 | 2000-04-26 | The crypt function in QNX uses weak encryption, which allows local users to decrypt passwords. |
| CVE-2000-0256 | 2000-04-26 | Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and 98 Server Extensions allow a user to conduct activities that are not otherwise available through the web site, aka the... |
| CVE-2000-0259 | 2000-04-26 | The default permissions for the Cryptography\Offload registry key used by the OffloadModExpo in Windows NT 4.0 allows local users to obtain compromise the cryptographic keys of other users. |
| CVE-2000-0266 | 2000-04-26 | Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set... |
| CVE-2000-0269 | 2000-04-26 | Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the... |
| CVE-2000-0270 | 2000-04-26 | The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack. |
| CVE-2000-0271 | 2000-04-26 | read-passwd and other Lisp functions in Emacs 20 do not properly clear the history of recently typed keys, which allows an attacker to read unencrypted passwords. |