CVE List - 2000 / July
Showing 101 - 155 of 155 CVEs for July 2000 (Page 2 of 2)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2000-0439 | 2000-07-12 | Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the... |
| CVE-2000-0441 | 2000-07-12 | Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems. |
| CVE-2000-0442 | 2000-07-12 | Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command. |
| CVE-2000-0452 | 2000-07-12 | Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command. |
| CVE-2000-0453 | 2000-07-12 | XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000. |
| CVE-2000-0454 | 2000-07-12 | Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter. |
| CVE-2000-0455 | 2000-07-12 | Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option. |
| CVE-2000-0456 | 2000-07-12 | NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog". |
| CVE-2000-0460 | 2000-07-12 | Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable. |
| CVE-2000-0461 | 2000-07-12 | The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig... |
| CVE-2000-0462 | 2000-07-12 | ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home... |
| CVE-2000-0463 | 2000-07-12 | BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets. |
| CVE-2000-0464 | 2000-07-12 | Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability. |
| CVE-2000-0465 | 2000-07-12 | Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame,... |
| CVE-2000-0473 | 2000-07-12 | Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker to cause a denial of service via a long GET request for a program in the cgi-bin directory. |
| CVE-2000-0476 | 2000-07-12 | xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized. |
| CVE-2000-0479 | 2000-07-12 | Dragon FTP server allows remote attackers to cause a denial of service via a long USER command. |
| CVE-2000-0480 | 2000-07-12 | Dragon telnet server allows remote attackers to cause a denial of service via a long username. |
| CVE-2000-0487 | 2000-07-12 | The Protected Store in Windows 2000 does not properly select the strongest encryption when available, which causes it to use a default of 40-bit encryption instead of 56-bit DES encryption,... |
| CVE-2000-0491 | 2000-07-12 | Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long... |
| CVE-2000-0492 | 2000-07-12 | PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, which allows an attacker who can read the password file to easliy decrypt the passwords. |
| CVE-2000-0503 | 2000-07-12 | The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event. |
| CVE-2000-0509 | 2000-07-12 | Buffer overflows in the finger and whois demonstration scripts in Sambar Server 4.3 allow remote attackers to execute arbitrary commands via a long hostname. |
| CVE-2000-0520 | 2000-07-12 | Buffer overflow in restore program 0.4b17 and earlier in dump package allows local users to execute arbitrary commands via a long tape name. |
| CVE-2000-0524 | 2000-07-12 | Microsoft Outlook and Outlook Express allow remote attackers to cause a denial of service by sending email messages with blank fields such as BCC, Reply-To, Return-Path, or From. |
| CVE-2000-0526 | 2000-07-12 | mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-2000-0527 | 2000-07-12 | userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. |
| CVE-2000-0531 | 2000-07-12 | Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets. |
| CVE-2000-0535 | 2000-07-12 | OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to... |
| CVE-2000-0543 | 2000-07-12 | The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows remote attackers to cause a denial of service if their hostname does not have a reverse DNS entry and... |
| CVE-2000-0544 | 2000-07-12 | Windows NT and Windows 2000 hosts allow a remote attacker to cause a denial of service via malformed DCE/RPC SMBwriteX requests that contain an invalid data length. |
| CVE-2000-0545 | 2000-07-12 | Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter. |
| CVE-2000-0546 | 2000-07-12 | Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function. |
| CVE-2000-0547 | 2000-07-12 | Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the localrealm variable in the process_v4 function. |
| CVE-2000-0554 | 2000-07-12 | Ceilidh allows remote attackers to obtain the real path of the Ceilidh directory via the translated_path hidden form field. |
| CVE-2000-0559 | 2000-07-12 | eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords. |
| CVE-2000-0562 | 2000-07-12 | BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower. |
| CVE-2000-0563 | 2000-07-12 | The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts... |
| CVE-2000-0564 | 2000-07-12 | The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, and others allows remote attackers to cause a denial of service via a URL with a long... |
| CVE-2000-0572 | 2000-07-19 | The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges. |
| CVE-2000-0574 | 2000-07-19 | FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which... |
| CVE-2000-0578 | 2000-07-19 | SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as... |
| CVE-2000-0580 | 2000-07-19 | Windows 2000 Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros to various TCP and UDP ports, which significantly increases the... |
| CVE-2000-0589 | 2000-07-19 | SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration. |
| CVE-2000-0592 | 2000-07-19 | Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow remote attackers to execute arbitrary commands via long USER, PASS, LIST, RETR, or DELE commands. |
| CVE-2000-0605 | 2000-07-19 | Blackboard CourseInfo 4.0 stores the local and SQL administrator user names and passwords in cleartext in a registry key whose access control allows users to access the passwords. |
| CVE-2000-0606 | 2000-07-19 | Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter. |
| CVE-2000-0607 | 2000-07-19 | Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING... |
| CVE-2000-0608 | 2000-07-19 | NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost). |
| CVE-2000-0609 | 2000-07-19 | NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to cause a denial of service via a long username parameter. |
| CVE-2000-0612 | 2000-07-19 | Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table. |
| CVE-2000-0614 | 2000-07-19 | Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output. |
| CVE-2000-0617 | 2000-07-19 | Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long USER environmental variable. |
| CVE-2000-0618 | 2000-07-19 | Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long DISPLAY environmental variable. |
| CVE-2000-0623 | 2000-08-03 | Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header. |
| CVE-2000-0625 | 2000-08-03 | NetZero 3.0 and earlier uses weak encryption for storing a user's login information, which allows a local user to decrypt the password. |
| CVE-2000-0626 | 2000-08-03 | Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request. |
| CVE-2000-0629 | 2000-08-03 | The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly... |
| CVE-2000-0645 | 2000-08-03 | WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing... |
| CVE-2000-0646 | 2000-08-03 | WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred. |
| CVE-2000-0647 | 2000-08-03 | WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server. |
| CVE-2000-0648 | 2000-08-03 | WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command. |
| CVE-2000-0649 | 2000-08-03 | IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and... |
| CVE-2000-0653 | 2000-08-03 | Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. |
| CVE-2000-0656 | 2000-08-03 | Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long USER command in the FTP protocol. |
| CVE-2000-0657 | 2000-08-03 | Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long HELO command in the SMTP protocol. |
| CVE-2000-0658 | 2000-08-03 | Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long USER command in the POP3 protocol. |
| CVE-2000-0659 | 2000-08-03 | Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long user ID in a SOCKS4 CONNECT request. |
| CVE-2000-0667 | 2000-08-03 | Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service. |
| CVE-2000-0680 | 2000-09-21 | The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the... |
| CVE-2000-0686 | 2000-09-21 | Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter. |
| CVE-2000-0687 | 2000-09-21 | Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter. |
| CVE-2000-0688 | 2000-09-21 | Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script... |
| CVE-2000-0689 | 2000-09-21 | Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script... |
| CVE-2000-0690 | 2000-09-21 | Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter. |
| CVE-2000-0691 | 2000-09-21 | The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the... |
| CVE-2000-0692 | 2000-09-21 | ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a denial of service via a flood of fragmented packets with the SYN flag set. |
| CVE-2000-0695 | 2000-09-21 | Buffer overflows in pgxconfig in the Raptor GFX configuration tool allow local users to gain privileges via command line options. |
| CVE-2000-0696 | 2000-09-21 | The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to... |
| CVE-2000-0697 | 2000-09-21 | The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters. |
| CVE-2000-0701 | 2000-09-21 | The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges. |
| CVE-2000-0704 | 2000-09-21 | Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands. |
| CVE-2000-0709 | 2000-09-21 | The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a... |
| CVE-2000-0710 | 2000-09-21 | The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes... |
| CVE-2000-0713 | 2000-09-21 | Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and Fill In products that handle PDF files allows attackers to execute arbitrary commands via a long /Registry or /Ordering specifier. |
| CVE-2000-0714 | 2000-09-21 | umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable files. |
| CVE-2000-0715 | 2000-09-21 | DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file. |
| CVE-2000-0719 | 2000-09-21 | VariCAD 7.0 is installed with world-writeable files, which allows local users to replace the VariCAD programs with a Trojan horse program. |
| CVE-2000-0721 | 2000-09-21 | The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses. |
| CVE-2000-0722 | 2000-09-21 | Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages. |
| CVE-2000-0723 | 2000-09-21 | Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config. |
| CVE-2000-0724 | 2000-09-21 | The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files. |
| CVE-2000-0734 | 2000-09-21 | eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections. |
| CVE-2000-0735 | 2000-09-21 | Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user replies to... |
| CVE-2000-0736 | 2000-09-21 | Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user forwards a... |
| CVE-2000-0746 | 2000-09-21 | Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a... |
| CVE-2000-0748 | 2000-09-21 | OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse. |
| CVE-2000-0752 | 2000-09-21 | Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments. |
| CVE-2000-0755 | 2000-09-21 | Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges. |
| CVE-2000-0756 | 2000-09-21 | Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. |