CVE List - 2000 / August
Showing 1 - 15 of 15 CVEs for August 2000 (Page 1 of 1)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2000-0625 | 2000-08-03 | NetZero 3.0 and earlier uses weak encryption for storing a user's login information, which allows a local user to decrypt the password. |
| CVE-2000-0626 | 2000-08-03 | Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request. |
| CVE-2000-0629 | 2000-08-03 | The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly... |
| CVE-2000-0645 | 2000-08-03 | WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing... |
| CVE-2000-0646 | 2000-08-03 | WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred. |
| CVE-2000-0647 | 2000-08-03 | WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server. |
| CVE-2000-0648 | 2000-08-03 | WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command. |
| CVE-2000-0649 | 2000-08-03 | IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and... |
| CVE-2000-0653 | 2000-08-03 | Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. |
| CVE-2000-0656 | 2000-08-03 | Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long USER command in the FTP protocol. |
| CVE-2000-0657 | 2000-08-03 | Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long HELO command in the SMTP protocol. |
| CVE-2000-0658 | 2000-08-03 | Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long USER command in the POP3 protocol. |
| CVE-2000-0659 | 2000-08-03 | Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long user ID in a SOCKS4 CONNECT request. |
| CVE-2000-0667 | 2000-08-03 | Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service. |
| CVE-2000-0680 | 2000-09-21 | The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the... |
| CVE-2000-0686 | 2000-09-21 | Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter. |
| CVE-2000-0687 | 2000-09-21 | Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catdir parameter. |
| CVE-2000-0688 | 2000-09-21 | Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script... |
| CVE-2000-0689 | 2000-09-21 | Account Manager LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the amadmin.pl script... |
| CVE-2000-0690 | 2000-09-21 | Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter. |
| CVE-2000-0691 | 2000-09-21 | The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the... |
| CVE-2000-0692 | 2000-09-21 | ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a denial of service via a flood of fragmented packets with the SYN flag set. |
| CVE-2000-0695 | 2000-09-21 | Buffer overflows in pgxconfig in the Raptor GFX configuration tool allow local users to gain privileges via command line options. |
| CVE-2000-0696 | 2000-09-21 | The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to... |
| CVE-2000-0697 | 2000-09-21 | The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters. |
| CVE-2000-0701 | 2000-09-21 | The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges. |
| CVE-2000-0704 | 2000-09-21 | Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands. |
| CVE-2000-0709 | 2000-09-21 | The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a... |
| CVE-2000-0710 | 2000-09-21 | The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes... |
| CVE-2000-0713 | 2000-09-21 | Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and Fill In products that handle PDF files allows attackers to execute arbitrary commands via a long /Registry or /Ordering specifier. |
| CVE-2000-0714 | 2000-09-21 | umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable files. |
| CVE-2000-0715 | 2000-09-21 | DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file. |
| CVE-2000-0719 | 2000-09-21 | VariCAD 7.0 is installed with world-writeable files, which allows local users to replace the VariCAD programs with a Trojan horse program. |
| CVE-2000-0721 | 2000-09-21 | The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses. |
| CVE-2000-0722 | 2000-09-21 | Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages. |
| CVE-2000-0723 | 2000-09-21 | Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config. |
| CVE-2000-0724 | 2000-09-21 | The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files. |
| CVE-2000-0734 | 2000-09-21 | eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections. |
| CVE-2000-0735 | 2000-09-21 | Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user replies to... |
| CVE-2000-0736 | 2000-09-21 | Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user forwards a... |
| CVE-2000-0746 | 2000-09-21 | Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against cross-site scripting (CSS) attacks. They allow a malicious web site operator to embed scripts in a link to a... |
| CVE-2000-0748 | 2000-09-21 | OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse. |
| CVE-2000-0752 | 2000-09-21 | Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments. |
| CVE-2000-0755 | 2000-09-21 | Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges. |
| CVE-2000-0756 | 2000-09-21 | Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. |
| CVE-2000-0757 | 2000-09-21 | The sysgen service in Aptis Totalbill does not perform authentication, which allows remote attackers to gain root privileges by connecting to the service and specifying the commands to be executed. |
| CVE-2000-0759 | 2000-09-21 | Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path. |
| CVE-2000-0760 | 2000-09-21 | The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension. |
| CVE-2000-0769 | 2000-09-21 | O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe. |
| CVE-2000-0772 | 2000-09-21 | The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account "sa" with no password. |
| CVE-2000-0774 | 2000-09-21 | The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root. |
| CVE-2000-0775 | 2000-09-21 | Buffer overflow in RobTex Viking server earlier than 1.06-370 allows remote attackers to cause a denial of service or execute arbitrary commands via a long HTTP GET request, or long... |
| CVE-2000-0784 | 2000-09-21 | sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh. |
| CVE-2000-0785 | 2000-09-21 | WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files via the importmotd command, which sets the Message of the Day (MOTD) to the specified file. |
| CVE-2000-0789 | 2000-09-21 | WinU 5.x and earlier uses weak encryption to store its configuration password, which allows local users to decrypt the password and gain privileges. |
| CVE-2000-0791 | 2000-09-21 | Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse. |
| CVE-2000-0793 | 2000-09-21 | Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system. |
| CVE-2000-0794 | 2000-09-21 | Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as (1) gmemusage and (2) gr_osview. |
| CVE-2000-0798 | 2000-09-21 | The truncate function in IRIX 6.x does not properly check for privileges when the file is in the xfs file system, which allows local users to delete the contents of... |
| CVE-2000-0800 | 2000-09-21 | String parsing error in rpc.kstatd in the linuxnfs or knfsd packages in SuSE and possibly other Linux systems allows remote attackers to gain root privileges. |
| CVE-2000-0801 | 2000-09-21 | Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option. |
| CVE-2000-0802 | 2000-09-21 | The BAIR program does not properly restrict access to the Internet Explorer Internet options menu, which allows local users to obtain access to the menu by modifying the registry key... |
| CVE-1999-0145 | 2000-10-13 | Sendmail WIZ command enabled, allowing root access. |
| CVE-1999-0247 | 2000-10-13 | Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands. |
| CVE-1999-0248 | 2000-10-13 | A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials. |
| CVE-1999-0358 | 2000-10-13 | Digital Unix 4.0 has a buffer overflow in the inc program of the mh package. |
| CVE-1999-0393 | 2000-10-13 | Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. |
| CVE-1999-0395 | 2000-10-13 | A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server. |
| CVE-1999-0403 | 2000-10-13 | A bug in Cyrix CPUs on Linux allows local users to perform a denial of service. |
| CVE-1999-0429 | 2000-10-13 | The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. |
| CVE-1999-0440 | 2000-10-13 | The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. |
| CVE-1999-0671 | 2000-10-13 | Buffer overflow in ToxSoft NextFTP client through CWD command. |
| CVE-1999-0672 | 2000-10-13 | Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics. |
| CVE-1999-0675 | 2000-10-13 | Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host. |
| CVE-1999-0679 | 2000-10-13 | Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option. |
| CVE-1999-0697 | 2000-10-13 | SCO Doctor allows local users to gain root privileges through a Tools option. |
| CVE-1999-0759 | 2000-10-13 | Buffer overflow in FuseMAIL POP service via long USER and PASS commands. |
| CVE-1999-0787 | 2000-10-13 | The SSH authentication agent follows symlinks via a UNIX domain socket. |
| CVE-1999-0788 | 2000-10-13 | Arkiea nlservd allows remote attackers to conduct a denial of service. |
| CVE-1999-0791 | 2000-10-13 | Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol. |
| CVE-1999-0823 | 2000-10-13 | Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument. |
| CVE-1999-0826 | 2000-10-13 | Buffer overflow in FreeBSD angband allows local users to gain privileges. |
| CVE-1999-0873 | 2000-10-13 | Buffer overflow in Skyfull mail server via MAIL FROM command. |
| CVE-1999-0904 | 2000-10-13 | Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username. |
| CVE-1999-0912 | 2000-10-13 | FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files. |
| CVE-1999-0927 | 2000-10-13 | NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
| CVE-1999-0928 | 2000-10-13 | Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL. |
| CVE-1999-0932 | 2000-10-13 | Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file. |
| CVE-1999-0942 | 2000-10-13 | UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes. |
| CVE-1999-0946 | 2000-10-13 | Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. |
| CVE-1999-0954 | 2000-10-13 | WWWBoard has a default username and default password. |
| CVE-1999-0971 | 2000-10-13 | Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file. |
| CVE-1999-1004 | 2000-10-13 | Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command. |
| CVE-2000-0002 | 2000-10-13 | Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request. |
| CVE-2000-0009 | 2000-10-13 | The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands. |
| CVE-2000-0056 | 2000-10-13 | IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. |
| CVE-2000-0063 | 2000-10-13 | cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. |
| CVE-2000-0064 | 2000-10-13 | cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. |
| CVE-2000-0065 | 2000-10-13 | Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request. |
| CVE-2000-0075 | 2000-10-13 | Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO,... |