Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0930 | 1 David Harris | 1 Pegasus Mail | 2017-10-10 | 5.0 MEDIUM | N/A |
| Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. | |||||
| CVE-2000-0932 | 1 Clearswift | 1 Mailsweeper For Smtp | 2017-10-10 | 5.0 MEDIUM | N/A |
| MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service. | |||||
| CVE-2000-0934 | 1 Redhat | 1 Linux | 2017-10-10 | 7.2 HIGH | N/A |
| Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. | |||||
| CVE-2000-0935 | 1 Samba | 1 Samba | 2017-10-10 | 7.2 HIGH | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. | |||||
| CVE-2000-0936 | 1 Samba | 1 Samba | 2017-10-10 | 2.1 LOW | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. | |||||
| CVE-2000-0937 | 1 Samba | 1 Samba | 2017-10-10 | 7.5 HIGH | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks. | |||||
| CVE-2000-0938 | 1 Samba | 1 Samba | 2017-10-10 | 5.0 MEDIUM | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. | |||||
| CVE-2000-0941 | 1 Kootenay Web Inc | 1 Kootenay Web Inc Whois | 2017-10-10 | 10.0 HIGH | N/A |
| Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter. | |||||
| CVE-2001-0026 | 1 Roaring Penguin | 1 Pppoe | 2017-10-10 | 5.0 MEDIUM | N/A |
| rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option. | |||||
| CVE-2000-0943 | 1 Max-wilhelm Bruker | 1 Bftpd | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command. | |||||
| CVE-2000-0944 | 1 Cgi Script Center | 1 News Update | 2017-10-10 | 7.5 HIGH | N/A |
| CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. | |||||
| CVE-2000-0945 | 1 Cisco | 1 Catalyst 3500 Xl | 2017-10-10 | 10.0 HIGH | N/A |
| The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. | |||||
| CVE-2000-0946 | 1 Compaq | 1 Easy Access Keyboard Software | 2017-10-10 | 4.6 MEDIUM | N/A |
| Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization. | |||||
| CVE-2000-0947 | 1 Gnu | 1 Cfengine | 2017-10-10 | 10.0 HIGH | N/A |
| Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. | |||||
| CVE-2000-0948 | 1 Gnome | 1 Gnorpm | 2017-10-10 | 7.2 HIGH | N/A |
| GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. | |||||
| CVE-2001-0050 | 1 Colten Edwards | 1 Bitchx | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name. | |||||
| CVE-2000-0953 | 1 Evolvable Corporation | 1 Shambala Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection. | |||||
| CVE-2000-0956 | 1 Carnegie Mellon University | 1 Cyrus-sasl | 2017-10-10 | 4.6 MEDIUM | N/A |
| cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions. | |||||
| CVE-2000-0957 | 1 Pam Mysql | 1 Pam Mysql | 2017-10-10 | 7.5 HIGH | N/A |
| The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes. | |||||
| CVE-2000-0958 | 1 Sun | 1 Hotjava Browser | 2017-10-10 | 5.0 MEDIUM | N/A |
| HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window. | |||||
| CVE-2000-0959 | 1 Gnu | 1 Glibc | 2017-10-10 | 1.2 LOW | N/A |
| glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. | |||||
| CVE-2000-0960 | 1 Netscape | 1 Messaging Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse. | |||||
| CVE-2000-0961 | 1 Netscape | 2 Messaging Server, Netscape Messaging Server Multiplexor | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command. | |||||
| CVE-2000-1047 | 1 Lotus | 2 Domino Enterprise Server, Domino Mail Server | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command. | |||||
| CVE-2001-0072 | 1 Gnu | 1 Privacy Guard | 2017-10-10 | 5.0 MEDIUM | N/A |
| gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. | |||||
| CVE-2000-0964 | 1 Siemens | 1 Hinet Lp | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. | |||||
| CVE-2000-0965 | 1 Hp | 1 Vvos | 2017-10-10 | 5.0 MEDIUM | N/A |
| The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization). | |||||
| CVE-2000-0966 | 1 Hp | 1 Hp-ux | 2017-10-10 | 4.6 MEDIUM | N/A |
| Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges. | |||||
| CVE-2000-0968 | 1 Valve Software | 1 Half-life Dedicated Server | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command. | |||||
| CVE-2000-0969 | 1 Valve Software | 1 Half-life Dedicated Server | 2017-10-10 | 10.0 HIGH | N/A |
| Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon. | |||||
| CVE-2000-0972 | 1 Hp | 1 Hp-ux | 2017-10-10 | 2.1 LOW | N/A |
| HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. | |||||
| CVE-2000-0975 | 1 Anaconda Partners | 1 Foundation Directory | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2000-0977 | 1 Oatmeal Studios | 1 Mail File | 2017-10-10 | 5.0 MEDIUM | N/A |
| mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter. | |||||
| CVE-2000-0978 | 1 Bb4 | 1 Big Brother Network Monitor | 2017-10-10 | 7.5 HIGH | N/A |
| bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter. | |||||
| CVE-2000-0989 | 1 Intel | 1 Inbusiness Email Station | 2017-10-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username. | |||||
| CVE-2000-1058 | 1 Hp | 1 Openview Network Node Manager | 2017-10-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem." | |||||
| CVE-2000-0990 | 1 Krzysztof Dabrowski | 1 Cmd5checkpw | 2017-10-10 | 7.5 HIGH | N/A |
| cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username. | |||||
| CVE-2000-0993 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2017-10-10 | 7.2 HIGH | N/A |
| Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. | |||||
| CVE-2000-1106 | 1 Trend Micro | 1 Interscan Viruswall | 2017-10-10 | 4.6 MEDIUM | N/A |
| Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs. | |||||
| CVE-2000-1000 | 1 Aol | 1 Instant Messenger | 2017-10-10 | 5.0 MEDIUM | N/A |
| Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters. | |||||
| CVE-2000-1001 | 1 Element N.v | 1 Element Instantshop | 2017-10-10 | 7.5 HIGH | N/A |
| add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable. | |||||
| CVE-2000-1002 | 1 Stalker | 1 Communigate Pro | 2017-10-10 | 5.0 MEDIUM | N/A |
| POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks. | |||||
| CVE-2000-1003 | 1 Microsoft | 3 Windows 95, Windows 98, Windows 98se | 2017-10-10 | 2.6 LOW | N/A |
| NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash. | |||||
| CVE-2000-1004 | 1 Openbsd | 1 Openbsd | 2017-10-10 | 4.6 MEDIUM | N/A |
| Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters. | |||||
| CVE-2000-1005 | 1 Extropia | 1 Extropia Webstore | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. | |||||
| CVE-2000-1007 | 1 Symantec | 1 I-gear | 2017-10-10 | 5.0 MEDIUM | N/A |
| I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors. | |||||
| CVE-2000-1010 | 2 Openbsd, Redhat | 2 Openbsd, Linux | 2017-10-10 | 10.0 HIGH | N/A |
| Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters. | |||||
| CVE-2000-1011 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable. | |||||
| CVE-2000-1014 | 1 Sco | 1 Unixware | 2017-10-10 | 7.5 HIGH | N/A |
| Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter. | |||||
| CVE-2000-1016 | 1 Suse | 1 Suse Linux | 2017-10-10 | 5.0 MEDIUM | N/A |
| The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL. | |||||