Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2000-0792 1 Alan Cox 1 Gnome-lokkit 2008-09-05 7.5 HIGH N/A
Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available.
CVE-2000-0686 1 Cgi Script Center 1 Auction Weaver 2008-09-05 5.0 MEDIUM N/A
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.
CVE-2000-0683 1 Bea 1 Weblogic Server 2008-09-05 5.0 MEDIUM N/A
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
CVE-2000-0682 1 Bea 1 Weblogic Server 2008-09-05 5.0 MEDIUM N/A
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
CVE-2000-0681 1 Bea 1 Weblogic Server 2008-09-05 10.0 HIGH N/A
Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.
CVE-2000-0680 1 Cvs 1 Cvs 2008-09-05 7.2 HIGH N/A
The CVS 1.10.8 server does not properly restrict users from creating arbitrary Checkin.prog or Update.prog programs, which allows remote CVS committers to modify or create Trojan horse programs with the Checkin.prog or Update.prog names, then performing a CVS commit action.
CVE-2000-0679 1 Cvs 1 Cvs 2008-09-05 2.1 LOW N/A
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
CVE-2000-0793 2 Novell, Symantec 2 Client, Norton Antivirus 2008-09-05 10.0 HIGH N/A
Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.
CVE-2000-0081 1 Microsoft 1 Hotmail 2008-09-05 10.0 HIGH N/A
Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.
CVE-2000-0415 1 Microsoft 2 Outlook, Outlook Express 2008-09-05 5.0 MEDIUM N/A
Buffer overflow in Outlook Express 4.x allows attackers to cause a denial of service via a mail or news message that has a .jpg or .bmp attachment with a long file name.
CVE-2000-0082 1 Microsoft 1 Webtv 2008-09-05 5.0 MEDIUM N/A
WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML.
CVE-2000-0280 1 Realnetworks 1 Realplayer 2008-09-05 2.6 LOW N/A
Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.
CVE-2000-0281 1 Napster 1 Napster Client 2008-09-05 2.1 LOW N/A
Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message.
CVE-2000-0147 1 Sco 1 Openserver 2008-09-05 2.1 LOW N/A
snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration.
CVE-2000-0306 1 Sco 1 Openserver 2008-09-05 10.0 HIGH N/A
Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message.
CVE-2000-0307 1 Sco 3 Open Desktop, Openserver, Unixware 2008-09-05 5.0 MEDIUM N/A
Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024.
CVE-2000-0308 2 Netscape, Sco 4 Enterprise Server, Fasttrack Server, Proxy Server and 1 more 2008-09-05 10.0 HIGH N/A
Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges.
CVE-2000-0312 1 Openbsd 1 Openbsd 2008-09-05 7.2 HIGH N/A
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron's fake popen function.
CVE-2000-0348 1 Sco 1 Unixware 2008-09-05 10.0 HIGH N/A
A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges.
CVE-2000-0349 1 Sco 1 Unixware 2008-09-05 5.0 MEDIUM N/A
Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service.
CVE-2000-0384 1 Intel 2 Netstructure 7110, Netstructure 7180 2008-09-05 10.0 HIGH N/A
NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure's MAC address, which could allow remote attackers to gain root access.
CVE-1999-1396 1 Sun 1 Sunos 2008-09-05 7.2 HIGH N/A
Vulnerability in integer multiplication emulation code on SPARC architectures for SunOS 4.1 through 4.1.2 allows local users to gain root access or cause a denial of service (crash).
CVE-1999-1554 1 Sgi 1 Irix 2008-09-05 2.1 LOW N/A
/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.
CVE-1999-1558 1 Digital 2 Digital Openvms, Digital Openvms Axp 2008-09-05 7.5 HIGH N/A
Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled.
CVE-1999-1561 1 Nullsoft 1 Shoutcast Server 2008-09-05 7.2 HIGH N/A
Nullsoft SHOUTcast server stores the administrative password in plaintext in a configuration file (sc_serv.conf), which could allow a local user to gain administrative privileges on the server.
CVE-1999-1562 1 Gftp 1 Ftp Client 2008-09-05 4.6 MEDIUM N/A
gFTP FTP client 1.13, and other versions before 2.0.0, records a password in plaintext in (1) the log window, or (2) in a log file.
CVE-1999-1563 1 Nachuatec 2 D435, D445 2008-09-05 5.0 MEDIUM N/A
Nachuatec D435 and D445 printer allows remote attackers to cause a denial of service via ICMP redirect storm.
CVE-1999-1565 2 Debian, Earl Hood 2 Debian Linux, Man2html 2008-09-05 4.6 MEDIUM N/A
Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-1999-1566 1 Intel 1 Iparty 2008-09-05 5.0 MEDIUM N/A
Buffer overflow in iParty server 1.2 and earlier allows remote attackers to cause a denial of service (crash) by connecting to default port 6004 and sending repeated extended characters.
CVE-1999-1580 2 Sendmail, Sun 2 Sendmail, Sunos 2008-09-05 7.2 HIGH N/A
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
CVE-1999-1584 1 Sun 2 Openwindows, Sunos 2008-09-05 10.0 HIGH N/A
Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.
CVE-1999-1320 1 Novell 1 Netware 2008-09-05 4.6 MEDIUM N/A
Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.
CVE-1999-1321 1 Mit 1 Kerberos 2008-09-05 7.5 HIGH N/A
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.
CVE-1999-1588 1 Sun 1 Solaris 2008-09-05 10.0 HIGH N/A
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.
CVE-1999-1590 1 Wwwcount 1 Wwwcount 2008-09-05 3.5 LOW N/A
Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021.
CVE-1999-1591 1 Microsoft 2 Internet Information Server, Visual Interdev 2008-09-05 7.5 HIGH N/A
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0.
CVE-1999-1592 2 Sendmail, Sun 2 Sendmail, Sunos 2008-09-05 7.5 HIGH N/A
Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129.
CVE-1999-1300 1 Cray 1 Unicos 2008-09-05 3.6 LOW N/A
Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users to read arbitrary files and modify system accounting configuration.
CVE-1999-1301 1 Freebsd 1 Freebsd 2008-09-05 7.5 HIGH N/A
A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs.
CVE-1999-1364 1 Microsoft 1 Windows Nt 2008-09-05 2.1 LOW N/A
Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.
CVE-1999-1363 1 Microsoft 1 Windows Nt 2008-09-05 2.1 LOW N/A
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
CVE-1999-1315 1 Dec 1 Dec Openvms 2008-09-05 4.6 MEDIUM N/A
Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP and VAX/VMS systems allow local users to gain privileges or cause a denial of service.
CVE-1999-1449 1 Sun 1 Sunos 2008-09-05 2.1 LOW N/A
SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.
CVE-1999-1362 1 Microsoft 1 Windows Nt 2008-09-05 2.1 LOW N/A
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
CVE-1999-1306 1 Cisco 1 Ios 2008-09-05 7.5 HIGH N/A
Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.
CVE-1999-1360 1 Microsoft 1 Windows Nt 2008-09-05 2.1 LOW N/A
Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
CVE-1999-1359 1 Microsoft 1 Windows Nt 2008-09-05 7.5 HIGH N/A
When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.
CVE-1999-1358 1 Microsoft 2 Windows 2000, Windows Nt 2008-09-05 4.6 MEDIUM N/A
When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.
CVE-1999-1480 1 Ibm 1 Aix 2008-09-05 1.2 LOW N/A
(1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack.
CVE-1999-1475 1 Proftpd Project 1 Proftpd 2008-09-05 4.6 MEDIUM N/A
ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.