Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0696 | 1 Sun | 1 Solaris Answerbook2 | 2017-12-19 | 7.5 HIGH | N/A |
| The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script. | |||||
| CVE-2000-0772 | 1 Tumbleweed | 1 Messaging Management System | 2017-12-19 | 7.5 HIGH | N/A |
| The installation of Tumbleweed Messaging Management System (MMS) 4.6 and earlier (formerly Worldtalk Worldsecure) creates a default account "sa" with no password. | |||||
| CVE-2000-0812 | 1 Sun | 1 Java System Web Server | 2017-12-19 | 10.0 HIGH | N/A |
| The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag. | |||||
| CVE-2000-0826 | 1 Mobius | 1 Documentdirect For The Internet | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long GET request. | |||||
| CVE-2000-0827 | 1 Mobius | 1 Documentdirect For The Internet | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in the web authorization form of Mobius DocumentDirect for the Internet 1.2 allows remote attackers to cause a denial of service or execute arbitrary commands via a long username. | |||||
| CVE-2000-0828 | 1 Mobius | 1 Documentdirect For The Internet | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the Internet 1.2 allows remote attackers to execute arbitrary commands via a long User-Agent parameter. | |||||
| CVE-2000-0832 | 1 Oscar Nierstrasz | 1 Htgrep | 2017-12-19 | 5.0 MEDIUM | N/A |
| Htgrep CGI program allows remote attackers to read arbitrary files by specifying the full pathname in the hdr parameter. | |||||
| CVE-2000-0833 | 1 Jack De Winter | 1 Winsmtp | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to cause a denial of service via a long (1) USER or (2) HELO command. | |||||
| CVE-2000-0836 | 1 Broadgun Software | 1 Camshot Webcam | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to execute arbitrary commands via a long Authorization header. | |||||
| CVE-2000-0840 | 1 Davide Libenzi | 1 Xmail | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long USER command. | |||||
| CVE-2000-0841 | 1 Davide Libenzi | 1 Xmail | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long APOP command. | |||||
| CVE-2000-0857 | 1 Sebastian Kienzl | 1 Muh | 2017-12-19 | 7.5 HIGH | N/A |
| The logging capability in muh 2.05d IRC server does not properly cleanse user-injected format strings, which allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed nickname. | |||||
| CVE-2000-0866 | 1 Borland Software | 1 Interbase Superserver | 2017-12-19 | 2.1 LOW | N/A |
| Interbase 6 SuperServer for Linux allows an attacker to cause a denial of service via a query containing 0 bytes. | |||||
| CVE-2000-0872 | 1 Nathan Purciful | 1 Phpphotoalbum | 2017-12-19 | 5.0 MEDIUM | N/A |
| explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2000-0879 | 1 Plus Technologies | 1 Lpplus | 2017-12-19 | 2.1 LOW | N/A |
| LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services. | |||||
| CVE-2000-0880 | 1 Plus Technologies | 1 Lpplus | 2017-12-19 | 3.6 LOW | N/A |
| LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file. | |||||
| CVE-2000-0881 | 1 Plus Technologies | 1 Lpplus | 2017-12-19 | 2.1 LOW | N/A |
| The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files. | |||||
| CVE-2000-0902 | 1 Nathan Purciful | 1 Phpphotoalbum | 2017-12-19 | 5.0 MEDIUM | N/A |
| getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2000-0906 | 1 Moreover.com | 1 Cached Feed.cgi Script | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters. | |||||
| CVE-2000-0939 | 1 Samba | 1 Samba | 2017-12-19 | 5.0 MEDIUM | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart. | |||||
| CVE-2000-0940 | 1 Metertek | 1 Pagelog.cgi | 2017-12-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. (dot dot) attack on the "name" or "display" parameter. | |||||
| CVE-2000-0950 | 1 Tis | 1 Internet Firewall Toolkit | 2017-12-19 | 7.2 HIGH | N/A |
| Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name. | |||||
| CVE-2000-0954 | 1 Evolvable Corporation | 1 Shambala Server | 2017-12-19 | 10.0 HIGH | N/A |
| Shambala Server 4.5 stores passwords in plaintext, which could allow local users to obtain the passwords and compromise the server. | |||||
| CVE-2000-0955 | 1 Cisco | 1 Virtual Central Office 4000 | 2017-12-19 | 7.5 HIGH | N/A |
| Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges. | |||||
| CVE-2000-0971 | 1 Avirt | 1 Avirt Mail Server | 2017-12-19 | 10.0 HIGH | N/A |
| Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command. | |||||
| CVE-2000-0986 | 1 Oracle | 1 Oracle8i | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable. | |||||
| CVE-2000-0987 | 1 Oracle | 2 Internet Directory, Oracle8i | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter. | |||||
| CVE-2000-0988 | 1 Bardon Data Systems | 1 Winu | 2017-12-19 | 7.2 HIGH | N/A |
| WinU 1.0 through 5.1 has a backdoor password that allows remote attackers to gain access to its administrative interface and modify configuration. | |||||
| CVE-2000-1009 | 2 Redhat, Trustix | 2 Linux, Secure Linux | 2017-12-19 | 7.2 HIGH | N/A |
| dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program. | |||||
| CVE-2000-1015 | 1 Open Source Development Network | 1 Slashcode | 2017-12-19 | 7.5 HIGH | N/A |
| The default configuration of Slashcode before version 2.0 Alpha has a default administrative password, which allows remote attackers to gain Slashcode privileges and possibly execute arbitrary commands. | |||||
| CVE-2000-1020 | 1 Alt-n | 1 Mdaemon | 2017-12-19 | 7.5 HIGH | N/A |
| Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. | |||||
| CVE-2000-1021 | 1 Alt-n | 1 Mdaemon | 2017-12-19 | 7.5 HIGH | N/A |
| Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. | |||||
| CVE-2000-1023 | 1 Alabanza | 1 Control Panel | 2017-12-19 | 7.5 HIGH | N/A |
| The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program. | |||||
| CVE-2000-1025 | 1 Unify | 1 Ewave Servletexec | 2017-12-19 | 5.0 MEDIUM | N/A |
| eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running. | |||||
| CVE-2000-1033 | 1 Cat Soft | 1 Serv-u | 2017-12-19 | 7.5 HIGH | N/A |
| Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users. | |||||
| CVE-2000-1048 | 1 Qbik | 1 Wingate | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL. | |||||
| CVE-2000-1053 | 1 Macromedia | 1 Jrun | 2017-12-19 | 10.0 HIGH | N/A |
| Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. | |||||
| CVE-2000-1062 | 1 Hp | 1 Jetdirect | 2017-12-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in the FTP service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | |||||
| CVE-2000-1063 | 1 Hp | 1 Jetdirect | 2017-12-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Telnet service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | |||||
| CVE-2000-1064 | 1 Hp | 1 Jetdirect | 2017-12-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in the LPD service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | |||||
| CVE-2000-1065 | 1 Hp | 1 Jetdirect | 2017-12-19 | 5.0 MEDIUM | N/A |
| Vulnerability in IP implementation of HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service (printer crash) via a malformed packet. | |||||
| CVE-2000-1076 | 2 Netscape, Sun | 2 Directory Server, Iplanet Certificate Management System | 2017-12-19 | 10.0 HIGH | N/A |
| Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server. | |||||
| CVE-2000-1078 | 1 Mirabilis | 1 Icq Web Front | 2017-12-19 | 5.0 MEDIUM | N/A |
| ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a "?" character. | |||||
| CVE-2000-1079 | 1 Microsoft | 4 Windows 2000, Windows 95, Windows 98 and 1 more | 2017-12-19 | 7.5 HIGH | N/A |
| Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. | |||||
| CVE-2000-1092 | 1 Alex Heiphetz Group | 1 Ezshopper | 2017-12-19 | 5.0 MEDIUM | N/A |
| loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter. | |||||
| CVE-2000-1116 | 1 Transsoft | 1 Broker Ftp Server | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long command. | |||||
| CVE-2000-1147 | 1 Microsoft | 1 Internet Information Server | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag. | |||||
| CVE-2000-1156 | 1 Sun | 1 Staroffice | 2017-12-19 | 3.6 LOW | N/A |
| StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice. | |||||
| CVE-2000-1186 | 1 Phf | 1 Phf | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header. | |||||
| CVE-2000-1199 | 1 Postgresql | 1 Postgresql | 2017-12-19 | 4.6 MEDIUM | N/A |
| PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases. | |||||