Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0910 | 1 Horde | 1 Horde | 2017-10-10 | 4.6 MEDIUM | N/A |
| Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address. | |||||
| CVE-2000-0911 | 1 Horde | 1 Imp | 2017-10-10 | 5.0 MEDIUM | N/A |
| IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. | |||||
| CVE-2000-0912 | 1 Jcs Web Works | 1 Multihtml | 2017-10-10 | 5.0 MEDIUM | N/A |
| MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter. | |||||
| CVE-2000-0914 | 1 Openbsd | 1 Openbsd | 2017-10-10 | 5.0 MEDIUM | N/A |
| OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests. | |||||
| CVE-2000-0915 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 5.0 MEDIUM | N/A |
| fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name. | |||||
| CVE-2000-0917 | 3 Caldera, Redhat, Trustix | 6 Openlinux, Openlinux Ebuilder, Openlinux Edesktop and 3 more | 2017-10-10 | 10.0 HIGH | N/A |
| Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands. | |||||
| CVE-2000-0919 | 1 Phpix | 1 Phpix | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2000-0921 | 1 Hassan Consulting | 1 Shopping Cart | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. | |||||
| CVE-2000-0922 | 1 Bytes Interactive | 1 Web Shopper | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter. | |||||
| CVE-2000-0923 | 1 Aplio | 1 Aplio Phone | 2017-10-10 | 7.5 HIGH | N/A |
| authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. | |||||
| CVE-2000-0924 | 1 Armada Design | 1 Master Index | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catigory" parameter. | |||||
| CVE-2000-0925 | 1 Smartwin Technology | 1 Cyberoffice Shopping Cart | 2017-10-10 | 5.0 MEDIUM | N/A |
| The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2001-0001 | 1 Francisco Burzi | 1 Php-nuke | 2017-10-10 | 7.5 HIGH | N/A |
| cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie. | |||||
| CVE-2000-0926 | 1 Smartwin Technology | 1 Cyberoffice Shopping Cart | 2017-10-10 | 7.5 HIGH | N/A |
| SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable. | |||||
| CVE-2000-0927 | 1 Wquinn | 1 Quotaadvisor | 2017-10-10 | 4.6 MEDIUM | N/A |
| WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions. | |||||
| CVE-2000-0928 | 1 Wquinn | 1 Diskadvisor | 2017-10-10 | 2.1 LOW | N/A |
| WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares. | |||||
| CVE-2000-0930 | 1 David Harris | 1 Pegasus Mail | 2017-10-10 | 5.0 MEDIUM | N/A |
| Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. | |||||
| CVE-2000-0932 | 1 Clearswift | 1 Mailsweeper For Smtp | 2017-10-10 | 5.0 MEDIUM | N/A |
| MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service. | |||||
| CVE-2000-0934 | 1 Redhat | 1 Linux | 2017-10-10 | 7.2 HIGH | N/A |
| Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. | |||||
| CVE-2000-0935 | 1 Samba | 1 Samba | 2017-10-10 | 7.2 HIGH | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. | |||||
| CVE-2000-0936 | 1 Samba | 1 Samba | 2017-10-10 | 2.1 LOW | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. | |||||
| CVE-2000-0937 | 1 Samba | 1 Samba | 2017-10-10 | 7.5 HIGH | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks. | |||||
| CVE-2000-0938 | 1 Samba | 1 Samba | 2017-10-10 | 5.0 MEDIUM | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. | |||||
| CVE-2000-0941 | 1 Kootenay Web Inc | 1 Kootenay Web Inc Whois | 2017-10-10 | 10.0 HIGH | N/A |
| Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter. | |||||
| CVE-2001-0026 | 1 Roaring Penguin | 1 Pppoe | 2017-10-10 | 5.0 MEDIUM | N/A |
| rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option. | |||||
| CVE-2000-0943 | 1 Max-wilhelm Bruker | 1 Bftpd | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command. | |||||
| CVE-2000-0944 | 1 Cgi Script Center | 1 News Update | 2017-10-10 | 7.5 HIGH | N/A |
| CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. | |||||
| CVE-2000-0945 | 1 Cisco | 1 Catalyst 3500 Xl | 2017-10-10 | 10.0 HIGH | N/A |
| The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. | |||||
| CVE-2000-0946 | 1 Compaq | 1 Easy Access Keyboard Software | 2017-10-10 | 4.6 MEDIUM | N/A |
| Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization. | |||||
| CVE-2000-0947 | 1 Gnu | 1 Cfengine | 2017-10-10 | 10.0 HIGH | N/A |
| Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. | |||||
| CVE-2000-0948 | 1 Gnome | 1 Gnorpm | 2017-10-10 | 7.2 HIGH | N/A |
| GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. | |||||
| CVE-2001-0050 | 1 Colten Edwards | 1 Bitchx | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name. | |||||
| CVE-2000-0953 | 1 Evolvable Corporation | 1 Shambala Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection. | |||||
| CVE-2000-0956 | 1 Carnegie Mellon University | 1 Cyrus-sasl | 2017-10-10 | 4.6 MEDIUM | N/A |
| cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions. | |||||
| CVE-2000-0957 | 1 Pam Mysql | 1 Pam Mysql | 2017-10-10 | 7.5 HIGH | N/A |
| The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes. | |||||
| CVE-2000-0958 | 1 Sun | 1 Hotjava Browser | 2017-10-10 | 5.0 MEDIUM | N/A |
| HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window. | |||||
| CVE-2000-0959 | 1 Gnu | 1 Glibc | 2017-10-10 | 1.2 LOW | N/A |
| glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. | |||||
| CVE-2000-0960 | 1 Netscape | 1 Messaging Server | 2017-10-10 | 5.0 MEDIUM | N/A |
| The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse. | |||||
| CVE-2000-0961 | 1 Netscape | 2 Messaging Server, Netscape Messaging Server Multiplexor | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command. | |||||
| CVE-2000-1047 | 1 Lotus | 2 Domino Enterprise Server, Domino Mail Server | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command. | |||||
| CVE-2001-0072 | 1 Gnu | 1 Privacy Guard | 2017-10-10 | 5.0 MEDIUM | N/A |
| gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. | |||||
| CVE-2000-0964 | 1 Siemens | 1 Hinet Lp | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. | |||||
| CVE-2000-0965 | 1 Hp | 1 Vvos | 2017-10-10 | 5.0 MEDIUM | N/A |
| The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization). | |||||
| CVE-2000-0966 | 1 Hp | 1 Hp-ux | 2017-10-10 | 4.6 MEDIUM | N/A |
| Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges. | |||||
| CVE-2000-0968 | 1 Valve Software | 1 Half-life Dedicated Server | 2017-10-10 | 10.0 HIGH | N/A |
| Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command. | |||||
| CVE-2000-0969 | 1 Valve Software | 1 Half-life Dedicated Server | 2017-10-10 | 10.0 HIGH | N/A |
| Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon. | |||||
| CVE-2000-0972 | 1 Hp | 1 Hp-ux | 2017-10-10 | 2.1 LOW | N/A |
| HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. | |||||
| CVE-2000-0975 | 1 Anaconda Partners | 1 Foundation Directory | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2000-0977 | 1 Oatmeal Studios | 1 Mail File | 2017-10-10 | 5.0 MEDIUM | N/A |
| mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter. | |||||
| CVE-2000-0978 | 1 Bb4 | 1 Big Brother Network Monitor | 2017-10-10 | 7.5 HIGH | N/A |
| bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter. | |||||