Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0872 | 1 Nathan Purciful | 1 Phpphotoalbum | 2017-12-19 | 5.0 MEDIUM | N/A |
| explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2000-0879 | 1 Plus Technologies | 1 Lpplus | 2017-12-19 | 2.1 LOW | N/A |
| LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services. | |||||
| CVE-2000-0880 | 1 Plus Technologies | 1 Lpplus | 2017-12-19 | 3.6 LOW | N/A |
| LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the lpdprocess file. | |||||
| CVE-2000-0881 | 1 Plus Technologies | 1 Lpplus | 2017-12-19 | 2.1 LOW | N/A |
| The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files. | |||||
| CVE-2000-0902 | 1 Nathan Purciful | 1 Phpphotoalbum | 2017-12-19 | 5.0 MEDIUM | N/A |
| getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2000-0906 | 1 Moreover.com | 1 Cached Feed.cgi Script | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Moreover.com cached_feed.cgi script version 4.July.00 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the category or format parameters. | |||||
| CVE-2000-0939 | 1 Samba | 1 Samba | 2017-12-19 | 5.0 MEDIUM | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart. | |||||
| CVE-2000-0940 | 1 Metertek | 1 Pagelog.cgi | 2017-12-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Metertek pagelog.cgi allows remote attackers to read arbitrary files via a .. (dot dot) attack on the "name" or "display" parameter. | |||||
| CVE-2000-0950 | 1 Tis | 1 Internet Firewall Toolkit | 2017-12-19 | 7.2 HIGH | N/A |
| Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name. | |||||
| CVE-2000-0954 | 1 Evolvable Corporation | 1 Shambala Server | 2017-12-19 | 10.0 HIGH | N/A |
| Shambala Server 4.5 stores passwords in plaintext, which could allow local users to obtain the passwords and compromise the server. | |||||
| CVE-2000-0955 | 1 Cisco | 1 Virtual Central Office 4000 | 2017-12-19 | 7.5 HIGH | N/A |
| Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges. | |||||
| CVE-2000-0971 | 1 Avirt | 1 Avirt Mail Server | 2017-12-19 | 10.0 HIGH | N/A |
| Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command. | |||||
| CVE-2000-0986 | 1 Oracle | 1 Oracle8i | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable. | |||||
| CVE-2000-0987 | 1 Oracle | 2 Internet Directory, Oracle8i | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter. | |||||
| CVE-2000-0988 | 1 Bardon Data Systems | 1 Winu | 2017-12-19 | 7.2 HIGH | N/A |
| WinU 1.0 through 5.1 has a backdoor password that allows remote attackers to gain access to its administrative interface and modify configuration. | |||||
| CVE-2000-1009 | 2 Redhat, Trustix | 2 Linux, Secure Linux | 2017-12-19 | 7.2 HIGH | N/A |
| dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program. | |||||
| CVE-2000-1015 | 1 Open Source Development Network | 1 Slashcode | 2017-12-19 | 7.5 HIGH | N/A |
| The default configuration of Slashcode before version 2.0 Alpha has a default administrative password, which allows remote attackers to gain Slashcode privileges and possibly execute arbitrary commands. | |||||
| CVE-2000-1020 | 1 Alt-n | 1 Mdaemon | 2017-12-19 | 7.5 HIGH | N/A |
| Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. | |||||
| CVE-2000-1021 | 1 Alt-n | 1 Mdaemon | 2017-12-19 | 7.5 HIGH | N/A |
| Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. | |||||
| CVE-2000-1023 | 1 Alabanza | 1 Control Panel | 2017-12-19 | 7.5 HIGH | N/A |
| The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program. | |||||
| CVE-2000-1025 | 1 Unify | 1 Ewave Servletexec | 2017-12-19 | 5.0 MEDIUM | N/A |
| eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running. | |||||
| CVE-2000-1033 | 1 Cat Soft | 1 Serv-u | 2017-12-19 | 7.5 HIGH | N/A |
| Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users. | |||||
| CVE-2000-1048 | 1 Qbik | 1 Wingate | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL. | |||||
| CVE-2000-1053 | 1 Macromedia | 1 Jrun | 2017-12-19 | 10.0 HIGH | N/A |
| Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. | |||||
| CVE-2000-1062 | 1 Hp | 1 Jetdirect | 2017-12-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in the FTP service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | |||||
| CVE-2000-1063 | 1 Hp | 1 Jetdirect | 2017-12-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in the Telnet service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | |||||
| CVE-2000-1064 | 1 Hp | 1 Jetdirect | 2017-12-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in the LPD service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service. | |||||
| CVE-2000-1065 | 1 Hp | 1 Jetdirect | 2017-12-19 | 5.0 MEDIUM | N/A |
| Vulnerability in IP implementation of HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service (printer crash) via a malformed packet. | |||||
| CVE-2000-1076 | 2 Netscape, Sun | 2 Directory Server, Iplanet Certificate Management System | 2017-12-19 | 10.0 HIGH | N/A |
| Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server. | |||||
| CVE-2000-1078 | 1 Mirabilis | 1 Icq Web Front | 2017-12-19 | 5.0 MEDIUM | N/A |
| ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a "?" character. | |||||
| CVE-2000-1079 | 1 Microsoft | 4 Windows 2000, Windows 95, Windows 98 and 1 more | 2017-12-19 | 7.5 HIGH | N/A |
| Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. | |||||
| CVE-2000-1092 | 1 Alex Heiphetz Group | 1 Ezshopper | 2017-12-19 | 5.0 MEDIUM | N/A |
| loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter. | |||||
| CVE-2000-1116 | 1 Transsoft | 1 Broker Ftp Server | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long command. | |||||
| CVE-2000-1147 | 1 Microsoft | 1 Internet Information Server | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag. | |||||
| CVE-2000-1156 | 1 Sun | 1 Staroffice | 2017-12-19 | 3.6 LOW | N/A |
| StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice. | |||||
| CVE-2000-1186 | 1 Phf | 1 Phf | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header. | |||||
| CVE-2000-1199 | 1 Postgresql | 1 Postgresql | 2017-12-19 | 4.6 MEDIUM | N/A |
| PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases. | |||||
| CVE-2000-1202 | 1 Ibm | 1 Http Server Ssl Module Common | 2017-12-19 | 7.2 HIGH | N/A |
| ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class. | |||||
| CVE-2001-0022 | 1 Leif M. Wright | 1 Simplestguest.cgi | 2017-12-19 | 10.0 HIGH | N/A |
| simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter. | |||||
| CVE-2001-0023 | 1 Leif M. Wright | 1 Everythingform.cgi | 2017-12-19 | 10.0 HIGH | N/A |
| everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. | |||||
| CVE-2001-0024 | 1 Leif M. Wright | 1 Simplestmail.cgi | 2017-12-19 | 10.0 HIGH | N/A |
| simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter. | |||||
| CVE-2001-0025 | 1 Leif M. Wright | 1 Ad.cgi | 2017-12-19 | 10.0 HIGH | N/A |
| ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter. | |||||
| CVE-2001-0027 | 1 Proftpd Project | 1 Proftpd | 2017-12-19 | 7.5 HIGH | N/A |
| mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users. | |||||
| CVE-2001-0029 | 1 Igor Khasilev | 1 Oops Proxy Server | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other versions) allows remote attackers to execute arbitrary commands via a long host or domain name that is obtained from a reverse DNS lookup. | |||||
| CVE-2001-0030 | 1 Smartstuff | 1 Foolproof Security | 2017-12-19 | 7.2 HIGH | N/A |
| FoolProof 3.9 allows local users to bypass program execution restrictions by downloading the restricted executables from another source and renaming them. | |||||
| CVE-2001-0031 | 1 Broadvision | 1 One-to-one Enterprise Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist. | |||||
| CVE-2001-0032 | 1 Eric Rescorla | 1 Ssldump | 2017-12-19 | 10.0 HIGH | N/A |
| Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL. | |||||
| CVE-2001-0037 | 1 Keware Technologies | 1 Homeseer | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers. | |||||
| CVE-2001-0038 | 1 Metaproducts | 1 Offline Explorer | 2017-12-19 | 5.0 MEDIUM | N/A |
| Offline Explorer 1.4 before Service Release 2 allows remote attackers to read arbitrary files by specifying the drive letter (e.g. C:) in the requested URL. | |||||
| CVE-2001-0044 | 1 Lexmark | 1 Markvision | 2017-12-19 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Lexmark MarkVision printer driver programs allows local users to gain privileges via long arguments to the cat_network, cat_paraller, and cat_serial commands. | |||||