Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0858 | 1 Microsoft | 2 Internet Information Server, Windows Nt | 2017-10-10 | 5.0 MEDIUM | N/A |
| Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. | |||||
| CVE-2000-0859 | 1 Gordano | 1 Ntmail | 2017-10-10 | 5.0 MEDIUM | N/A |
| The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests. | |||||
| CVE-2000-0860 | 1 Php | 1 Php | 2017-10-10 | 5.0 MEDIUM | N/A |
| The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. | |||||
| CVE-2000-0861 | 1 Gnu | 1 Mailman | 2017-10-10 | 7.2 HIGH | N/A |
| Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. | |||||
| CVE-2000-0862 | 1 Allaire | 1 Spectra | 2017-10-10 | 6.4 MEDIUM | N/A |
| Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information. | |||||
| CVE-2000-0863 | 1 Listmanager | 1 Linux | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges. | |||||
| CVE-2000-0864 | 1 Gnome | 1 Esound | 2017-10-10 | 6.2 MEDIUM | N/A |
| Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack. | |||||
| CVE-2000-0865 | 1 Tridia | 1 Doublevision | 2017-10-10 | 7.2 HIGH | N/A |
| Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument. | |||||
| CVE-2000-0868 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2017-10-10 | 5.0 MEDIUM | N/A |
| The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. | |||||
| CVE-2000-0869 | 2 Apache, Suse | 2 Http Server, Suse Linux | 2017-10-10 | 5.0 MEDIUM | N/A |
| The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method. | |||||
| CVE-2000-0870 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string. | |||||
| CVE-2000-0871 | 1 Khamil Landross And Zack Jones | 1 Eftp | 2017-10-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server. | |||||
| CVE-2000-0873 | 1 Ibm | 1 Aix | 2017-10-10 | 2.1 LOW | N/A |
| netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities. | |||||
| CVE-2000-0874 | 1 Qualcomm | 1 Eudora | 2017-10-10 | 5.0 MEDIUM | N/A |
| Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF). | |||||
| CVE-2000-0875 | 1 Texas Imperial Software | 2 Wftpd, Wftpd Pro | 2017-10-10 | 5.0 MEDIUM | N/A |
| WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters. | |||||
| CVE-2000-0876 | 1 Texas Imperial Software | 2 Wftpd, Wftpd Pro | 2017-10-10 | 5.0 MEDIUM | N/A |
| WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname. | |||||
| CVE-2000-0877 | 1 Ranson Johnson | 1 Mailform | 2017-10-10 | 5.0 MEDIUM | N/A |
| mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker. | |||||
| CVE-2000-0900 | 1 Acme Labs | 1 Thttpd | 2017-10-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack. | |||||
| CVE-2000-0908 | 1 Netcplus | 1 Browsegate | 2017-10-10 | 5.0 MEDIUM | N/A |
| BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request. | |||||
| CVE-2000-0909 | 1 University Of Washington | 1 Pine | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header. | |||||
| CVE-2000-0910 | 1 Horde | 1 Horde | 2017-10-10 | 4.6 MEDIUM | N/A |
| Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address. | |||||
| CVE-2000-0911 | 1 Horde | 1 Imp | 2017-10-10 | 5.0 MEDIUM | N/A |
| IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. | |||||
| CVE-2000-0912 | 1 Jcs Web Works | 1 Multihtml | 2017-10-10 | 5.0 MEDIUM | N/A |
| MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter. | |||||
| CVE-2000-0914 | 1 Openbsd | 1 Openbsd | 2017-10-10 | 5.0 MEDIUM | N/A |
| OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests. | |||||
| CVE-2000-0915 | 1 Freebsd | 1 Freebsd | 2017-10-10 | 5.0 MEDIUM | N/A |
| fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name. | |||||
| CVE-2000-0917 | 3 Caldera, Redhat, Trustix | 6 Openlinux, Openlinux Ebuilder, Openlinux Edesktop and 3 more | 2017-10-10 | 10.0 HIGH | N/A |
| Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands. | |||||
| CVE-2000-0919 | 1 Phpix | 1 Phpix | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2000-0920 | 1 Boa | 1 Boa Webserver | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "." | |||||
| CVE-2000-0921 | 1 Hassan Consulting | 1 Shopping Cart | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. | |||||
| CVE-2000-0922 | 1 Bytes Interactive | 1 Web Shopper | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter. | |||||
| CVE-2000-0923 | 1 Aplio | 1 Aplio Phone | 2017-10-10 | 7.5 HIGH | N/A |
| authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. | |||||
| CVE-2000-0924 | 1 Armada Design | 1 Master Index | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catigory" parameter. | |||||
| CVE-2000-0925 | 1 Smartwin Technology | 1 Cyberoffice Shopping Cart | 2017-10-10 | 5.0 MEDIUM | N/A |
| The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2000-0926 | 1 Smartwin Technology | 1 Cyberoffice Shopping Cart | 2017-10-10 | 7.5 HIGH | N/A |
| SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable. | |||||
| CVE-2000-0927 | 1 Wquinn | 1 Quotaadvisor | 2017-10-10 | 4.6 MEDIUM | N/A |
| WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions. | |||||
| CVE-2000-0928 | 1 Wquinn | 1 Diskadvisor | 2017-10-10 | 2.1 LOW | N/A |
| WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares. | |||||
| CVE-2000-0930 | 1 David Harris | 1 Pegasus Mail | 2017-10-10 | 5.0 MEDIUM | N/A |
| Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. | |||||
| CVE-2000-0932 | 1 Clearswift | 1 Mailsweeper For Smtp | 2017-10-10 | 5.0 MEDIUM | N/A |
| MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service. | |||||
| CVE-2000-0934 | 1 Redhat | 1 Linux | 2017-10-10 | 7.2 HIGH | N/A |
| Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. | |||||
| CVE-2000-0935 | 1 Samba | 1 Samba | 2017-10-10 | 7.2 HIGH | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. | |||||
| CVE-2000-0936 | 1 Samba | 1 Samba | 2017-10-10 | 2.1 LOW | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. | |||||
| CVE-2000-0937 | 1 Samba | 1 Samba | 2017-10-10 | 7.5 HIGH | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks. | |||||
| CVE-2000-0938 | 1 Samba | 1 Samba | 2017-10-10 | 5.0 MEDIUM | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. | |||||
| CVE-2000-0941 | 1 Kootenay Web Inc | 1 Kootenay Web Inc Whois | 2017-10-10 | 10.0 HIGH | N/A |
| Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter. | |||||
| CVE-2000-0943 | 1 Max-wilhelm Bruker | 1 Bftpd | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command. | |||||
| CVE-2000-0944 | 1 Cgi Script Center | 1 News Update | 2017-10-10 | 7.5 HIGH | N/A |
| CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. | |||||
| CVE-2000-0945 | 1 Cisco | 1 Catalyst 3500 Xl | 2017-10-10 | 10.0 HIGH | N/A |
| The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory. | |||||
| CVE-2000-0946 | 1 Compaq | 1 Easy Access Keyboard Software | 2017-10-10 | 4.6 MEDIUM | N/A |
| Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization. | |||||
| CVE-2000-0947 | 1 Gnu | 1 Cfengine | 2017-10-10 | 10.0 HIGH | N/A |
| Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. | |||||
| CVE-2000-0948 | 1 Gnome | 1 Gnorpm | 2017-10-10 | 7.2 HIGH | N/A |
| GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. | |||||