CVE No. |
Description |
SARA Test |
CVE-2000-0700 |
Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets. |
No SARA test |
|
|
No SARA test |
CVE-2000-0702 |
The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file. |
No SARA test |
|
|
No SARA test |
CVE-2000-0703 |
suidperl (aka sperl) does not properly cleanse the escape sequence ~! before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the interactive environmental variable and calling suidperl with a filename that contains the escape sequence. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0705 |
ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
dot..dot server attack |
|
|
No SARA test |
CVE-2000-0706 |
Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands. |
No SARA test |
|
|
No SARA test |
CVE-2000-0707 |
PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password. |
No SARA test |
|
|
No SARA test |
CVE-2000-0708 |
Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port. |
DoS not allowed |
|
|
No SARA test |
CVE-2000-0711 |
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0712 |
Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0716 |
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijcak the session ID and read the user's email. |
No SARA test |
|
|
No SARA test |
CVE-2000-0718 |
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0725 |
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request. |
No SARA test |
|
|
No SARA test |
CVE-2000-0727 |
xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0728 |
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0729 |
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header. |
No SARA test |
|
|
No SARA test |
CVE-2000-0730 |
Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0732 |
Worm HTTP server allows remote attackers to cause a denial of service via a long URL. |
No SARA test |
|
|
No SARA test |
CVE-2000-0733 |
Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request. |
IRIX telnetd version |
|
|
No SARA test |
CVE-2000-0737 |
The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the Service Control Manager Named Pipe Impersonation vulnerability. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0738 |
WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail. |
No SARA test |
|
|
No SARA test |
CVE-2000-0743 |
Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value. |
No SARA test |
|
|
No SARA test |
CVE-2000-0744 |
Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value. |
No SARA test |
|
|
No SARA test |
CVE-2000-0745 |
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter. |
No SARA test |
|
|
No SARA test |
CVE-2000-0749 |
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system. |
No SARA test |
|
|
No SARA test |
CVE-2000-0750 |
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name. |
No SARA test |
|
|
No SARA test |
CVE-2000-0751 |
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands. |
No SARA test |
|
|
No SARA test |
CVE-2000-0754 |
Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords. |
No SARA test |
|
|
No SARA test |
CVE-2000-0758 |
The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field. |
No SARA test |
|
|
No SARA test |
CVE-2000-0761 |
OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username. |
DoS not allowed |
|
|
No SARA test |
CVE-2000-0762 |
The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges. |
No SARA test |
|
|
No SARA test |
CVE-2000-0763 |
xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option. |
No SARA test |
|
|
No SARA test |
CVE-2000-0764 |
Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet. |
No SARA test |
|
|
No SARA test |
CVE-2000-0765 |
Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the Microsoft Office HTML Object Tag vulnerability. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0766 |
Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request. |
No SARA test |
|
|
No SARA test |
CVE-2000-0767 |
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the Scriptlet Rendering vulnerability. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0768 |
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the Frame Domain Verification vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0770 |
IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the File Permission Canonicalization vulnerability. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0771 |
Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the Local Security Policy Corruption vulnerability. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0777 |
The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the Money Password vulnerability. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0778 |
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a Translate: f header, aka the Specialized Header vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0779 |
Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests. |
No SARA test |
|
|
No SARA test |
CVE-2000-0780 |
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-0782 |
netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
netauth directory traversal |
|
|
No SARA test |
CVE-2000-0783 |
Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100. |
No SARA test |
|
|
No SARA test |
CVE-2000-0786 |
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions. |
No SARA test |
|
|
No SARA test |
CVE-2000-0787 |
IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser. |
can not test remotely |
|
|
No SARA test |
CVE-2000-0792 |
Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available. |
No SARA test |
|
|
No SARA test |
CVE-2000-0804 |
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka One-way Connection Enforcement Bypass. |
No SARA test |
|
|
No SARA test |
CVE-2000-0805 |
Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka Retransmission of Encapsulated Packets. |
No SARA test |
|
|
No SARA test |
CVE-2000-0806 |
The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka Inter-module Communications Bypass. |
No SARA test |
|
|
No SARA test |
CVE-2000-0807 |
The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the OPSEC Authentication Vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0808 |
The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka One-time (s/key) Password Authentication. |
No SARA test |
|
|
No SARA test |
CVE-2000-0809 |
Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service. |
No SARA test |
|
|
No SARA test |
CVE-2000-0810 |
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-0811 |
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields. |
No SARA test |
|
|
No SARA test |
CVE-2000-0813 |
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers (FTP Bounce) via invalid FTP commands that are processed improperly by FireWall-1, aka FTP Connection Enforcement Bypass. |
No SARA test |
|
|
No SARA test |
CVE-2000-0824 |
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH. |
No SARA test |
|
|
No SARA test |
CVE-2000-0834 |
The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the Windows 2000 Telnet Client NTLM Authentication vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0837 |
FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes. |
No SARA test |
|
|
No SARA test |
CVE-2000-0844 |
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. |
No SARA test |
|
|
No SARA test |
CVE-2000-0846 |
Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to execute arbitrary commands via a long username or password. |
No SARA test |
|
|
No SARA test |
CVE-2000-0847 |
Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header. |
No SARA test |
|
|
No SARA test |
CVE-2000-0848 |
Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header. |
No SARA test |
|
|
No SARA test |
CVE-2000-0849 |
Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the Unicast Service Race Condition vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0850 |
Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending $/FILENAME.ext (where ext is .ccc, .class, or .jpg) to the requested URL. |
No SARA test |
|
|
No SARA test |
CVE-2000-0851 |
Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the Still Image Service Privilege Escalation vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0852 |
Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges. |
No SARA test |
|
|
No SARA test |
CVE-2000-0853 |
YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-0858 |
Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the Invalid URL vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0860 |
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. |
No SARA test |
|
|
No SARA test |
CVE-2000-0861 |
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. |
No SARA test |
|
|
No SARA test |
CVE-2000-0862 |
Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information. |
No SARA test |
|
|
No SARA test |
CVE-2000-0863 |
Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges. |
No SARA test |
|
|
No SARA test |
CVE-2000-0864 |
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-0865 |
Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument. |
No SARA test |
|
|
No SARA test |
CVE-2000-0867 |
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. |
No SARA test |
|
|
No SARA test |
CVE-2000-0868 |
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. |
No SARA test |
|
|
No SARA test |
CVE-2000-0869 |
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method. |
No SARA test |
|
|
No SARA test |
CVE-2000-0870 |
Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string. |
No SARA test |
|
|
No SARA test |
CVE-2000-0871 |
Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server. |
No SARA test |
|
|
No SARA test |
CVE-2000-0873 |
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities. |
No SARA test |
|
|
No SARA test |
CVE-2000-0878 |
The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field. |
No SARA test |
|
|
No SARA test |
CVE-2000-0883 |
The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory. |
No SARA test |
|
|
No SARA test |
CVE-2000-0884 |
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the Web Server Folder Traversal vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0886 |
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the Web Server File Request Parsing vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0887 |
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the zxfr bug. |
No SARA test |
|
|
No SARA test |
CVE-2000-0888 |
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the srv bug. |
No SARA test |
|
|
No SARA test |
CVE-2000-0900 |
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a %2e%2e string, a variation of the .. (dot dot) attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-0901 |
Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable. |
No SARA test |
|
|
No SARA test |
CVE-2000-0908 |
BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request. |
No SARA test |
|
|
No SARA test |
CVE-2000-0909 |
Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header. |
No SARA test |
|
|
No SARA test |
CVE-2000-0910 |
Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the from address. |
No SARA test |
|
|
No SARA test |
CVE-2000-0911 |
IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. |
No SARA test |
|
|
No SARA test |
CVE-2000-0912 |
MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the multi parameter. |
No SARA test |
|
|
No SARA test |
CVE-2000-0913 |
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. |
No SARA test |
|
|
No SARA test |
CVE-2000-0914 |
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests. |
No SARA test |
|
|
No SARA test |
CVE-2000-0915 |
fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name. |
No SARA test |
|
|
No SARA test |
CVE-2000-0917 |
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands. |
No SARA test |
|
|
No SARA test |
CVE-2000-0919 |
Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-0920 |
Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a %2E instead of a . |
No SARA test |
|
|
No SARA test |
CVE-2000-0921 |
Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. |
No SARA test |
|
|
No SARA test |
CVE-2000-0922 |
Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter. |
No SARA test |
|
|
No SARA test |
CVE-2000-0923 |
authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. |
No SARA test |
|
|
No SARA test |
CVE-2000-0924 |
Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the catigory parameter. |
No SARA test |
|
|
No SARA test |
CVE-2000-0925 |
The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information. |
No SARA test |
|
|
No SARA test |
CVE-2000-0926 |
SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the Price hidden form variable. |
No SARA test |
|
|
No SARA test |
CVE-2000-0928 |
WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares. |
No SARA test |
|
|
No SARA test |
CVE-2000-0929 |
Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the OCX Attachment vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0930 |
Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. |
No SARA test |
|
|
No SARA test |
CVE-2000-0932 |
MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service. |
No SARA test |
|
|
No SARA test |
CVE-2000-0933 |
The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the Simplified Chinese IME State Recognition vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0934 |
Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-0935 |
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. |
No SARA test |
|
|
No SARA test |
CVE-2000-0936 |
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. |
No SARA test |
|
|
No SARA test |
CVE-2000-0937 |
Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks. |
No SARA test |
|
|
No SARA test |
CVE-2000-0938 |
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. |
No SARA test |
|
|
No SARA test |
CVE-2000-0941 |
Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the whois parameter. |
No SARA test |
|
|
No SARA test |
CVE-2000-0942 |
The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the Indexing Services Cross Site Scripting vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0943 |
Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command. |
No SARA test |
|
|
No SARA test |
CVE-2000-0944 |
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. |
No SARA test |
|
|
No SARA test |
CVE-2000-0946 |
Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization. |
No SARA test |
|
|
No SARA test |
CVE-2000-0947 |
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. |
No SARA test |
|
|
No SARA test |
CVE-2000-0948 |
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-0949 |
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option. |
No SARA test |
|
|
No SARA test |
CVE-2000-0951 |
A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search. |
No SARA test |
|
|
No SARA test |
CVE-2000-0952 |
global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters. |
No SARA test |
|
|
No SARA test |
CVE-2000-0953 |
Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection. |
No SARA test |
|
|
No SARA test |
CVE-2000-0956 |
cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions. |
No SARA test |
|
|
No SARA test |
CVE-2000-0957 |
The pluggable authentication module for msql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes. |
No SARA test |
|
|
No SARA test |
CVE-2000-0958 |
HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window. |
No SARA test |
|
|
No SARA test |
CVE-2000-0959 |
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-0960 |
The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse. |
No SARA test |
|
|
No SARA test |
CVE-2000-0961 |
Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command. |
No SARA test |
|
|
No SARA test |
CVE-2000-0962 |
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service. |
No SARA test |
|
|
No SARA test |
CVE-2000-0965 |
The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization) |
No SARA test |
|
|
No SARA test |
CVE-2000-0966 |
Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges. |
No SARA test |
|
|
No SARA test |
CVE-2000-0967 |
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs. |
No SARA test |
|
|
No SARA test |
CVE-2000-0968 |
Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command. |
No SARA test |
|
|
No SARA test |
CVE-2000-0969 |
Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon. |
No SARA test |
|
|
No SARA test |
CVE-2000-0970 |
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the Session ID Cookie Marking vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0972 |
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. |
No SARA test |
|
|
No SARA test |
CVE-2000-0973 |
Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated. |
No SARA test |
|
|
No SARA test |
CVE-2000-0974 |
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection. |
No SARA test |
|
|
No SARA test |
CVE-2000-0975 |
Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-0977 |
mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the filename parameter in a POST request, which is then sent by email to the address specified in the email parameter. |
No SARA test |
|
|
No SARA test |
CVE-2000-0978 |
bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the & shell metacharacter. |
No SARA test |
|
|
No SARA test |
CVE-2000-0979 |
File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the Share Level Password vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0980 |
NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network. |
No SARA test |
|
|
No SARA test |
CVE-2000-0981 |
MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password. |
No SARA test |
|
|
No SARA test |
CVE-2000-0982 |
Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the Cached Web Credentials vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0983 |
Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the NetMeeting Desktop Sharing vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0984 |
The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a ?/ string. |
No SARA test |
|
|
No SARA test |
CVE-2000-0989 |
Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username. |
No SARA test |
|
|
No SARA test |
CVE-2000-0990 |
cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an SMTP AUTH command with an unknown username. |
No SARA test |
|
|
No SARA test |
CVE-2000-0991 |
Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the HyperTerminal Buffer Overflow vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-0992 |
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-0993 |
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. |
No SARA test |
|
|
No SARA test |
CVE-2000-0994 |
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable. |
No SARA test |
|
|
No SARA test |
CVE-2000-0995 |
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name. |
No SARA test |
|
|
No SARA test |
CVE-2000-0996 |
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell. |
No SARA test |
|
|
No SARA test |
CVE-2000-1000 |
Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters. |
No SARA test |
|
|
No SARA test |
CVE-2000-1001 |
add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the price hidden form variable. |
No SARA test |
|
|
No SARA test |
CVE-2000-1002 |
POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks. |
No SARA test |
|
|
No SARA test |
CVE-2000-1003 |
NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash. |
No SARA test |
|
|
No SARA test |
CVE-2000-1004 |
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters. |
No SARA test |
|
|
No SARA test |
CVE-2000-1005 |
Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. |
No SARA test |
|
|
No SARA test |
CVE-2000-1006 |
Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset= command, aka the Malformed MIME Header vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-1007 |
I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors. |
No SARA test |
|
|
No SARA test |
CVE-2000-1010 |
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters. |
No SARA test |
|
|
No SARA test |
CVE-2000-1011 |
Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable. |
No SARA test |
|
|
No SARA test |
CVE-2000-1014 |
Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter. |
No SARA test |
|
|
No SARA test |
CVE-2000-1016 |
The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL. |
No SARA test |
|
|
No SARA test |
CVE-2000-1018 |
shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file. |
No SARA test |
|
|
No SARA test |
CVE-2000-1019 |
Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL. |
No SARA test |
|
|
No SARA test |
CVE-2000-1022 |
The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands. |
No SARA test |
|
|
No SARA test |
CVE-2000-1024 |
eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands. |
No SARA test |
|
|
No SARA test |
CVE-2000-1026 |
Multiple buffer overflows in LBNL tcpdump allows remote attackers to execute arbitrary commands. |
No SARA test |
|
|
No SARA test |
CVE-2000-1027 |
Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established. |
No SARA test |
|
|
No SARA test |
CVE-2000-1031 |
Buffer overflow in dtterm in HP-UX 11.0 allows a local user to gain privileges via a long -tn option. |
No SARA test |
|
|
No SARA test |
CVE-2000-1032 |
The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall. |
No SARA test |
|
|
No SARA test |
CVE-2000-1034 |
Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the ActiveX Parameter Validation vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-1036 |
Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter. |
No SARA test |
|
|
No SARA test |
CVE-2000-1038 |
The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request. |
No SARA test |
|
|
No SARA test |
CVE-2000-1040 |
Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service. |
No SARA test |
|
|
No SARA test |
CVE-2000-1041 |
Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges. |
No SARA test |
|
|
No SARA test |
CVE-2000-1042 |
Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. |
No SARA test |
|
|
No SARA test |
CVE-2000-1043 |
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. |
No SARA test |
|
|
No SARA test |
CVE-2000-1044 |
Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibly other Linux operating systems, allows an attacker to gain root privileges. |
No SARA test |
|
|
No SARA test |
CVE-2000-1045 |
nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests. |
No SARA test |
|
|
No SARA test |
CVE-2000-1049 |
Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of . characters. |
No SARA test |
|
|
No SARA test |
CVE-2000-1050 |
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra / in the beginning of the request (aka the extra leading slash). |
No SARA test |
|
|
No SARA test |
CVE-2000-1051 |
Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet. |
No SARA test |
|
|
No SARA test |
CVE-2000-1054 |
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet. |
No SARA test |
|
|
No SARA test |
CVE-2000-1055 |
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet. |
No SARA test |
|
|
No SARA test |
CVE-2000-1056 |
CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords. |
No SARA test |
|
|
No SARA test |
CVE-2000-1057 |
Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions. |
No SARA test |
|
|
No SARA test |
CVE-2000-1058 |
Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the Java SNMP MIB Browser Object ID parsing problem. |
No SARA test |
|
|
No SARA test |
CVE-2000-1059 |
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an xhost + localhost command, which allows local users to sniff X Windows events and gain privileges. |
No SARA test |
|
|
No SARA test |
CVE-2000-1060 |
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an xhost + localhost command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges. |
No SARA test |
|
|
No SARA test |
CVE-2000-1061 |
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the Microsoft VM ActiveX Component vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-1068 |
pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter. |
No SARA test |
|
|
No SARA test |
CVE-2000-1069 |
pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters. |
No SARA test |
|
|
No SARA test |
CVE-2000-1070 |
pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information. |
No SARA test |
|
|
No SARA test |
CVE-2000-1071 |
The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an xhost + command, which allows remote attackers to monitor X Windows events and gain privileges. |
No SARA test |
|
|
No SARA test |
CVE-2000-1072 |
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse. |
No SARA test |
|
|
No SARA test |
CVE-2000-1073 |
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory. |
No SARA test |
|
|
No SARA test |
CVE-2000-1074 |
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory. |
No SARA test |
|
|
No SARA test |
CVE-2000-1077 |
Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension. |
No SARA test |
|
|
No SARA test |
CVE-2000-1080 |
Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet. |
No SARA test |
|
|
No SARA test |
CVE-2000-1089 |
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the Phone Book Service Buffer Overflow vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-1094 |
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a buddyicon command with a long src argument. |
No SARA test |
|
|
No SARA test |
CVE-2000-1095 |
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters. |
No SARA test |
|
|
No SARA test |
CVE-2000-1096 |
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file. |
No SARA test |
|
|
No SARA test |
CVE-2000-1097 |
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. |
No SARA test |
|
|
No SARA test |
CVE-2000-1099 |
Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities. |
No SARA test |
|
|
No SARA test |
CVE-2000-1106 |
Trend Micro InterScan VirusWall creates an Intscan share to the InterScan directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs. |
No SARA test |
|
|
No SARA test |
CVE-2000-1107 |
in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash. |
No SARA test |
|
|
No SARA test |
CVE-2000-1112 |
Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the .WMS Script Execution vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-1113 |
Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the .ASX Buffer Overrun vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-1115 |
Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. |
No SARA test |
|
|
No SARA test |
CVE-2000-1120 |
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands. |
No SARA test |
|
|
No SARA test |
CVE-2000-1131 |
Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable. |
No SARA test |
|
|
No SARA test |
CVE-2000-1132 |
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed forum variable. |
No SARA test |
|
|
No SARA test |
CVE-2000-1135 |
fshd (fsh daemon) in Debian Linux allows local users to overwrite files of other users via a symlink attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-1136 |
elvis-tiny before 1.4-10 in Debian Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-1137 |
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-1139 |
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the Exchange User Account vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-1140 |
Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem. |
No SARA test |
|
|
No SARA test |
CVE-2000-1141 |
Recourse ManTrap 1.6 modifies the kernel so that .. does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system. |
No SARA test |
|
|
No SARA test |
CVE-2000-1142 |
Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system. |
No SARA test |
|
|
No SARA test |
CVE-2000-1143 |
Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system. |
No SARA test |
|
|
No SARA test |
CVE-2000-1144 |
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting / file system is higher than normal, which allows attackers to determine that they are in a chroot environment. |
No SARA test |
|
|
No SARA test |
CVE-2000-1145 |
Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or fsdb to read /dev/mem and raw disk devices to identify ManTrap processes or modify arbitrary data files. |
No SARA test |
|
|
No SARA test |
CVE-2000-1146 |
Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd. |
No SARA test |
|
|
No SARA test |
CVE-2000-1148 |
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server. |
No SARA test |
|
|
No SARA test |
CVE-2000-1149 |
Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the Terminal Server Login Buffer Overflow vulnerability. |
No SARA test |
|
|
No SARA test |
CVE-2000-1162 |
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack. |
No SARA test |
|
|
No SARA test |
CVE-2000-1163 |
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript. |
No SARA test |
|
|
No SARA test |
CVE-2000-1167 |
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the nat deny_incoming command, which allows remote attackers to connect to the target system. |
No SARA test |
|
|
No SARA test |
CVE-2000-1169 |
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent. |
No SARA test |
|
|
No SARA test |
CVE-2000-1178 |
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes. |
No SARA test |
|
|
No SARA test |
CVE-2000-1179 |
Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters. |
No SARA test |
|
|
No SARA test |
CVE-2000-1181 |
Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL. |
No SARA test |
|
|
No SARA test |
CVE-2000-1182 |
WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling. |
No SARA test |
|
|
No SARA test |
CVE-2000-1184 |
telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file. |
No SARA test |
|
|
No SARA test |
CVE-2000-1187 |
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field. |
No SARA test |
|
|
No SARA test |
CVE-2000-1189 |
Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges. |
No SARA test |
CVE No. |
References |
CVE-2000-0700 | CISCO:20000803 Possible Access Control Bypass and Denial of Service in Gigabit Switch Routers Using Gigabit Ethernet or Fast Ethernet Cards BID:1541 |
| |
CVE-2000-0702 | BUGTRAQ:20000821 [HackersLab bugpaper] HP-UX net.init rc script BID:1602 XF:hp-netinit-symlink |
| |
CVE-2000-0703 | BUGTRAQ:20000805 sperl 5.00503 (and newer ;) exploit SUSE:20000810 Security Hole in perl all versions CALDERA:CSSA-2000-026.0 DEBIAN:20000808 mailx: local exploit REDHAT:RHSA-2000:048-03 TURBO:TLSA2000018-1 BUGTRAQ:20000814 Trustix Security Advisory - perl and mailx BUGTRAQ:20000808 MDKSA-2000:031 perl update BUGTRAQ:20000810 Conectiva Linux security announcemente - PERL BID:1547 XF:perl-shell-escape |
| |
CVE-2000-0705 | BUGTRAQ:20000802 [ Hackerslab bug_paper ] ntop web mode vulnerabliity REDHAT:RHSA-2000:049-02 BID:1550 XF:ntop-remote-file-access |
| |
CVE-2000-0706 | FREEBSD:FreeBSD-SA-00:36 DEBIAN:20000830 ntop: Still remotely exploitable using buffer overflows BID:1576 XF:ntop-bo |
| |
CVE-2000-0707 | BUGTRAQ:20000804 PCCS MySQL DB Admin Tool v1.2.3- Advisory CONFIRM:http://pccs-linux.com/public/view.php3?bn=agora_pccslinux&key=965951324 BID:1557 XF:pccs-mysql-admin-tool |
| |
CVE-2000-0708 | NTBUGTRAQ:20000824 Remote DoS Attack in Pragma TelnetServer 2000 (Remote Execute Daemon) Vulnerability CONFIRM:http://www.pragmasys.com/TelnetServer/ BID:1605 XF:telnetserver-rpc-bo |
| |
CVE-2000-0711 | BUGTRAQ:20000816 JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!) BUGTRAQ:20000805 Dangerous Java/Netscape Security Hole CERT:CA-2000-15 BID:1545 |
| |
CVE-2000-0712 | MISC:http://www.egroups.com/message/lids/1038 BUGTRAQ:2000803 LIDS severe bug CONFIRM:http://www.lids.org/changelog.html BID:1549 |
| |
CVE-2000-0716 | NTBUGTRAQ:20000809 Session hijacking in Alt-N's MDaemon 2.8 BID:1553 XF:mdaemon-session-id-hijack |
| |
CVE-2000-0718 | BUGTRAQ:20000812 MDKSA-2000:034 MandrakeUpdate update BID:1567 |
| |
CVE-2000-0725 | CONFIRM:http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert REDHAT:RHSA-2000:052-02 DEBIAN:20000821 zope: unauthorized escalation of privilege (update) BUGTRAQ:20000821 Conectiva Linux Security Announcement - Zope BUGTRAQ:20000816 MDKSA-2000:035 Zope update BID:1577 |
| |
CVE-2000-0727 | BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf DEBIAN:20000910 xpdf: local exploit REDHAT:RHSA-2000:060-03 CALDERA:CSSA-2000-031.0 BID:1624 |
| |
CVE-2000-0728 | BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf DEBIAN:20000910 xpdf: local exploit REDHAT:RHSA-2000:060-03 CALDERA:CSSA-2000-031.0 BID:1624 |
| |
CVE-2000-0729 | FREEBSD:FreeBSD-SA-00:41 BID:1625 XF:freebsd-elf-dos(5967) |
| |
CVE-2000-0730 | HP:HPSBUX0008-118 BID:1580 |
| |
CVE-2000-0732 | NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server BID:1626 XF:wormhttp-filename-dos |
| |
CVE-2000-0733 | BUGTRAQ:20000814 [LSD] IRIX telnetd remote vulnerability SGI:20000801-02-P BID:1572 |
| |
CVE-2000-0737 | MS:MS00-053 BID:1535 |
| |
CVE-2000-0738 | NTBUGTRAQ:20000818 WebShield SMTP infinite loop DoS Attack BID:1589 XF:webshield-smtp-dos |
| |
CVE-2000-0743 | BUGTRAQ:20000810 Remote vulnerability in Gopherd 2.x BID:1569 |
| |
CVE-2000-0744 | BUGTRAQ:20000810 Remote vulnerability in Gopherd 2.x BID:1569 |
| |
CVE-2000-0745 | BUGTRAQ:20000821 Vuln. in all sites using PHP-Nuke versions less than 3 BID:1592 |
| |
CVE-2000-0749 | FREEBSD:FreeBSD-SA-00:42 BID:1628 XF:freebsd-linux-module-bo(5968) |
| |
CVE-2000-0750 | BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow FREEBSD:FreeBSD-SA-00:40 OPENBSD:20000705 Mopd contained a buffer overflow. REDHAT:RHSA-2000-050-01 MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h BID:1558 |
| |
CVE-2000-0751 | BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow FREEBSD:FreeBSD-SA-00:40 OPENBSD:20000705 Mopd contained a buffer overflow. REDHAT:RHSA-2000-050-01 MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h BID:1559 |
| |
CVE-2000-0754 | HP:HPSBUX0008-119 BID:1581 |
| |
CVE-2000-0758 | BUGTRAQ:20000811 Lyris List Manager Administration Hole CONFIRM:http://www.lyris.com/lm/lm_updates.html BID:1584 |
| |
CVE-2000-0761 | BUGTRAQ:20000815 OS/2 Warp 4.5 FTP Server DoS CONFIRM:ftp://ftp.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27721/README BID:1582 |
| |
CVE-2000-0762 | BUGTRAQ:20000811 eTrust Access Control - Root compromise for default install CONFIRM:http://support.ca.com/techbases/eTrust/etrust_access_control-response.html BID:1583 XF:etrust-access-control-default |
| |
CVE-2000-0763 | BUGTRAQ:20000816 xlock vulnerability DEBIAN:20000816 xlockmore: possible shadow file compromise FREEBSD:FreeBSD-SA-00:44.xlockmore BUGTRAQ:20000817 Conectiva Linux Security Announcement - xlockmore BUGTRAQ:20000823 MDKSA-2000:038 - xlockmore update BID:1585 |
| |
CVE-2000-0764 | BUGTRAQ:20000828 Intel Express Switch 500 series DoS BID:1609 XF:intel-express-switch-dos |
| |
CVE-2000-0765 | MS:MS00-056 BID:1561 |
| |
CVE-2000-0766 | BUGTRAQ:20000819 D.o.S Vulnerability in vqServer BID:1610 XF:vqserver-get-dos |
| |
CVE-2000-0767 | MS:MS00-055 BID:1564 |
| |
CVE-2000-0768 | MS:MS00-055 BID:1564 |
| |
CVE-2000-0770 | MS:MS00-057 BID:1565 |
| |
CVE-2000-0771 | MS:MS00-062 BID:1613 |
| |
CVE-2000-0777 | MS:MS00-061 BID:1615 |
| |
CVE-2000-0778 | MS:MS00-058 BUGTRAQ:20000815 Translate:f summary history and thoughts NTBUGTRAQ:20000816 Translate: f BID:1578 |
| |
CVE-2000-0779 | CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Improper_stderr BID:1534 |
| |
CVE-2000-0780 | BUGTRAQ:20000830 Vulnerability Report On IPSWITCH's IMail CONFIRM:http://www.ipswitch.com/Support/IMail/news.html BID:1617 |
| |
CVE-2000-0782 | BUGTRAQ:20000817 Netauth: Web Based Email Management System CONFIRM:http://netwinsite.com/netauth/updates.htm BID:1587 |
| |
CVE-2000-0783 | BUGTRAQ:20000815 Watchguard Firebox Authentication DoS BID:1573 XF:firebox-url-dos |
| |
CVE-2000-0786 | BUGTRAQ:20000726 userv security boundary tool 1.0.1 (SECURITY FIX) DEBIAN:20000727 userv: local exploit CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=96473640717095&w=2 BID:1516 |
| |
CVE-2000-0787 | BUGTRAQ: 20000817 XChat URL handler vulnerabilty BID:1601 REDHAT:RHSA-2000:055-03 BUGTRAQ:20000824 MDKSA-2000:039 - xchat update BUGTRAQ:20000825 Conectiva Linux Security Announcement - xchat |
| |
CVE-2000-0792 | BUGTRAQ:20000819 Security update for Gnome-Lokkit BID:1590 |
| |
CVE-2000-0804 | CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-way_Connection XF:fw1-remote-bypass |
| |
CVE-2000-0805 | CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Retransmission_of XF:fw1-client-spoof |
| |
CVE-2000-0806 | CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Inter-module_Communications XF:fw1-fwa1-auth-replay |
| |
CVE-2000-0807 | CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication XF:fw1-opsec-auth-spoof |
| |
CVE-2000-0808 | CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-time_Password XF:fw1-localhost-auth |
| |
CVE-2000-0809 | CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer XF:fw1-getkey-bo |
| |
CVE-2000-0810 | BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 BID:1782 XF:auction-weaver-delete-files |
| |
CVE-2000-0811 | BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 BID:1783 XF:auction-weaver-username-bidfile |
| |
CVE-2000-0813 | CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#FTP_Connection XF:fw1-ftp-redirect |
| |
CVE-2000-0824 | BUGTRAQ:19990917 A few bugs... BUGTRAQ:20000831 glibc unsetenv bug CALDERA:CSSA-2000-028.0 DEBIAN:20000902 glibc: local root exploit MANDRAKE:MDKSA-2000:040 MANDRAKE:MDKSA-2000:045 REDHAT:RHSA-2000:057-04 TURBO:TLSA2000020-1 SUSE:20000924 glibc locale security problem BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc BUGTRAQ:20000905 Conectiva Linux Security Announcement - glibc BUGTRAQ:20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched BID:648 BID:1639 XF:glibc-ld-unsetenv |
| |
CVE-2000-0834 | ATSTAKE:A091400-1 MS:MS00-067 BID:1683 XF:win2k-telnet-ntlm-authentication |
| |
CVE-2000-0837 | BUGTRAQ:20000804 FTP Serv-U 2.5e vulnerability. BID:1543 XF:servu-null-character-dos |
| |
CVE-2000-0844 | BUGTRAQ:20000904 UNIX locale format string vulnerability DEBIAN:20000902 glibc: local root exploit CALDERA:CSSA-2000-030.0 REDHAT:RHSA-2000-057-02 SUSE:20000906 glibc locale security problem TURBO:TLSA2000020-1 AIXAPAR:IY13753 COMPAQ:SSRT0689U SGI:20000901-01-P BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc BID:1634 XF:unix-locale-format-string(5176) |
| |
CVE-2000-0846 | BUGTRAQ:20000821 Darxite daemon remote exploit/DoS problem BID:1598 XF:darxite-login-bo |
| |
CVE-2000-0847 | BUGTRAQ:20000901 UW c-client library vulnerability BUGTRAQ:20000901 More about UW c-client library FREEBSD:FreeBSD-SA-00:47.pine BID:1646 BID:1687 XF:c-client-dos(5223) |
| |
CVE-2000-0848 | BUGTRAQ:20000915 WebSphere application server plugin issue & vendor fix MISC:http://www-4.ibm.com/software/webservers/appserv/doc/v3022/fxpklst.htm#Security BID:1691 XF:websphere-header-dos |
| |
CVE-2000-0849 | MS:MS00-064 BID:1655 XF:unicast-service-dos(5193) |
| |
CVE-2000-0850 | ATSTAKE:A091100-1 BID:1681 XF:siteminder-bypass-authentication |
| |
CVE-2000-0851 | ATSTAKE:A090700-1 MS:MS00-065 BID:1651 XF:w2k-still-image-service |
| |
CVE-2000-0852 | FREEBSD:FreeBSD-SA-00:49 BID:1686 XF:freebsd-eject-port |
| |
CVE-2000-0853 | BUGTRAQ:20000909 YaBB 1.9.2000 Vulnerabilitie BID:1668 XF:yabb-file-access |
| |
CVE-2000-0858 | BUGTRAQ:20000906 VIGILANTE-2000009: Invalid URL DoS MS:MS00-063 BID:1642 XF:iis-invald-url-dos |
| |
CVE-2000-0860 | BUGTRAQ:20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload BUGTRAQ:20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload CONFIRM:http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u MANDRAKE:MDKSA-2000:048 BID:1649 XF:php-file-upload |
| |
CVE-2000-0861 | BUGTRAQ:20000907 Mailman 1.1 + external archiver vulnerability FREEBSD:FreeBSD-SA-00:51 BID:1667 XF:mailman-execute-external-commands(5493) |
| |
CVE-2000-0862 | ALLAIRE:ASB00-23 XF:allaire-spectra-admin-access |
| |
CVE-2000-0863 | FREEBSD:FreeBSD-SA-00:50 XF:listmanager-port-bo |
| |
CVE-2000-0864 | FREEBSD:FreeBSD-SA-00:45 BUGTRAQ:20000911 Patch for esound-0.2.19 MANDRAKE:MDKSA-2000:051 REDHAT:RHSA-2000:077-03 DEBIAN:20001008 esound: race condition BUGTRAQ:20001006 Immunix OS Security Update for esound SUSE:20001012 esound daemon race condition BID:1659 XF:gnome-esound-symlink |
| |
CVE-2000-0865 | BUGTRAQ:20000916 Advisory: Tridia DoubleVision / SCO UnixWare BID:1697 XF:doublevision-dvtermtype-bo |
| |
CVE-2000-0867 | BUGTRAQ:20000917 klogd format bug REDHAT:RHSA-2000:061-02 DEBIAN:20000919 MANDRAKE:MDKSA-2000:050 CALDERA:CSSA-2000-032.0 TURBO:TLSA2000022-2 SUSE:20000920 syslogd + klogd format string parsing error BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd XF:klogd-format-string |
| |
CVE-2000-0868 | ATSTAKE:A090700-2 SUSE:20000907 BID:1658 XF:suse-apache-cgi-source-code |
| |
CVE-2000-0869 | ATSTAKE:A090700-3 SUSE:20000907 BID:1656 XF:apache-webdav-directory-listings |
| |
CVE-2000-0870 | BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks BID:1675 XF:eftp-bo |
| |
CVE-2000-0871 | BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks BID:1677 XF:eftp-newline-dos |
| |
CVE-2000-0873 | BUGTRAQ:20000903 aix allows clearing the interface stats BID:1660 XF:aix-clear-netstat |
| |
CVE-2000-0878 | BUGTRAQ:20000911 Fwd: Poor variable checking in mailto.cgi BID:1669 XF:mailto-piped-address |
| |
CVE-2000-0883 | MANDRAKE:MDKSA-2000:046 BID:1678 XF:linux-mod-perl |
| |
CVE-2000-0884 | BUGTRAQ:20001017 IIS %c1%1c remote command execution MS:MS00-078 BID:1806 XF:iis-unicode-translation |
| |
CVE-2000-0886 | BUGTRAQ:20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability MS:MS00-086 BID:1912 XF:iis-invalid-filename-passing(5470) |
| |
CVE-2000-0887 | BUGTRAQ:20001107 BIND 8.2.2-P5 Possible DOS CERT:CA-2000-20 REDHAT:RHSA-2000:107-01 DEBIAN:20001112 bind: remote Denial of Service BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils) SUSE:SuSE-SA:2000:45 IBM:ERS-SVA-E01-2000:005.1 MANDRAKE:MDKSA-2000:067 CONECTIVA:CLSA-2000:338 CONECTIVA:CLSA-2000:339 BID:1923 XF:bind-zxfr-dos(5540) |
| |
CVE-2000-0888 | CERT:CA-2000-20 REDHAT:RHSA-2000:107-01 MANDRAKE:MDKSA-2000:067 CONECTIVA:CLSA-2000:338 CONECTIVA:CLSA-2000:339 DEBIAN:20001112 bind: remote Denial of Service IBM:ERS-SVA-E01-2000:005.1 SUSE:SuSE-SA:2000:45 XF:bind-srv-dos(5814) |
| |
CVE-2000-0900 | BUGTRAQ:20001002 thttpd ssi: retrieval of arbitrary world-readable files FREEBSD:FreeBSD-SA-00:73 XF:acme-thttpd-ssi BID:1737 |
| |
CVE-2000-0901 | BUGTRAQ:20000906 Screen-3.7.6 local compromise BUGTRAQ:20000905 screen 3.9.5 root vulnerability DEBIAN:20000902 screen: local exploit MANDRAKE:MDKSA-2000:044 SUSE:20000906 screen format string parsing security problem REDHAT:RHSA-2000:058-03 FREEBSD:FreeBSD-SA-00:46 BID:1641 XF:screen-format-string |
| |
CVE-2000-0908 | BUGTRAQ:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H) WIN2KSEC:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H) CONFIRM:http://www.netcplus.com/browsegate.htm#BGLatest XF:browsegate-http-dos BID:1702 |
| |
CVE-2000-0909 | BUGTRAQ:20000922 [ no subject ] BUGTRAQ:20001031 FW: Pine 4.30 now available FREEBSD:FreeBSD-SA-00:59 REDHAT:RHSA-2000-102-04 MANDRAKE:MDKSA-2000:073 BID:1709 XF:pine-check-mail-bo |
| |
CVE-2000-0910 | BUGTRAQ:20000908 horde library bug - unchecked from-address DEBIAN:20000910 imp: remote compromise CONFIRM:http://ssl.coc-ag.de/sec/hordelib-1.2.0.frombug.patch BID:1674 XF:horde-imp-sendmail-command |
| |
CVE-2000-0911 | BUGTRAQ:20000912 (SRADV00003) Arbitrary file disclosure through IMP BID:1679 XF:imp-attach-file |
| |
CVE-2000-0912 | BUGTRAQ:20000913 MultiHTML vulnerability XF:http-cgi-multihtml |
| |
CVE-2000-0913 | BUGTRAQ:20000929 Security vulnerability in Apache mod_rewrite MANDRAKE:MDKSA-2000:060 REDHAT:RHSA-2000:088-04 CALDERA:CSSA-2000-035.0 HP:HPSBUX0010-126 BUGTRAQ:20001011 Conectiva Linux Security Announcement - apache BID:1728 XF:apache-rewrite-view-files |
| |
CVE-2000-0914 | BUGTRAQ:20001005 obsd_fun.c BID:1759 XF:bsd-arp-request-dos |
| |
CVE-2000-0915 | BUGTRAQ:20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable] FREEBSD:FreeBSD-SA-00:54 BID:1803 XF:freebsd-fingerd-files |
| |
CVE-2000-0917 | BUGTRAQ:20000925 Format strings: bug #2: LPRng CERT:CA-2000-22 CALDERA:CSSA-2000-033.0 REDHAT:RHSA-2000:065-06 FREEBSD:FreeBSD-SA-00:56 XF:lprng-format-string BID:1712 |
| |
CVE-2000-0919 | BUGTRAQ:20001007 PHPix advisory BID:1773 XF:phpix-dir-traversal |
| |
CVE-2000-0920 | BUGTRAQ:20001006 Vulnerability in BOA web server v0.94.8.2 FREEBSD:FreeBSD-SA-00:60 DEBIAN:20001009 boa: exposes contents of local files BID:1770 XF:boa-webserver-get-dir-traversal |
| |
CVE-2000-0921 | BUGTRAQ:20001007 Security Advisory: Hassan Consulting's shop.cgi Directory Traversal Vulnerability. BID:1777 XF:hassan-shopping-cart-dir-traversal |
| |
CVE-2000-0922 | BUGTRAQ:20001008 Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability BID:1776 XF:web-shopper-directory-traversal |
| |
CVE-2000-0923 | BUGTRAQ:20001006 Fwd: APlio PRO web shell XF:uclinux-apliophone-bin-execute BID:1784 |
| |
CVE-2000-0924 | BUGTRAQ:20001009 Master Index traverse advisory BID:1772 XF:master-index-directory-traversal |
| |
CVE-2000-0925 | BUGTRAQ:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2 WIN2KSEC:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2 BID:1734 XF:cyberoffice-world-readable-directory |
| |
CVE-2000-0926 | BUGTRAQ:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Cart WIN2KSEC:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Ca rt BID:1733 XF:cyberoffice-price-modification |
| |
CVE-2000-0928 | BUGTRAQ:20001006 DST2K0040: QuotaAdvisor 4.1 by WQuinn susceptible to any user bei ng able to list (not read) all files on any server running QuotaAdvisor. BID:1765 XF:quotaadvisor-list-files |
| |
CVE-2000-0929 | BUGTRAQ:20000929 Malformed Embedded Windows Media Player 7 OCX Attachment MS:MS00-068 BID:1714 XF:mediaplayer-outlook-dos |
| |
CVE-2000-0930 | BUGTRAQ:20001003 Pegasus mail file reading vulnerability BUGTRAQ:20001030 Pegasus Mail file reading vulnerability BID:1738 XF:pegasus-file-forwarding |
| |
CVE-2000-0932 | NTBUGTRAQ:20000926 FW: DOS for Content Technologies' MAILsweeper for SMTP. XF:mailsweeper-smtp-dos |
| |
CVE-2000-0933 | MS:MS00-069 BID:1729 XF:win2k-simplified-chinese-ime |
| |
CVE-2000-0934 | REDHAT:RHSA-2000:062-03 BID:1703 XF:glint-symlink |
| |
CVE-2000-0935 | BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities BID:1872 XF:samba-swat-logging-sym-link |
| |
CVE-2000-0936 | BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities BID:1874 XF:samba-swat-logfile-info |
| |
CVE-2000-0937 | BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities BID:1873 XF:samba-swat-brute-force |
| |
CVE-2000-0938 | BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities XF:samba-swat-brute-force(5442) |
| |
CVE-2000-0941 | BUGTRAQ:20001029 Remote command execution via KW Whois 1.0 BUGTRAQ:20001029 Re: Remote command execution via KW Whois 1.0 (addition) MISC:http://www.kootenayweb.bc.ca/scripts/whois.txt BID:1883 XF:kw-whois-meta |
| |
CVE-2000-0942 | BUGTRAQ:20001028 IIS 5.0 cross site scripting vulnerability - using .htw MS:MS00-084 BID:1861 XF:iis-htw-cross-scripting |
| |
CVE-2000-0943 | BUGTRAQ:20001027 Potential Security Problem in bftpd-1.0.11 BID:1858 XF:bftpd-user-bo |
| |
CVE-2000-0944 | BUGTRAQ:20001027 CGI-Bug: News Update 1.1 administration password bug BID:1881 XF:news-update-bypass-password |
| |
CVE-2000-0946 | NTBUGTRAQ:20001012 Security issue with Compaq Easy Access Keyboard software CONFIRM:http://www5.compaq.com/support/files/desktops/us/revision/1723.html XF:compaq-ea-elevate-privileges |
| |
CVE-2000-0947 | BUGTRAQ:20001002 Very probable remote root vulnerability in cfengine MANDRAKE:MDKSA-2000:061 NETBSD:NetBSD-SA2000-013 BID:1757 XF:cfengine-cfd-format-string |
| |
CVE-2000-0948 | BUGTRAQ:20001002 GnoRPM local /tmp vulnerability BUGTRAQ:20001003 Conectiva Linux Security Announcement - gnorpm MANDRAKE:MDKSA-2000:055 REDHAT:RHSA-2000:072-07 BUGTRAQ:20001011 Immunix OS Security Update for gnorpm package BID:1761 XF:gnorpm-temp-symlink |
| |
CVE-2000-0949 | BUGTRAQ:20000928 Very interesting traceroute flaw CALDERA:CSSA-2000-034.0 MANDRAKE:MDKSA-2000:053 REDHAT:RHSA-2000:078-02 DEBIAN:20001013 traceroute: local root exploit TURBO:TLSA2000023-1 BUGTRAQ:20000930 Conectiva Linux Security Announcement - traceroute BID:1739 XF:traceroute-heap-overflow |
| |
CVE-2000-0951 | ATSTAKE:A100400-1 MSKB:Q272079 BID:1756 XF:iis-index-dir-traverse |
| |
CVE-2000-0952 | NETBSD:NetBSD-SA2000-014 XF:global-execute-remote-commands |
| |
CVE-2000-0953 | BUGTRAQ:20001009 Shambala 4.5 vulnerability BID:1778 XF:shambala-connection-dos |
| |
CVE-2000-0956 | REDHAT:RHSA-2000:094-01 BID:1875 XF:cyrus-sasl-gain-access |
| |
CVE-2000-0957 | BUGTRAQ:20001026 (SRADV00004) Remote and local vulnerabilities in pam_mysql XF:pammysql-auth-input |
| |
CVE-2000-0958 | BUGTRAQ:20001025 HotJava Browser 3.0 JavaScript security vulnerability XF:hotjava-browser-dom-access |
| |
CVE-2000-0959 | BUGTRAQ:20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks BID:1719 XF:glibc-unset-symlink |
| |
CVE-2000-0960 | BUGTRAQ:20001011 Netscape Messaging server 4.15 poor error strings BID:1787 XF:netscape-messaging-email-verify |
| |
CVE-2000-0961 | BUGTRAQ:20000928 commercial products and security [ + new bug ] BID:1721 XF:netscape-messaging-list-dos |
| |
CVE-2000-0962 | BUGTRAQ:20000925 Nmap Protocol Scanning DoS against OpenBSD IPSEC OPENBSD:20000918 Bad ESP/AH packets could cause a crash under certain conditions. BID:1723 XF:openbsd-nmap-dos |
| |
CVE-2000-0965 | XF:hp-virtualvault-nsapi-dos HP:HPSBUX0010-124 |
| |
CVE-2000-0966 | HP:HPSBUX0010-125 XF:hp-lpspooler-bo |
| |
CVE-2000-0967 | ATSTAKE:A101200-1 MANDRAKE:MDKSA-2000:062 DEBIAN:20001014 php3: possible remote exploit DEBIAN:20001014 php4: possible remote exploit CALDERA:CSSA-2000-037.0 FREEBSD:FreeBSD-SA-00:75 BUGTRAQ:20001012 Conectiva Linux Security Announcement - mod_php3 BID:1786 XF:php-logging-format-string |
| |
CVE-2000-0968 | BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01 BUGTRAQ:20001027 Re: Half Life dedicated server Patch BID:1799 XF:halflife-server-changelevel-bo |
| |
CVE-2000-0969 | BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01 BUGTRAQ:20001027 Re: Half Life dedicated server Patch XF:halflife-rcon-format-string |
| |
CVE-2000-0970 | MS:MS00-080 XF:session-cookie-remote-retrieval |
| |
CVE-2000-0972 | BUGTRAQ:20001020 [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability XF:hp-crontab-read-files |
| |
CVE-2000-0973 | DEBIAN:20001013 curl and curl-ssl: remote exploit REDHAT:RHBA-2000:092-01 FREEBSD:FreeBSD-SA-00:72 BID:1804 XF:curl-error-bo |
| |
CVE-2000-0974 | BUGTRAQ:20001011 GPG 1.0.3 doesn't detect modifications to files with multiple signatures DEBIAN:20001111 gnupg: incorrect signature verification FREEBSD:FreeBSD-SA-00:67 REDHAT:RHSA-2000:089-04 CALDERA:CSSA-2000-038.0 MANDRAKE:MDKSA-2000:063-1 CONECTIVA:CLSA-2000:334 BUGTRAQ:20001025 Immunix OS Security Update for gnupg package XF:gnupg-message-modify BID:1797 |
| |
CVE-2000-0975 | BUGTRAQ:20001012 Anaconda Advisory XF:anaconda-apexec-directory-traversal |
| |
CVE-2000-0977 | BUGTRAQ:20001011 Mail File POST Vulnerability BID:1807 XF:mailfile-post-file-read |
| |
CVE-2000-0978 | BUGTRAQ:20001010 Big Brother Systems and Network Monitor vulnerability BID:1779 XF:bb4-netmon-execute-commands |
| |
CVE-2000-0979 | BUGTRAQ:20001012 NSFOCUS SA2000-05: Microsoft Windows 9x NETBIOS password MS:MS00-072 BID:1780 XF:win9x-share-level-password |
| |
CVE-2000-0980 | MS:MS00-073 BID:1781 XF:win-nmpi-packet-dos |
| |
CVE-2000-0981 | BUGTRAQ:20001023 [CORE SDI ADVISORY] MySQL weak authentication CONFIRM:http://www.mysql.com/documentation/mysql/commented/manual.php?section=Security XF:mysql-authentication |
| |
CVE-2000-0982 | MS:MS00-076 BID:1793 XF:ie-cache-info |
| |
CVE-2000-0983 | BUGTRAQ:20001018 Denial of Service attack against computers running Microsoft NetMeeting MS:MS00-077 MSKB:Q273854 BID:1798 XF:netmeeting-desktop-sharing-dos |
| |
CVE-2000-0984 | CISCO:20001025 Cisco IOS HTTP Server Query Vulnerability XF:cisco-ios-query-dos |
| |
CVE-2000-0989 | BUGTRAQ:20001020 DoS in Intel corporation 'InBusiness eMail Station' XF:intel-email-username-bo |
| |
CVE-2000-0990 | BUGTRAQ:20001016 Authentication failure in cmd5checkpw 0.21 CONFIRM:http://members.elysium.pl/brush/cmd5checkpw/changes.html BID:1809 XF:cmd5checkpw-qmail-bypass-authentication |
| |
CVE-2000-0991 | MS:MS00-079 BID:1815 XF:win-hyperterminal-telnet-bo |
| |
CVE-2000-0992 | BUGTRAQ:20000930 scp file transfer hole MANDRAKE:MDKSA-2000:057 BID:1742 XF:scp-overwrite-files |
| |
CVE-2000-0993 | OPENBSD:20001003 A format string vulnerability exists in the pw_error(3) function. NETBSD:NetBSD-SA2000-015 FREEBSD:FreeBSD-SA-00:58 BUGTRAQ:20001004 Re: OpenBSD Security Advisory BID:1744 XF:bsd-libutil-format |
| |
CVE-2000-0994 | BUGTRAQ:20001004 Re: OpenBSD Security Advisory OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch BID:1746 XF:bsd-fstat-format |
| |
CVE-2000-0995 | OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch XF:bsd-yp-passwd-format |
| |
CVE-2000-0996 | OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch XF:bsd-su-format |
| |
CVE-2000-1000 | BUGTRAQ:20001003 AOL Instant Messenger DoS BID:1747 XF:aim-file-transfer-dos |
| |
CVE-2000-1001 | BUGTRAQ:20001024 Price modification in Element InstantShop XF:instantshop-modify-price |
| |
CVE-2000-1002 | BUGTRAQ:20001012 Re: Netscape Messaging server 4.15 poor error strings XF:communigate-email-verify BID:1792 |
| |
CVE-2000-1003 | BUGTRAQ:20001012 NSFOCUS SA2000-04: Microsoft Win9x client driver type comparing vulnerability BID:1794 XF:win-netbios-driver-type-dos |
| |
CVE-2000-1004 | BUGTRAQ:20001004 Re: OpenBSD Security Advisory XF:bsd-photurisd-format |
| |
CVE-2000-1005 | BUGTRAQ:20001009 Security Advisory : eXtropia WebStore (web_store.cgi) Directory Traversal Vulnerability BID:1774 XF:extropia-webstore-fileread |
| |
CVE-2000-1006 | MS:MS00-082 XF:ms-exchange-mime-dos BID:1869 |
| |
CVE-2000-1007 | NTBUGTRAQ:20001025 I-gear 3.5.x for Microsoft Proxy logging vulnerability + temporary fix. XF:igear-invalid-log(5791) |
| |
CVE-2000-1010 | BUGTRAQ:20001006 talkd [WAS: Re: OpenBSD Security Advisory] BID:1764 XF:linux-talkd-overwrite-root |
| |
CVE-2000-1011 | FREEBSD:FreeBSD-SA-00:53 XF:freebsd-catopen-bo |
| |
CVE-2000-1014 | BUGTRAQ:20000927 Unixware SCOhelp http server format string vulnerability BID:1717 XF:unixware-scohelp-format |
| |
CVE-2000-1016 | BUGTRAQ:20000921 httpd.conf in Suse 6.4 BID:1707 XF:suse-installed-packages-exposed |
| |
CVE-2000-1018 | BUGTRAQ:20001010 Shred 1.0 Bug Report BUGTRAQ:20001011 Shred v1.0 Fix BID:1788 XF:shred-recover-files |
| |
CVE-2000-1019 | BUGTRAQ:20001030 Ultraseek 3.1.x Remote DoS Vulnerability BID:1866 XF:ultraseek-malformed-url-dos |
| |
CVE-2000-1022 | BUGTRAQ:20000919 Cisco PIX Firewall (smtp content filtering hack) BUGTRAQ:20000920 Re: Cisco PIX Firewall (smtp content filtering hack) - Version 4.2(1) not exploitable CISCO:20001005 Cisco Secure PIX Firewall Mailguard Vulnerability BID:1698 XF:cisco-pix-smtp-filtering |
| |
CVE-2000-1024 | BUGTRAQ:20001101 Unify eWave ServletExec upload BID:1876 XF:ewave-servletexec-file-upload |
| |
CVE-2000-1026 | FREEBSD:FreeBSD-SA-00:61 SUSE:SuSE-SA:2000:46 DEBIAN:20001120 tcpdump: remote denial of service BID:1870 XF:tcpdump-afs-packet-overflow(5480) |
| |
CVE-2000-1027 | BUGTRAQ:20001003 Cisco PIX Firewall allow external users to discover internal IPs BID:1877 XF:cisco-pix-reveal-address |
| |
CVE-2000-1031 | BUGTRAQ:20000810 Re: Possible vulnerability in HPUX ( Add vulnerability List ) HP:HPSBUX0011-128 BID:1889 XF:hp-dtterm(5461) |
| |
CVE-2000-1032 | BUGTRAQ:20001101 Re: Samba 2.0.7 SWAT vulnerabilities BID:1890 XF:fw1-login-response(5816) |
| |
CVE-2000-1034 | BUGTRAQ:20001106 System Monitor ActiveX Buffer Overflow Vulnerability MS:MS00-085 BID:1899 XF:system-monitor-activex-bo(5467) |
| |
CVE-2000-1036 | BUGTRAQ:20000920 Extent RBS directory Transversal. BID:1704 XF:rbs-isp-directory-traversal |
| |
CVE-2000-1038 | AIXAPAR:SA90544 CONFIRM:http://as400service.rochester.ibm.com/n_dir/nas4apar.NSF/5ec6cdc6ab42894a862568f90073c74a/9ce636030a58807186256955003d128d?OpenDocument XF:as400-firewall-dos |
| |
CVE-2000-1040 | DEBIAN:20001014 nis: local exploit MANDRAKE:MDKSA-2000:064 SUSE:SuSE-SA:2000:042 REDHAT:RHSA-2000:086-05 CALDERA:CSSA-2000-039.0 BUGTRAQ:20001025 Immunix OS Security Update for ypbind package BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind XF:ypbind-printf-format-string BID:1820 |
| |
CVE-2000-1041 | MANDRAKE:MDKSA-2000:064 SUSE:SuSE-SA:2000:042 CALDERA:CSSA-2000-039.0 XF:ypbind-remote-bo |
| |
CVE-2000-1042 | MANDRAKE:MDKSA-2000:064 XF:linux-ypserv-bo |
| |
CVE-2000-1043 | MANDRAKE:MDKSA-2000:064 XF:linux-ypserv-format-string |
| |
CVE-2000-1044 | SUSE:SuSE-SA:2000:042 BID:1820 XF:ypbind-printf-format-string |
| |
CVE-2000-1045 | REDHAT:RHSA-2000:024 MANDRAKE:MDKSA-2000-066 BID:1863 XF:nssldap-nscd-dos |
| |
CVE-2000-1049 | BUGTRAQ:20001101 Allaire's JRUN DoS ALLAIRE:ASB00-030 XF:allaire-jrun-servlet-dos |
| |
CVE-2000-1050 | BUGTRAQ:20001023 Allaire's JRUN Unauthenticated Access to WEB-INF directory ALLAIRE:ASB00-027 XF:allaire-jrun-webinf-access |
| |
CVE-2000-1051 | BUGTRAQ:20001023 Allaire JRUN 2.3 Arbitrary File Retrieval ALLAIRE:ASB00-028 XF:allaire-jrun-ssifilter-url |
| |
CVE-2000-1054 | CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server BID:1705 XF:ciscosecure-csadmin-bo |
| |
CVE-2000-1055 | CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server BID:1706 XF:ciscosecure-tacacs-dos |
| |
CVE-2000-1056 | CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server BID:1708 XF:ciscosecure-ldap-bypass-authentication |
| |
CVE-2000-1057 | HP:HPSBUX0009-120 BID:1682 XF:hp-openview-nnm-scripts |
| |
CVE-2000-1058 | BUGTRAQ:20000926 DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2) HP:HPSBUX0009-121 XF:openview-nmm-snmp-bo |
| |
CVE-2000-1059 | BUGTRAQ:20000929 Mandrake 7.1 bypasses Xauthority X session security. MANDRAKE:MDKSA-2000:052 BID:1735 XF:xinitrc-bypass-xauthority |
| |
CVE-2000-1060 | BUGTRAQ:20001002 Local vulnerability in XFCE 3.5.1 FREEBSD:FreeBSD-SA-00:65 BID:1736 XF:xinitrc-bypass-xauthority |
| |
CVE-2000-1061 | MS:MS00-075 XF:java-vm-applet |
| |
CVE-2000-1068 | BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again) CONFIRM:http://www.cgi-world.com/pollit.html XF:pollit-polloptions-execute-commands |
| |
CVE-2000-1069 | BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again) XF:pollit-admin-password-var |
| |
CVE-2000-1070 | BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again) XF:pollit-webroot-gain-access |
| |
CVE-2000-1071 | ATSTAKE:A100900-1 BID:1767 XF:ical-xhost-gain-privileges |
| |
CVE-2000-1072 | ATSTAKE:A100900-1 BID:1768 XF:ical-iplncal-gain-access |
| |
CVE-2000-1073 | ATSTAKE:A100900-1 BID:1769 XF:ical-csstart-gain-access |
| |
CVE-2000-1074 | ATSTAKE:A100900-1 BID:1769 XF:ical-csstart-gain-access |
| |
CVE-2000-1077 | BUGTRAQ:20001026 Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module XF:iplanet-web-server-shtml-bo |
| |
CVE-2000-1080 | BUGTRAQ:20001102 dos on quake1 servers CONFIRM:http://proquake.ai.mit.edu/ BID:1900 XF:quake-empty-udp-dos(5527) |
| |
CVE-2000-1089 | ATSTAKE:A120400-1 MS:MS00-094 BID:2048 XF:phone-book-service-bo(5623) |
| |
CVE-2000-1094 | ATSTAKE:A121200-1 BUGTRAQ:20001213 Administrivia & AOL IM Advisory BUGTRAQ:20001214 Re: AIM & @stake's advisory XF:aolim-buddyicon-bo |
| |
CVE-2000-1095 | BUGTRAQ:20001112 RedHat 7.0 (and SuSE): modutils + netkit = root compromise. (fwd) SUSE:SuSE-SA:2000:44 MANDRAKE:MDKSA-2000:071 REDHAT:RHSA-2000:108-05 DEBIAN:20001120 modutils: local exploit CONECTIVA:CLSA-2000:340 BID:1936 XF:linux-modprobe-execute-code |
| |
CVE-2000-1096 | BUGTRAQ:20001116 vixie cron... DEBIAN:20001118 cron: local privilege escalation BID:1960 XF:vixie-cron-execute-commands(5543) |
| |
CVE-2000-1097 | BUGTRAQ:20001129 DoS in Sonicwall SOHO firewall BUGTRAQ:20001201 FW: SonicWALL SOHO Vulnerability (fwd) BID:2013 XF:sonicwall-soho-dos(5596) |
| |
CVE-2000-1099 | SUN:00199 HP:HPSBUX0011-132 XF:jdk-untrusted-java-class(5605) |
| |
CVE-2000-1106 | BUGTRAQ:20001128 TrendMicro InterScan VirusWall shared folder problem BUGTRAQ:20001201 Responding to BugTraq ID 2014 - Trend Micro InterScan VirusWall Shared Directory Vulnerability BID:2014 XF:interscan-viruswall-unauth-access |
| |
CVE-2000-1107 | BUGTRAQ:20001128 SuSE Linux 6.x 7.0 Ident buffer overflow BID:2015 XF:linux-ident-bo |
| |
CVE-2000-1112 | MS:MS00-090 BID:1976 XF:mediaplayer-wms-script-exe |
| |
CVE-2000-1113 | ATSTAKE:A112300-1 MS:MS00-090 BID:1980 XF:mediaplayer-asx-bo |
| |
CVE-2000-1115 | BUGTRAQ:20001122 602Pro Lan Suite Web Admin Overflow CONFIRM:http://www.software602.com/products/ls/support/newbuild.html BID:1979 XF:software602-lan-suite-bo |
| |
CVE-2000-1120 | BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities AIXAPAR:IY08143 AIXAPAR:IY08287 BID:2033 XF:aix-digest-bo(5620) |
| |
CVE-2000-1131 | BUGTRAQ:20001110 [hacksware] gbook.cgi remote command execution vulnerability BID:1940 XF:gbook-cgi-remote-execution |
| |
CVE-2000-1132 | BUGTRAQ:20001114 Cgisecurity.com advisory on dcforum BID:1951 CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/124.html#1 XF:dcforum-cgi-view-files(5533) |
| |
CVE-2000-1135 | DEBIAN:20001130 DSA-002-1 fsh: symlink attack XF:linux-fsh-symlink(5633) |
| |
CVE-2000-1136 | BUGTRAQ:20001122 New version of elvis-tiny released BID:1984 XF:linux-tinyelvis-tmpfiles |
| |
CVE-2000-1137 | DEBIAN:20001129 DSA-001-1 ed: symlink attack MANDRAKE:MDKSA-2000:076 REDHAT:RHSA-2000:123-01 BUGTRAQ:20001211 Immunix OS Security update for ed CONECTIVA:CLA-2000:359-2 XF:gnu-ed-symlink(5723) |
| |
CVE-2000-1139 | MS:MS00-088 BID:1958 XF:ms-exchange-username-pwd(5537) |
| |
CVE-2000-1140 | BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs BID:1908 XF:mantrap-hidden-processes |
| |
CVE-2000-1141 | BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs XF:mantrap-hidden-processes |
| |
CVE-2000-1142 | BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs XF:mantrap-pwd-reveal-information |
| |
CVE-2000-1143 | BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs XF:mantrap-hidden-processes |
| |
CVE-2000-1144 | BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs BID:1909 BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs XF:mantrap-inode-disclosure |
| |
CVE-2000-1145 | BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs XF:mantrap-identify-processes |
| |
CVE-2000-1146 | BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs BID:1913 BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs XF:mantrap-dir-dos |
| |
CVE-2000-1148 | BUGTRAQ:20001104 Filesystem Access + VolanoChat = VChat admin (fwd) BUGTRAQ:20001106 Re: FW: Filesystem Access + VolanoChat = VChat admin (fwd) BID:1906 XF:volanochatpro-plaintext-password |
| |
CVE-2000-1149 | BUGTRAQ:20001108 [CORE SDI ADVISORY] MS NT4.0 Terminal Server Edition GINA buffer overflow MS:MS00-087 BID:1924 XF:nt-termserv-gina-bo |
| |
CVE-2000-1162 | CALDERA:CSSA-2000-041 MANDRAKE:MDKSA-2000:074 CONECTIVA:CLSA-2000:343 REDHAT:RHSA-2000:114-03 DEBIAN:20001123 ghostscript: symlink attack BID:1990 XF:ghostscript-sym-link |
| |
CVE-2000-1163 | CALDERA:CSSA-2000-041 MANDRAKE:MDKSA-2000:074 CONECTIVA:CLSA-2000:343 DEBIAN:20001123 ghostscript: symlink attack BID:1991 XF:ghostscript-env-variable |
| |
CVE-2000-1167 | FREEBSD:FreeBSD-SA-00:70 BID:1974 XF:freebsd-ppp-bypass-gateway(5584) |
| |
CVE-2000-1169 | BUGTRAQ:20001123 OpenSSH Security Advisory (adv.fwd) MANDRAKE:MDKSA-2000:068 BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils) DEBIAN:20001118 openssh: possible remote exploit CONECTIVA:CLSA-2000:345 REDHAT:RHSA-2000-111 SUSE:SuSE-SA:2000:47 BID:1949 XF:openssh-unauthorized-access(5517) |
| |
CVE-2000-1178 | BUGTRAQ:20001116 Joe's Own Editor File Link Vulnerability REDHAT:RHSA-2000:110-06 MANDRAKE:MDKSA-2000:072 CONECTIVA:CLA-2000:356 DEBIAN:20001121 joe: symlink attack DEBIAN:20001201 DSA-003-1 joe: symlink attack BUGTRAQ:20001121 Immunix OS Security update for joe BID:1959 XF:joe-symlink-corruption(5546) |
| |
CVE-2000-1179 | BUGTRAQ:20001115 Netopia ISDN Router 650-ST: Viewing of all system logs without login BID:1952 XF:netopia-view-system-log(5536) |
| |
CVE-2000-1181 | BUGTRAQ:20001116 [CORE SDI ADVISORY] RealServer memory contents disclosure CONFIRM:http://service.real.com/help/faq/security/memory.html BID:1957 XF:realserver-gain-access(5538) |
| |
CVE-2000-1182 | BUGTRAQ:20001116 Possible Watchguard Firebox II DoS CONFIRM:https://www.watchguard.com/support/patches.html BID:1953 XF:watchguard-firebox-ftp-dos(5535) |
| |
CVE-2000-1184 | FREEBSD:FreeBSD-SA-00:69 XF:telnetd-termcap-dos(5959) |
| |
CVE-2000-1187 | REDHAT:RHSA-2000:109-05 CONECTIVA:CLSA-2000:344 SUSE:SuSE-SA:2000:48 FREEBSD:FreeBSD-SA-00:66 BUGTRAQ:20001121 Immunix OS Security update for netscape XF:netscape-client-html-bo |
| |
CVE-2000-1189 | REDHAT:RHSA-2000:120 CONECTIVA:CLA-2000:358 MANDRAKE:MDKSA-2000:082-1 XF:pam-localuser-bo(5747) |