| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2000-0358 |
|
|
|
1999-12-03 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program. |
|
2 |
CVE-2000-0357 |
|
|
|
1999-12-03 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys. |
|
3 |
CVE-2000-0119 |
|
|
|
1999-12-22 |
2016-10-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. |
|
4 |
CVE-2000-0100 |
|
|
+Priv |
1999-12-29 |
2018-10-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. |
|
5 |
CVE-2000-0068 |
|
|
|
1999-12-14 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail. |
|
6 |
CVE-2000-0060 |
|
|
DoS Overflow |
1999-12-27 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name. |
|
7 |
CVE-2000-0043 |
|
|
Exec Code Overflow |
1999-12-30 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request. |
|
8 |
CVE-2000-0042 |
|
|
DoS Exec Code Overflow |
1999-12-29 |
2008-09-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command. |
|
9 |
CVE-2000-0041 |
|
|
|
1999-12-28 |
2021-09-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. |
|
10 |
CVE-2000-0040 |
|
|
+Priv |
1999-12-23 |
2022-08-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. |
|
11 |
CVE-2000-0039 |
|
|
|
1999-12-29 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. |
|
12 |
CVE-2000-0038 |
|
|
|
1999-12-23 |
2022-08-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
glFtpD includes a default glftpd user account with a default password and a UID of 0. |
|
13 |
CVE-2000-0037 |
|
|
+Priv |
1999-12-28 |
2016-10-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. |
|
14 |
CVE-2000-0036 |
|
|
|
1999-12-22 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. |
|
15 |
CVE-2000-0035 |
|
|
+Priv |
1999-12-28 |
2016-10-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
resend command in Majordomo allows local users to gain privileges via shell metacharacters. |
|
16 |
CVE-2000-0034 |
|
|
|
1999-12-22 |
2022-08-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." |
|
17 |
CVE-2000-0033 |
|
|
|
1999-12-27 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments. |
|
18 |
CVE-2000-0032 |
|
|
|
1999-12-22 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database. |
|
19 |
CVE-2000-0030 |
|
|
|
1999-12-22 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database. |
|
20 |
CVE-2000-0029 |
|
|
+Priv |
1999-12-27 |
2016-10-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack. |
|
21 |
CVE-2000-0027 |
|
|
+Priv |
1999-12-27 |
2008-09-10 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. |
|
22 |
CVE-2000-0026 |
|
|
Overflow |
1999-12-21 |
2016-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. |
|
23 |
CVE-2000-0025 |
|
|
|
1999-12-21 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. |
|
24 |
CVE-2000-0024 |
|
|
Bypass |
1999-12-21 |
2018-10-12 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. |
|
25 |
CVE-2000-0023 |
|
|
DoS Overflow |
1999-12-21 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. |
|
26 |
CVE-2000-0022 |
|
|
|
1999-12-21 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory. |
|
27 |
CVE-2000-0021 |
|
|
|
1999-12-01 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin. |
|
28 |
CVE-2000-0020 |
|
|
DoS |
1999-12-20 |
2022-08-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
DNS PRO allows remote attackers to conduct a denial of service via a large number of connections. |
|
29 |
CVE-2000-0018 |
|
|
+Priv |
1999-12-22 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file. |
|
30 |
CVE-2000-0017 |
|
|
Overflow +Priv |
1999-12-21 |
2022-08-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter. |
|
31 |
CVE-2000-0015 |
|
|
+Priv |
1999-12-31 |
2008-09-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
CascadeView TFTP server allows local users to gain privileges via a symlink attack. |
|
32 |
CVE-2000-0014 |
|
|
DoS |
1999-12-28 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of service in Savant web server via a null character in the requested URL. |
|
33 |
CVE-2000-0013 |
|
|
+Priv |
1999-12-31 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program. |
|
34 |
CVE-2000-0012 |
|
|
Exec Code Overflow |
1999-12-27 |
2008-09-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. |
|
35 |
CVE-2000-0011 |
|
|
Exec Code Overflow |
1999-12-31 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request. |
|
36 |
CVE-2000-0010 |
|
|
Exec Code |
1999-12-26 |
2022-08-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter. |
|
37 |
CVE-2000-0009 |
|
|
Exec Code |
1999-12-29 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands. |
|
38 |
CVE-2000-0007 |
|
|
DoS |
1999-12-29 |
2018-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service. |
|
39 |
CVE-2000-0004 |
|
|
|
1999-12-01 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL. |
|
40 |
CVE-2000-0003 |
|
|
Overflow +Priv |
1999-12-30 |
2016-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable. |
|
41 |
CVE-2000-0002 |
|
|
Exec Code Overflow |
1999-12-22 |
2016-10-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request. |
|
42 |
CVE-2000-0001 |
|
|
DoS |
1999-12-23 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
RealMedia server allows remote attackers to cause a denial of service via a long ramgen request. |
|
43 |
CVE-1999-1592 |
|
|
|
1999-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129. |
|
44 |
CVE-1999-1591 |
|
|
Bypass |
1999-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Internet Information Services (IIS) server 4.0 SP4, without certain hotfixes released for SP4, does not require authentication credentials under certain conditions, which allows remote attackers to bypass authentication requirements, as demonstrated by connecting via Microsoft Visual InterDev 6.0. |
|
45 |
CVE-1999-1590 |
|
|
Dir. Trav. |
1999-12-31 |
2008-09-05 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021. |
|
46 |
CVE-1999-1589 |
|
|
+Priv |
1999-12-31 |
2008-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors. |
|
47 |
CVE-1999-1588 |
|
1
|
Exec Code Overflow |
1999-12-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766. |
|
48 |
CVE-1999-1586 |
|
|
+Priv |
1999-12-31 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584. |
|
49 |
CVE-1999-1585 |
|
|
+Priv |
1999-12-31 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges. |
|
50 |
CVE-1999-1584 |
|
|
+Priv |
1999-12-31 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586. |
