| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2000-0469 |
|
|
|
2000-02-02 |
2008-09-10 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. |
|
2 |
CVE-2000-0222 |
|
|
|
2000-02-15 |
2019-04-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs. |
|
3 |
CVE-2000-0221 |
|
|
DoS |
2000-02-25 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port. |
|
4 |
CVE-2000-0220 |
|
|
|
2000-02-24 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event. |
|
5 |
CVE-2000-0219 |
264 |
|
|
2000-02-23 |
2015-11-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt. |
|
6 |
CVE-2000-0218 |
|
|
Overflow +Priv |
2000-02-03 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname. |
|
7 |
CVE-2000-0217 |
|
|
|
2000-02-24 |
2008-09-10 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. |
|
8 |
CVE-2000-0216 |
|
|
|
2000-02-29 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. |
|
9 |
CVE-2000-0215 |
|
|
+Priv |
2000-02-08 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges. |
|
10 |
CVE-2000-0213 |
|
|
Exec Code |
2000-02-23 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters. |
|
11 |
CVE-2000-0212 |
|
|
DoS |
2000-02-24 |
2018-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
InterAccess TelnetD Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information. |
|
12 |
CVE-2000-0211 |
|
|
DoS |
2000-02-23 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. |
|
13 |
CVE-2000-0209 |
|
|
Exec Code Overflow |
2000-02-27 |
2008-09-10 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. |
|
14 |
CVE-2000-0208 |
|
|
|
2000-02-29 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. |
|
15 |
CVE-2000-0204 |
|
|
DoS |
2000-02-28 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%. |
|
16 |
CVE-2000-0203 |
|
|
DoS |
2000-02-28 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345. |
|
17 |
CVE-2000-0196 |
|
|
Exec Code Overflow |
2000-02-28 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message. |
|
18 |
CVE-2000-0195 |
|
|
|
2000-02-24 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file. |
|
19 |
CVE-2000-0194 |
|
|
|
2000-02-24 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters. |
|
20 |
CVE-2000-0191 |
|
|
|
2000-02-29 |
2008-09-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack. |
|
21 |
CVE-2000-0188 |
|
|
Exec Code |
2000-02-27 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
EZShopper 3.0 search.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters. |
|
22 |
CVE-2000-0187 |
|
|
Exec Code |
2000-02-27 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters. |
|
23 |
CVE-2000-0186 |
|
|
Overflow +Priv |
2000-02-28 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. |
|
24 |
CVE-2000-0182 |
|
|
DoS |
2000-02-23 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic. |
|
25 |
CVE-2000-0179 |
|
|
DoS |
2000-02-28 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555. |
|
26 |
CVE-2000-0178 |
|
|
|
2000-02-28 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions. |
|
27 |
CVE-2000-0176 |
|
|
|
2000-02-29 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist. |
|
28 |
CVE-2000-0170 |
|
|
Overflow +Priv |
2000-02-26 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. |
|
29 |
CVE-2000-0166 |
|
|
Exec Code Overflow |
2000-02-21 |
2016-11-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name. |
|
30 |
CVE-2000-0164 |
|
|
|
2000-02-20 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords. |
|
31 |
CVE-2000-0162 |
|
|
|
2000-02-18 |
2021-07-22 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. |
|
32 |
CVE-2000-0161 |
|
|
Exec Code |
2000-02-18 |
2018-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. |
|
33 |
CVE-2000-0160 |
|
|
|
2000-02-21 |
2021-07-22 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. |
|
34 |
CVE-2000-0159 |
|
|
+Priv |
2000-02-17 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges. |
|
35 |
CVE-2000-0158 |
|
|
Overflow +Priv |
2000-02-16 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon. |
|
36 |
CVE-2000-0157 |
|
|
+Priv |
2000-02-01 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process. |
|
37 |
CVE-2000-0156 |
|
|
|
2000-02-16 |
2021-07-23 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. |
|
38 |
CVE-2000-0155 |
94 |
|
|
2000-02-18 |
2008-09-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. |
|
39 |
CVE-2000-0151 |
|
|
Exec Code |
2000-02-01 |
2008-09-10 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. |
|
40 |
CVE-2000-0150 |
|
|
Bypass |
2000-02-12 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt. |
|
41 |
CVE-2000-0149 |
|
|
|
2000-02-08 |
2018-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL. |
|
42 |
CVE-2000-0148 |
|
|
Bypass |
2000-02-08 |
2019-10-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. |
|
43 |
CVE-2000-0146 |
|
|
DoS |
2000-02-07 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet. |
|
44 |
CVE-2000-0145 |
|
|
|
2000-02-05 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions. |
|
45 |
CVE-2000-0144 |
|
|
Bypass |
2000-02-07 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack. |
|
46 |
CVE-2000-0142 |
|
|
DoS |
2000-02-11 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417. |
|
47 |
CVE-2000-0141 |
|
|
Exec Code |
2000-02-11 |
2008-09-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field. |
|
48 |
CVE-2000-0140 |
|
|
DoS |
2000-02-10 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections. |
|
49 |
CVE-2000-0137 |
|
|
|
2000-02-01 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The CartIt shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
|
50 |
CVE-2000-0136 |
|
|
|
2000-02-01 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Cart32 shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. |
