CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2000

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2000-0712 +Priv 2000-10-20 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option.
52 CVE-2000-0714 2000-10-20 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable files.
53 CVE-2000-0725 2000-10-20 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
54 CVE-2000-0728 2000-10-20 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.
55 CVE-2000-0749 Overflow +Priv 2000-10-20 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.
56 CVE-2000-0752 Overflow +Priv 2000-10-20 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments.
57 CVE-2000-0763 +Priv 2000-10-20 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option.
58 CVE-2000-0777 2000-10-20 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability.
59 CVE-2000-0781 Exec Code 2000-10-20 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.
60 CVE-2000-0794 Overflow +Priv 2000-10-20 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as (1) gmemusage and (2) gr_osview.
61 CVE-2000-0795 Overflow +Priv 2000-10-20 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option.
62 CVE-2000-0796 Overflow +Priv 2000-10-20 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.
63 CVE-2000-0797 Overflow +Priv 2000-10-20 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option.
64 CVE-2000-0801 Overflow +Priv 2000-10-20 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in bdf program in HP-UX 11.00 may allow local users to gain root privileges via a long -t option.
65 CVE-2000-0759 2000-10-20 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
66 CVE-2000-0760 2000-10-20 2008-09-05
6.4
None Remote Low Not required Partial Partial None
The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
67 CVE-2000-0770 Bypass 2000-10-20 2018-10-30
6.4
None Remote Low Not required Partial Partial None
IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.
68 CVE-2000-0780 2000-10-20 2016-10-18
6.4
None Remote Low Not required Partial Partial None
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
69 CVE-2000-0031 +Priv 2000-10-20 2008-09-10
6.2
None Local High Not required Complete Complete Complete
The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.
70 CVE-2000-0719 2000-10-20 2008-09-05
6.2
None Local High Not required Complete Complete Complete
VariCAD 7.0 is installed with world-writeable files, which allows local users to replace the VariCAD programs with a Trojan horse program.
71 CVE-2000-0721 2000-10-20 2008-09-05
6.2
None Local High Not required Complete Complete Complete
The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses.
72 CVE-2000-0722 2000-10-20 2008-09-05
6.2
None Local High Not required Complete Complete Complete
Helix GNOME Updater helix-update 0.5 and earlier allows local users to install arbitrary RPM packages by creating the /tmp/helix-install installation directory before root has begun installing packages.
73 CVE-2000-0724 2000-10-20 2008-09-05
6.2
None Local High Not required Complete Complete Complete
The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files.
74 CVE-2000-0765 Exec Code Overflow 2000-10-20 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
75 CVE-1999-1563 DoS 2000-10-14 2008-09-05
5.0
None Remote Low Not required None None Partial
Nachuatec D435 and D445 printer allows remote attackers to cause a denial of service via ICMP redirect storm.
76 CVE-2000-0360 DoS Overflow 2000-10-20 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.
77 CVE-2000-0676 2000-10-20 2008-09-10
5.0
None Remote Low Not required Partial None None
Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.
78 CVE-2000-0678 2000-10-20 2008-09-10
5.0
None Remote Low Not required Partial None None
PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.
79 CVE-2000-0682 2000-10-20 2008-09-05
5.0
None Remote Low Not required Partial None None
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
80 CVE-2000-0683 2000-10-20 2008-09-05
5.0
None Remote Low Not required Partial None None
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
81 CVE-2000-0686 2000-10-20 2008-09-05
5.0
None Remote Low Not required Partial None None
Auction Weaver CGI script 1.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack in the fromfile parameter.
82 CVE-2000-0692 DoS 2000-10-20 2008-09-05
5.0
None Remote Low Not required None None Partial
ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a denial of service via a flood of fragmented packets with the SYN flag set.
83 CVE-2000-0698 2000-10-20 2017-10-10
5.0
None Remote Low Not required None Partial None
Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack.
84 CVE-2000-0700 Bypass 2000-10-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets.
85 CVE-2000-0705 2000-10-20 2008-09-10
5.0
None Remote Low Not required Partial None None
ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.
86 CVE-2000-0708 DoS Overflow 2000-10-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port.
87 CVE-2000-0709 DoS 2000-10-20 2008-09-05
5.0
None Remote Low Not required None None Partial
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
88 CVE-2000-0710 2000-10-20 2017-07-12
5.0
None Remote Low Not required Partial None None
The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
89 CVE-2000-0717 DoS 2000-10-20 2017-10-10
5.0
None Remote Low Not required None None Partial
GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands.
90 CVE-2000-0720 2000-10-20 2017-10-10
5.0
None Remote Low Not required None Partial None
news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.
91 CVE-2000-0731 Dir. Trav. 2000-10-20 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
92 CVE-2000-0732 DoS 2000-10-20 2017-10-10
5.0
None Remote Low Not required None None Partial
Worm HTTP server allows remote attackers to cause a denial of service via a long URL.
93 CVE-2000-0734 DoS 2000-10-20 2016-10-18
5.0
None Remote Low Not required None None Partial
eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections.
94 CVE-2000-0735 DoS Overflow 2000-10-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user replies to a message.
95 CVE-2000-0736 DoS Overflow 2000-10-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier allows remote attackers to cause a denial of service via a long Content-type: MIME header when the user forwards a message.
96 CVE-2000-0738 DoS 2000-10-20 2017-10-10
5.0
None Remote Low Not required None None Partial
WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail.
97 CVE-2000-0739 Dir. Trav. 2000-10-20 2017-10-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server.
98 CVE-2000-0740 Exec Code Overflow 2000-10-20 2017-10-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port.
99 CVE-2000-0742 DoS 2000-10-20 2018-10-12
5.0
None Remote Low Not required None None Partial
The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.
100 CVE-2000-0753 2000-10-20 2017-10-10
5.0
None Remote Low Not required None Partial None
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.
Total number of vulnerabilities : 136   Page : 1 2 (This Page)3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.