CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2000

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2000-0756 DoS 2000-10-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
102 CVE-2000-0761 DoS 2000-10-20 2008-09-05
5.0
None Remote Low Not required None None Partial
OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username.
103 CVE-2000-0764 DoS 2000-10-20 2017-10-10
5.0
None Remote Low Not required None None Partial
Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet.
104 CVE-2000-0773 Dir. Trav. 2000-10-20 2017-10-10
5.0
None Remote Low Not required Partial None None
Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack.
105 CVE-2000-0774 2000-10-20 2008-09-05
5.0
None Remote Low Not required Partial None None
The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals the real pathname of the web document root.
106 CVE-2000-0778 2000-10-20 2018-10-30
5.0
None Remote Low Not required Partial None None
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
107 CVE-2000-0782 2000-10-20 2017-10-10
5.0
None Remote Low Not required Partial None None
netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
108 CVE-2000-0783 DoS 2000-10-20 2017-10-10
5.0
None Remote Low Not required None None Partial
Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100.
109 CVE-2000-0785 2000-10-20 2016-10-18
5.0
None Remote Low Not required Partial None None
WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files via the importmotd command, which sets the Message of the Day (MOTD) to the specified file.
110 CVE-2000-1204 2000-10-13 2021-06-06
5.0
None Remote Low Not required Partial None None
Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
111 CVE-2000-0701 +Priv 2000-10-20 2008-09-10
4.6
None Local Low Not required Partial Partial Partial
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
112 CVE-2000-0730 +Priv 2000-10-20 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.
113 CVE-2000-0737 +Priv 2000-10-20 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.
114 CVE-2000-0748 2000-10-20 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
OpenLDAP 1.2.11 and earlier improperly installs the ud binary with group write permissions, which could allow any user in that group to replace the binary with a Trojan horse.
115 CVE-2000-0755 +Priv 2000-10-20 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges.
116 CVE-2000-0758 2000-10-20 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field.
117 CVE-2000-0786 Bypass 2000-10-20 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
118 CVE-2000-0789 +Priv 2000-10-20 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
WinU 5.x and earlier uses weak encryption to store its configuration password, which allows local users to decrypt the password and gain privileges.
119 CVE-2000-0790 2000-10-20 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.
120 CVE-2000-0791 2000-10-20 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
121 CVE-2000-1214 Overflow +Priv 2000-10-18 2016-10-18
4.6
None Local Low Not required Partial Partial Partial
Buffer overflows in the (1) outpack or (2) buf variables of ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, may allow local users to gain privileges.
122 CVE-2000-0799 +Priv 2000-10-20 2017-10-10
3.7
None Local High Not required Partial Partial Partial
inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.
123 CVE-2000-0802 2000-10-20 2016-10-18
3.6
None Local Low Not required Partial Partial None
The BAIR program does not properly restrict access to the Internet Explorer Internet options menu, which allows local users to obtain access to the menu by modifying the registry key that starts BAIR.
124 CVE-2000-0716 2000-10-20 2017-10-10
2.6
None Remote High Not required Partial None None
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.
125 CVE-2000-0726 2000-10-20 2017-10-10
2.6
None Remote High Not required Partial None None
CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.
126 CVE-2000-0767 2000-10-20 2021-07-23
2.6
None Remote High Not required Partial None None
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.
127 CVE-2000-0768 2000-10-20 2021-07-23
2.6
None Remote High Not required Partial None None
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
128 CVE-2000-0679 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
129 CVE-2000-0691 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
130 CVE-2000-0715 59 2000-10-20 2008-09-10
2.1
None Local Low Not required None Partial None
DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.
131 CVE-2000-0729 DoS 2000-10-20 2017-10-10
2.1
None Local Low Not required None None Partial
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
132 CVE-2000-0754 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.
133 CVE-2000-0771 DoS 2000-10-20 2018-10-12
2.1
None Local Low Not required None None Partial
Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
134 CVE-2000-0816 Exec Code 2000-10-06 2017-10-10
2.1
None Local Low Not required None Partial None
Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.
135 CVE-2000-0718 2000-10-20 2008-09-05
1.2
None Local High Not required None Partial None
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
136 CVE-2000-0723 2000-10-20 2008-09-05
1.2
None Local High Not required None None Partial
Helix GNOME Updater helix-update 0.5 and earlier does not properly create /tmp directories, which allows local users to create empty system configuration files such as /etc/config.d/bashrc, /etc/config.d/csh.cshrc, and /etc/rc.config.
Total number of vulnerabilities : 136   Page : 1 2 3 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.