Security Vulnerabilities, CVEs, Published In 2000

Buffer overflow in HP-UX cstm program allows local users to gain root privileges.

Eudora 4.1 allows remote attackers to perform a denial of service by sending attachments with long file names.

A Windows NT administrator account has the default name of Administrator.

A system does not present an appropriate legal message or warning to a user who is accessing it.

A Windows NT system does not clear the system page file during shutdown, which might allow sensitive information to be recorded.

Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.

The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack.

The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs.

After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.

Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.

KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.

Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.

Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.

A remote attacker can read information from a Netscape user's cache via JavaScript.

Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.

Buffer overflow in Internet Explorer 4.0 via EMBED tag.

Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.

Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.

The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.

Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.

HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).

Netscape Navigator uses weak encryption for storing a user's Netscape mail password.

xsoldier program allows local users to gain root access via a long argument.

Nachuatec D435 and D445 printer allows remote attackers to cause a denial of service via ICMP redirect storm.

The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions of Windows NT 4.0 and Windows NT Server 4.0 before SP6 allows remote attackers to cause a denial of service (resource consumption) by creating a large number of arbitrary files on the target machine.