| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2000-0366 |
|
|
|
1999-12-02 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. |
|
2 |
CVE-2000-0361 |
|
|
|
1999-12-14 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information. |
|
3 |
CVE-2000-0358 |
|
|
|
1999-12-03 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program. |
|
4 |
CVE-2000-0357 |
|
|
|
1999-12-03 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys. |
|
5 |
CVE-2000-0139 |
|
|
DoS |
1999-12-03 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command. |
|
6 |
CVE-2000-0119 |
|
|
|
1999-12-22 |
2008-09-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. |
|
7 |
CVE-2000-0100 |
|
|
+Priv |
1999-12-29 |
2008-09-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. |
|
8 |
CVE-2000-0076 |
|
|
|
1999-12-30 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. |
|
9 |
CVE-2000-0068 |
|
|
|
1999-12-14 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail. |
|
10 |
CVE-2000-0060 |
|
|
DoS Overflow |
1999-12-27 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name. |
|
11 |
CVE-2000-0043 |
|
|
Exec Code Overflow |
1999-12-30 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request. |
|
12 |
CVE-2000-0042 |
|
|
DoS Exec Code Overflow |
1999-12-29 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command. |
|
13 |
CVE-2000-0041 |
|
|
|
1999-12-28 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. |
|
14 |
CVE-2000-0040 |
|
|
+Priv |
1999-12-23 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. |
|
15 |
CVE-2000-0039 |
|
|
|
1999-12-29 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. |
|
16 |
CVE-2000-0038 |
|
|
|
1999-12-23 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
glFtpD includes a default glftpd user account with a default password and a UID of 0. |
|
17 |
CVE-2000-0037 |
|
|
+Priv |
1999-12-28 |
2008-09-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. |
|
18 |
CVE-2000-0036 |
|
|
|
1999-12-22 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. |
|
19 |
CVE-2000-0035 |
|
|
+Priv |
1999-12-28 |
2008-09-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
resend command in Majordomo allows local users to gain privileges via shell metacharacters. |
|
20 |
CVE-2000-0034 |
|
|
|
1999-12-22 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." |
|
21 |
CVE-2000-0033 |
|
|
|
1999-12-27 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments. |
|
22 |
CVE-2000-0032 |
|
|
|
1999-12-22 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database. |
|
23 |
CVE-2000-0030 |
|
|
|
1999-12-22 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database. |
|
24 |
CVE-2000-0029 |
|
|
+Priv |
1999-12-27 |
2008-09-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack. |
|
25 |
CVE-2000-0028 |
|
|
Bypass |
1999-12-23 |
2008-09-10 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. |
|
26 |
CVE-2000-0027 |
|
|
+Priv |
1999-12-27 |
2008-09-10 |
6.2 |
Admin |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. |
|
27 |
CVE-2000-0026 |
|
|
Overflow |
1999-12-21 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. |
|
28 |
CVE-2000-0025 |
|
|
|
1999-12-21 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. |
|
29 |
CVE-2000-0024 |
|
|
Bypass |
1999-12-21 |
2008-09-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. |
|
30 |
CVE-2000-0023 |
|
|
DoS Overflow |
1999-12-21 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. |
|
31 |
CVE-2000-0022 |
|
|
|
1999-12-21 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory. |
|
32 |
CVE-2000-0021 |
|
|
|
1999-12-01 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin. |
|
33 |
CVE-2000-0020 |
|
|
DoS |
1999-12-20 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
DNS PRO allows remote attackers to conduct a denial of service via a large number of connections. |
|
34 |
CVE-2000-0018 |
|
|
+Priv |
1999-12-22 |
2008-09-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file. |
|
35 |
CVE-2000-0017 |
|
|
Overflow +Priv |
1999-12-21 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter. |
|
36 |
CVE-2000-0015 |
|
|
+Priv |
1999-12-31 |
2008-09-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
CascadeView TFTP server allows local users to gain privileges via a symlink attack. |
|
37 |
CVE-2000-0014 |
|
|
DoS |
1999-12-28 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Denial of service in Savant web server via a null character in the requested URL. |
|
38 |
CVE-2000-0013 |
|
|
+Priv |
1999-12-31 |
2008-09-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program. |
|
39 |
CVE-2000-0012 |
|
|
Exec Code Overflow |
1999-12-27 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. |
|
40 |
CVE-2000-0011 |
|
|
Exec Code Overflow |
1999-12-31 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request. |
|
41 |
CVE-2000-0010 |
|
|
Exec Code |
1999-12-26 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter. |
|
42 |
CVE-2000-0009 |
|
|
Exec Code |
1999-12-29 |
2008-09-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands. |
|
43 |
CVE-2000-0008 |
|
|
|
1999-12-26 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
FTPPro allows local users to read sensitive information, which is stored in plain text. |
|
44 |
CVE-2000-0007 |
|
|
DoS |
1999-12-29 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service. |
|
45 |
CVE-2000-0006 |
|
|
|
1999-12-25 |
2008-09-10 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
strace allows local users to read arbitrary files via memory mapped file names. |
|
46 |
CVE-2000-0004 |
|
|
|
1999-12-01 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL. |
|
47 |
CVE-2000-0003 |
|
|
Overflow +Priv |
1999-12-30 |
2008-09-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable. |
|
48 |
CVE-2000-0002 |
|
|
Exec Code Overflow |
1999-12-22 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request. |
|
49 |
CVE-2000-0001 |
|
|
DoS |
1999-12-23 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
RealMedia server allows remote attackers to cause a denial of service via a long ramgen request. |
|
50 |
CVE-1999-1592 |
|
|
|
1999-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in sendmail 5, as installed on Sun SunOS 4.1.3_U1 and 4.1.4, have unspecified attack vectors and impact. NOTE: this might overlap CVE-1999-0129. |
