CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2000(Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-1244 Bypass 2000-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Computer Associates InoculateIT Agent for Exchange Server does not recognize an e-mail virus attachment if the SMTP header is missing the "From" field, which allows remote attackers to bypass virus protection.
2 CVE-2000-1239 Bypass 2000-12-31 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.
3 CVE-2000-1238 Bypass 2000-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.
4 CVE-2000-1221 Bypass 2000-01-08 2009-02-28
10.0
Admin Remote Low Not required Complete Complete Complete
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.
5 CVE-2000-1217 Bypass 2000-11-21 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
6 CVE-2000-1061 Exec Code Bypass 2000-12-11 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
7 CVE-2000-1060 +Priv Bypass 2000-12-11 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.
8 CVE-2000-1059 +Priv Bypass 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
9 CVE-2000-1056 Bypass 2000-12-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.
10 CVE-2000-1033 Bypass 2000-12-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users.
11 CVE-2000-0979 Bypass 2000-12-19 2008-09-05
6.4
None Remote Low Not required Partial Partial None
File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.
12 CVE-2000-0956 Bypass 2000-12-19 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.
13 CVE-2000-0927 Bypass 2000-12-19 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.
14 CVE-2000-0850 Bypass 2000-11-14 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.
15 CVE-2000-0813 Bypass 2000-11-14 2008-09-10
5.0
None Remote Low Not required Partial None None
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass."
16 CVE-2000-0808 Bypass 2000-11-14 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication."
17 CVE-2000-0806 DoS Bypass 2000-11-14 2008-09-10
5.0
None Remote Low Not required None None Partial
The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass."
18 CVE-2000-0804 Bypass 2000-11-14 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."
19 CVE-2000-0786 Bypass 2000-10-20 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
20 CVE-2000-0779 Bypass 2000-10-20 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests.
21 CVE-2000-0770 Bypass 2000-10-20 2008-09-05
6.4
None Remote Low Not required Partial Partial None
IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.
22 CVE-2000-0700 Bypass 2000-10-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets.
23 CVE-2000-0671 Bypass 2000-07-21 2008-09-10
5.0
None Remote Low Not required Partial None None
Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL.
24 CVE-2000-0621 Bypass 2000-07-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
25 CVE-2000-0611 DoS Bypass 2000-06-23 2008-09-05
5.0
None Remote Low Not required None None Partial
The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service.
26 CVE-2000-0610 Bypass 2000-06-23 2008-09-10
5.0
None Remote Low Not required None Partial None
NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return.
27 CVE-2000-0603 Bypass 2000-07-07 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability.
28 CVE-2000-0598 Bypass 2000-06-26 2008-09-10
5.0
None Remote Low Not required None Partial None
Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy.
29 CVE-2000-0591 Bypass 2000-07-05 2008-09-10
5.0
None Remote Low Not required None Partial None
Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL.
30 CVE-2000-0587 Bypass 2000-06-26 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.
31 CVE-2000-0553 Bypass 2000-05-26 2008-09-05
2.6
None Remote High Not required None Partial None
Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions.
32 CVE-2000-0431 Bypass 2000-05-22 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.
33 CVE-2000-0416 Bypass 2000-05-11 2008-09-10
5.0
None Remote Low Not required None Partial None
NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server.
34 CVE-2000-0385 Bypass 2000-05-02 2008-09-10
5.0
None Remote Low Not required None Partial None
FileMaker Pro 5 Web Companion allows remote attackers to bypass Field-Level database security restrictions via the XML publishing or email capabilities.
35 CVE-2000-0350 Bypass 2000-05-17 2008-09-10
5.0
None Remote Low Not required None Partial None
A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events.
36 CVE-2000-0342 Bypass 2000-04-28 2008-09-10
5.0
None Remote Low Not required None Partial None
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."
37 CVE-2000-0339 Bypass 2000-04-24 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules.
38 CVE-2000-0297 Bypass 2000-04-03 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables.
39 CVE-2000-0288 Bypass 2000-04-12 2008-09-10
5.0
None Remote Low Not required None Partial None
Infonautics getdoc.cgi allows remote attackers to bypass the payment phase for accessing documents via a modified form variable.
40 CVE-2000-0266 Bypass 2000-04-18 2008-09-10
2.6
None Remote High Not required Partial None None
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
41 CVE-2000-0233 +Priv Bypass 2000-03-15 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.
42 CVE-2000-0150 Bypass 2000-02-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt.
43 CVE-2000-0148 Bypass 2000-02-08 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.
44 CVE-2000-0144 Bypass 2000-02-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.
45 CVE-2000-0124 Bypass 2000-02-03 2008-09-10
2.1
None Local Low Not required Partial None None
surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions.
46 CVE-2000-0120 Bypass 2000-01-01 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter.
47 CVE-2000-0116 Bypass 2000-01-29 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag.
48 CVE-1999-0992 Bypass 2000-01-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).
Total number of vulnerabilities : 48   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.