CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities Published In 2000

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-1239 Bypass 2000-12-31 2008-09-05
9.0
 Admin Remote Low Single system Complete Complete Complete
The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.
2 CVE-2000-1222 +Priv 2000-12-10 2008-09-05
7.2
 Admin Local Low Not required Complete Complete Complete
AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program.
3 CVE-2000-1038 DoS 2000-12-11 2008-09-05
5.0
 None Remote Low Not required None None Partial
The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request.
4 CVE-2000-0873 2000-11-14 2008-09-05
2.1
 None Local Low Not required None Partial None
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.
5 CVE-2000-0848 Exec Code Overflow 2000-11-14 2008-09-05
10.0
 Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header.
6 CVE-2000-0844 264 Exec Code 2000-11-14 2009-01-20
10.0
 Admin Remote Low Not required Complete Complete Complete
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
7 CVE-2000-0761 DoS 2000-10-20 2008-09-05
5.0
 None Remote Low Not required None None Partial
OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username.
8 CVE-2000-0677 Exec Code Overflow 2000-10-20 2008-09-05
10.0
 Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.
9 CVE-2000-0652 2000-07-24 2008-09-10
5.0
 None Remote Low Not required Partial None None
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.
10 CVE-2000-0505 2000-05-31 2008-09-10
5.0
 None Remote Low Not required Partial None None
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
11 CVE-2000-0497 2000-06-08 2008-09-10
5.0
 None Remote Low Not required Partial None None
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
12 CVE-2000-0466 +Priv 2000-06-20 2008-09-05
7.2
 Admin Local Low Not required Complete Complete Complete
AIX cdmount allows local users to gain root privileges via shell metacharacters.
13 CVE-2000-0441 2000-05-24 2008-09-10
5.0
 None Remote Low Not required None Partial None
Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems.
14 CVE-2000-0249 2000-04-26 2008-09-10
7.2
 Admin Local Low Not required Complete Complete Complete
The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program.
15 CVE-2000-0080 2000-01-10 2008-09-10
2.1
 None Local Low Not required None Partial None
AIX techlibss allows local users to overwrite files via a symlink attack.
16 CVE-1999-0693 Overflow +Priv 2000-03-02 2008-09-09
7.2
 Admin Local Low Not required Complete Complete Complete
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
Total number of vulnerabilities : 16   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.