CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2000

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-1244 Bypass 2000-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Computer Associates InoculateIT Agent for Exchange Server does not recognize an e-mail virus attachment if the SMTP header is missing the "From" field, which allows remote attackers to bypass virus protection.
2 CVE-2000-1243 +Info 2000-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Privacy leak in Dansie Shopping Cart 3.04, and probably earlier versions, sends sensitive information such as user credentials to an e-mail address controlled by the product developers.
3 CVE-2000-1242 2000-12-31 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
The HTTP service in American Power Conversion (APC) PowerChute uses a default username and password, which allows remote attackers to gain system access.
4 CVE-2000-1241 2000-12-31 2009-10-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Haakon Nilsen simple, integrated publishing system (SIPS) before 0.2.4 has an unknown impact and attack vectors, related to a "grave security fault."
5 CVE-2000-1240 +Info 2000-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 APR 00 allows remote attackers to obtain sensitive information via unknown attack vectors, which reveal the absolute path. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
6 CVE-2000-1239 Bypass 2000-12-31 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.
7 CVE-2000-1238 Bypass 2000-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages.
8 CVE-2000-1237 2000-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
The POP3 server in FTGate returns an -ERR code after receiving an invalid USER request, which makes it easier for remote attackers to determine valid usernames and conduct brute force password guessing.
9 CVE-2000-1236 Exec Code Sql 2000-12-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL.
10 CVE-2000-1235 2000-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.
11 CVE-2000-1234 2000-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters.
12 CVE-2000-1233 Sql 2000-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter.
13 CVE-2000-1232 2000-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method.
14 CVE-2000-1231 2000-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary files in the phorum directory via the query string.
15 CVE-2000-1230 2000-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".
16 CVE-2000-1229 Dir. Trav. 2000-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3.
17 CVE-2000-1228 2000-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.
18 CVE-2000-1227 DoS 2000-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause a denial of service (unavailable connections) by sending multiple SMB SMBnegprots requests but not reading the response that is sent back.
19 CVE-2000-1226 DoS 2000-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Snort 1.6, when running in straight ASCII packet logging mode or IDS mode with straight decoded ASCII packet logging selected, allows remote attackers to cause a denial of service (crash) by sending non-IP protocols that Snort does not know about, as demonstrated by an nmap protocol scan.
20 CVE-2000-1225 2000-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program.
21 CVE-2000-1222 +Priv 2000-12-10 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program.
22 CVE-2000-1212 2000-12-18 2008-09-10
5.0
None Remote Low Not required None Partial None
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
23 CVE-2000-1211 2000-12-16 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.
24 CVE-2000-1078 DoS 2000-12-11 2008-09-05
5.0
None Remote Low Not required None None Partial
ICQ Web Front HTTPd allows remote attackers to cause a denial of service by requesting a URL that contains a "?" character.
25 CVE-2000-1077 Exec Code Overflow 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension.
26 CVE-2000-1076 +Priv 2000-12-11 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server.
27 CVE-2000-1075 Dir. Trav. 2000-12-11 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.
28 CVE-2000-1074 +Priv 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.
29 CVE-2000-1073 +Priv 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.
30 CVE-2000-1072 Exec Code 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.
31 CVE-2000-1071 +Priv 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges.
32 CVE-2000-1070 2000-12-11 2008-09-05
5.0
None Remote Low Not required Partial None None
pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information.
33 CVE-2000-1069 2000-12-11 2008-09-05
6.4
None Remote Low Not required Partial Partial None
pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.
34 CVE-2000-1068 Exec Code 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter.
35 CVE-2000-1066 DoS 2000-12-11 2008-09-05
5.0
None Remote Low Not required None None Partial
The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows a remote attacker to cause a denial of service via a long DNS hostname.
36 CVE-2000-1065 DoS 2000-12-11 2008-09-05
5.0
None Remote Low Not required None None Partial
Vulnerability in IP implementation of HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service (printer crash) via a malformed packet.
37 CVE-2000-1064 DoS Overflow 2000-12-11 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the LPD service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.
38 CVE-2000-1063 DoS Overflow 2000-12-11 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the Telnet service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.
39 CVE-2000-1062 DoS Overflow 2000-12-11 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the FTP service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.
40 CVE-2000-1061 Exec Code Bypass 2000-12-11 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
41 CVE-2000-1060 +Priv Bypass 2000-12-11 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.
42 CVE-2000-1059 +Priv Bypass 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
43 CVE-2000-1058 DoS Exec Code Overflow 2000-12-11 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem."
44 CVE-2000-1057 +Priv 2000-12-11 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions.
45 CVE-2000-1056 Bypass 2000-12-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.
46 CVE-2000-1055 DoS Exec Code Overflow 2000-12-11 2013-08-14
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.
47 CVE-2000-1054 DoS Exec Code Overflow 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
48 CVE-2000-1053 Exec Code XSS 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.
49 CVE-2000-1052 2000-12-11 2008-09-05
5.0
None Remote Low Not required Partial None None
Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet.
50 CVE-2000-1051 Dir. Trav. 2000-12-11 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.
Total number of vulnerabilities : 212   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.