CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2000

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-0613 2000-03-20 2008-09-10
5.0
None Remote Low Not required None None Partial
Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.
2 CVE-2000-0302 2000-03-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.
3 CVE-2000-0296 +Priv 2000-03-31 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck.
4 CVE-2000-0290 DoS Overflow 2000-03-31 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request.
5 CVE-2000-0289 2000-03-27 2008-09-10
5.0
None Remote Low Not required Partial None None
IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.
6 CVE-2000-0281 DoS Overflow 2000-03-26 2008-09-05
2.1
None Local Low Not required None None Partial
Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message.
7 CVE-2000-0247 +Priv 2000-03-22 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges.
8 CVE-2000-0246 2000-03-30 2008-09-10
5.0
None Remote Low Not required Partial None None
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
9 CVE-2000-0245 2000-03-27 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.
10 CVE-2000-0244 2000-03-29 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication.
11 CVE-2000-0243 DoS 2000-03-25 2008-09-10
5.0
None Remote Low Not required None None Partial
AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin.
12 CVE-2000-0242 Exec Code 2000-03-25 2008-09-10
5.0
None Remote Low Not required Partial None None
WindMail allows remote attackers to read arbitrary files or execute commands via shell metacharacters.
13 CVE-2000-0241 +Priv 2000-03-21 2008-09-10
5.0
None Remote Low Not required Partial None None
vqSoft vqServer stores sensitive information such as passwords in cleartext in the server.cfg file, which allows attackers to gain privileges.
14 CVE-2000-0240 2000-03-21 2008-09-10
5.0
None Remote Low Not required Partial None None
vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack.
15 CVE-2000-0239 DoS Overflow 2000-03-15 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in the MERCUR WebView WebMail server allows remote attackers to cause a denial of service via a long mail_user parameter in the GET request.
16 CVE-2000-0238 DoS Overflow 2000-03-17 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL.
17 CVE-2000-0237 2000-03-11 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.
18 CVE-2000-0236 2000-03-17 2008-09-10
5.0
None Remote Low Not required Partial None None
Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump.
19 CVE-2000-0235 Overflow +Priv 2000-03-27 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
20 CVE-2000-0234 2000-03-31 2008-09-10
5.0
None Remote Low Not required Partial None None
The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.
21 CVE-2000-0233 +Priv Bypass 2000-03-15 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.
22 CVE-2000-0232 DoS 2000-03-30 2008-09-10
2.1
None Local Low Not required None None Partial
Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.
23 CVE-2000-0231 +Priv 2000-03-16 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.
24 CVE-2000-0230 Overflow +Priv 2000-03-13 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.
25 CVE-2000-0229 +Priv 2000-03-22 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.
26 CVE-2000-0228 DoS 2000-03-17 2008-09-10
5.0
None Remote Low Not required None None Partial
Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability.
27 CVE-2000-0227 DoS 2000-03-23 2008-09-10
2.1
None Local Low Not required None None Partial
The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max paremeter, which allows local users to cause a denial of service by requesting a large number of sockets.
28 CVE-2000-0226 DoS Overflow 2000-03-20 2008-09-10
5.0
None Remote Low Not required None None Partial
IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."
29 CVE-2000-0225 2000-03-07 2008-09-10
5.0
None Remote Low Not required Partial None None
The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled.
30 CVE-2000-0223 Overflow +Priv 2000-03-10 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter.
31 CVE-2000-0207 Exec Code 2000-03-01 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.
32 CVE-2000-0206 +Priv 2000-03-05 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.
33 CVE-2000-0205 2000-03-03 2008-09-10
6.4
None Remote Low Not required None Partial Partial
Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.
34 CVE-2000-0202 +Priv 2000-03-08 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
35 CVE-2000-0201 Exec Code 2000-03-01 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.
36 CVE-2000-0200 DoS Exec Code Overflow 2000-03-06 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability.
37 CVE-2000-0199 2000-03-14 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
38 CVE-2000-0198 DoS Overflow 2000-03-15 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in POP3 and IMAP servers in the MERCUR mail server suite allows remote attackers to cause a denial of service.
39 CVE-2000-0193 +Priv 2000-03-02 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges.
40 CVE-2000-0192 2000-03-05 2008-09-10
5.0
None Remote Low Not required Partial None None
The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system.
41 CVE-2000-0190 DoS 2000-03-02 2008-09-10
5.0
None Remote Low Not required None None Partial
AOL Instant Messenger (AIM) client allows remote attackers to cause a denial of service via a message with a malformed ASCII value.
42 CVE-2000-0189 2000-03-01 2008-09-10
5.0
None Remote Low Not required Partial None None
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.
43 CVE-2000-0185 2000-03-08 2008-09-10
5.0
None Remote Low Not required Partial None None
RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private.
44 CVE-2000-0184 2000-03-09 2008-09-10
2.1
None Local Low Not required Partial None None
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
45 CVE-2000-0183 Exec Code Overflow 2000-03-10 2008-09-10
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability.
46 CVE-2000-0181 +Info 2000-03-11 2008-09-10
5.0
None Remote Low Not required Partial None None
Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection.
47 CVE-2000-0180 2000-03-14 2008-09-05
5.0
None Remote Low Not required Partial None None
Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack.
48 CVE-2000-0177 Exec Code 2000-03-02 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
DNSTools CGI applications allow remote attackers to execute arbitrary commands via shell metacharacters.
49 CVE-2000-0175 Overflow 2000-03-09 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.
50 CVE-2000-0174 2000-03-09 2008-09-10
5.0
None Remote Low Not required Partial None None
StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Total number of vulnerabilities : 57   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.