CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2000(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-1236 Exec Code Sql 2000-12-31 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL.
2 CVE-2000-1223 Exec Code 2000-11-20 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
quikstore.cgi in Quikstore Shopping Cart allows remote attackers to execute arbitrary commands via shell metacharacters in the URL portion of an HTTP GET request.
3 CVE-2000-1220 Exec Code +Priv 2000-01-08 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.
4 CVE-2000-1205 79 Exec Code XSS 2000-02-01 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
5 CVE-2000-1077 Exec Code Overflow 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension.
6 CVE-2000-1072 Exec Code 2000-12-11 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.
7 CVE-2000-1068 Exec Code 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter.
8 CVE-2000-1061 Exec Code Bypass 2000-12-11 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
9 CVE-2000-1058 DoS Exec Code Overflow 2000-12-11 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem."
10 CVE-2000-1055 DoS Exec Code Overflow 2000-12-11 2013-08-14
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.
11 CVE-2000-1054 DoS Exec Code Overflow 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
12 CVE-2000-1053 Exec Code XSS 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet.
13 CVE-2000-1047 DoS Exec Code Overflow 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command.
14 CVE-2000-1046 DoS Exec Code Overflow 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via long (1) "RCPT TO," (2) "SAML FROM," or (3) "SOML FROM" commands.
15 CVE-2000-1035 DoS Exec Code Overflow 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER, PASS, or CWD command.
16 CVE-2000-1034 Exec Code Overflow 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.
17 CVE-2000-1031 Exec Code Overflow 2000-12-11 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option.
18 CVE-2000-1029 Exec Code Overflow 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query.
19 CVE-2000-1026 Exec Code Overflow 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands.
20 CVE-2000-1024 Exec Code 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands.
21 CVE-2000-1022 Exec Code 2000-12-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands.
22 CVE-2000-1021 DoS Exec Code Overflow 2000-12-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.
23 CVE-2000-1020 DoS Exec Code Overflow 2000-12-11 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL.
24 CVE-2000-1015 Exec Code 2000-12-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The default configuration of Slashcode before version 2.0 Alpha has a default administrative password, which allows remote attackers to gain Slashcode priviliges and possibly execute arbitrary commands.
25 CVE-2000-1014 Exec Code 2000-12-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter.
26 CVE-2000-1010 Exec Code 2000-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.
27 CVE-2000-1004 Exec Code 2000-12-11 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.
28 CVE-2000-1000 DoS Exec Code 2000-12-11 2008-09-05
5.0
None Remote Low Not required None None Partial
Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters.
29 CVE-2000-0991 Exec Code Overflow 2000-12-19 2013-08-20
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability.
30 CVE-2000-0989 DoS Exec Code Overflow 2000-12-19 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username.
31 CVE-2000-0985 Exec Code Overflow 2000-12-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in All-Mail 1.1 allows remote attackers to execute arbitrary commands via a long "MAIL FROM" or "RCPT TO" command.
32 CVE-2000-0978 Exec Code 2000-12-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter.
33 CVE-2000-0976 Exec Code Overflow 2000-12-19 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.
34 CVE-2000-0973 Exec Code Overflow 2000-12-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.
35 CVE-2000-0971 DoS Exec Code 2000-12-19 2009-04-03
10.0
Admin Remote Low Not required Complete Complete Complete
Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command.
36 CVE-2000-0969 Exec Code 2000-12-19 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon.
37 CVE-2000-0968 Exec Code Overflow 2000-12-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command.
38 CVE-2000-0967 Exec Code 2000-12-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
39 CVE-2000-0964 DoS Exec Code Overflow 2000-12-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
40 CVE-2000-0963 Exec Code Overflow 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS.
41 CVE-2000-0961 Exec Code Overflow 2000-12-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.
42 CVE-2000-0952 Exec Code 2000-12-19 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters.
43 CVE-2000-0950 Exec Code 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) allows local users to execute arbitrary commands via a malformed display name.
44 CVE-2000-0949 Exec Code Overflow 2000-12-19 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.
45 CVE-2000-0947 Exec Code 2000-12-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
46 CVE-2000-0945 Exec Code 2000-12-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.
47 CVE-2000-0943 DoS Exec Code Overflow 2000-12-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command.
48 CVE-2000-0941 Exec Code 2000-12-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter.
49 CVE-2000-0931 DoS Exec Code Overflow 2000-12-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data.
50 CVE-2000-0923 Exec Code 2000-12-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
Total number of vulnerabilities : 207   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.