CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4551 CVE-2000-0489 DoS 1999-09-05 2017-10-09
2.1
None Local Low Not required None None Partial
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.
4552 CVE-2000-0485 2000-05-30 2018-10-12
2.1
None Local Low Not required Partial None None
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.
4553 CVE-2000-0462 2000-05-28 2008-09-10
2.1
None Local Low Not required Partial None None
ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.
4554 CVE-2000-0461 DoS 2000-05-29 2008-09-10
2.1
None Local Low Not required None None Partial
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
4555 CVE-2000-0458 2000-04-22 2016-10-17
2.1
None Local Low Not required Partial None None
The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information.
4556 CVE-2000-0456 DoS 2000-05-28 2008-09-10
2.1
None Local Low Not required None None Partial
NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog".
4557 CVE-2000-0455 Overflow 2000-05-29 2008-09-10
2.1
None Local Low Not required Partial None None
Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option.
4558 CVE-2000-0445 2000-05-24 2008-09-10
2.1
None Local Low Not required Partial None None
The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys.
4559 CVE-2000-0439 2000-05-11 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.
4560 CVE-2000-0406 2000-05-10 2008-09-10
2.6
None Remote High Not required Partial None None
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
4561 CVE-2000-0402 2000-05-30 2018-10-12
2.1
None Local Low Not required Partial None None
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
4562 CVE-2000-0387 2000-05-09 2008-09-10
2.1
None Local Low Not required None Partial None
The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.
4563 CVE-2000-0382 2000-05-08 2008-09-10
2.6
None Remote High Not required Partial None None
ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site.
4564 CVE-2000-0375 2001-03-12 2008-09-10
2.1
None Local Low Not required None Partial None
The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.
4565 CVE-2000-0368 200 +Info 2001-03-12 2016-09-21
2.1
None Local Low Not required Partial None None
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
4566 CVE-2000-0366 1999-12-02 2008-09-10
2.1
None Local Low Not required None Partial None
dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.
4567 CVE-2000-0361 1999-12-14 2008-09-10
2.1
None Local Low Not required Partial None None
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.
4568 CVE-2000-0345 +Info 2000-05-03 2008-09-10
2.1
None Local Low Not required Partial None None
The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
4569 CVE-2000-0336 2000-04-21 2008-09-10
2.1
None Local Low Not required None Partial None
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
4570 CVE-2000-0334 2000-04-24 2008-09-10
2.1
None Local Low Not required Partial None None
The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.
4571 CVE-2000-0311 2000-04-20 2018-10-12
2.1
None Local Low Not required None Partial None
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
4572 CVE-2000-0309 DoS 2001-03-12 2008-09-10
2.1
None Local Low Not required None None Partial
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.
4573 CVE-2000-0293 2000-05-02 2008-09-10
2.1
None Local Low Not required None Partial None
aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaa_base when it deletes expired files from the /tmp directory.
4574 CVE-2000-0286 DoS 2000-04-16 2008-09-10
2.1
None Local Low Not required None None Partial
X fontserver xfs allows local users to cause a denial of service via malformed input to the server.
4575 CVE-2000-0281 DoS Overflow 2000-03-26 2008-09-05
2.1
None Local Low Not required None None Partial
Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message.
4576 CVE-2000-0280 DoS Overflow 2000-04-03 2008-09-05
2.6
None Remote High Not required None None Partial
Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.
4577 CVE-2000-0276 DoS 2000-04-10 2008-09-10
2.1
None Local Low Not required None None Partial
BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37.
4578 CVE-2000-0275 2000-04-10 2008-09-10
2.1
None Local Low Not required Partial None None
CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN.
4579 CVE-2000-0274 DoS 2000-04-10 2008-09-10
2.1
None Local Low Not required None None Partial
The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name.
4580 CVE-2000-0269 2000-04-18 2008-09-10
2.1
None Local Low Not required Partial None None
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
4581 CVE-2000-0266 Bypass 2000-04-18 2008-09-10
2.6
None Remote High Not required Partial None None
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
4582 CVE-2000-0264 +Priv 2000-04-17 2008-09-10
2.1
None Local Low Not required None Partial None
Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.
4583 CVE-2000-0263 DoS 2000-04-16 2008-09-10
2.1
None Local Low Not required None None Partial
The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.
4584 CVE-2000-0232 DoS 2000-03-30 2018-10-12
2.1
None Local Low Not required None None Partial
Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.
4585 CVE-2000-0227 DoS 2000-03-23 2017-12-19
2.1
None Local Low Not required None None Partial
The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets.
4586 CVE-2000-0184 2000-03-09 2008-09-10
2.1
None Local Low Not required Partial None None
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
4587 CVE-2000-0167 DoS 2000-02-15 2008-09-10
2.1
None Local Low Not required None None Partial
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
4588 CVE-2000-0147 2000-02-08 2008-09-05
2.1
None Local Low Not required None Partial None
snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration.
4589 CVE-2000-0139 DoS 1999-12-03 2016-10-17
2.1
None Local Low Not required None None Partial
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.
4590 CVE-2000-0132 200 +Info 2000-01-31 2008-09-10
2.6
None Remote High Not required Partial None None
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.
4591 CVE-2000-0129 DoS Overflow 2000-02-04 2008-09-10
2.1
None Local Low Not required None None Partial
Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file.
4592 CVE-2000-0124 Bypass 2000-02-03 2008-09-10
2.1
None Local Low Not required Partial None None
surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions.
4593 CVE-2000-0089 2000-02-04 2018-10-12
2.1
None Local Low Not required Partial None None
The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.
4594 CVE-2000-0080 2000-01-10 2016-10-17
2.1
None Local Low Not required None Partial None
AIX techlibss allows local users to overwrite files via a symlink attack.
4595 CVE-2000-0076 1999-12-30 2016-10-17
2.1
None Local Low Not required None Partial None
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
4596 CVE-2000-0069 2000-01-01 2008-09-10
2.1
None Local Low Not required Partial None None
The recover program in Solstice Backup allows local users to restore sensitive files.
4597 CVE-2000-0067 2000-01-11 2008-09-10
2.1
None Local Low Not required Partial None None
CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack.
4598 CVE-2000-0028 Bypass 1999-12-23 2008-09-10
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
4599 CVE-2000-0019 1999-03-04 2008-09-10
2.1
None Local Low Not required Partial None None
IMail POP3 daemon uses weak encryption, which allows local users to read files.
4600 CVE-2000-0008 1999-12-26 2008-09-10
2.1
None Local Low Not required Partial None None
FTPPro allows local users to read sensitive information, which is stored in plain text.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.