Security Vulnerabilities, CVEs, Published In 2000

A system does not present an appropriate legal message or warning to a user who is accessing it.

Buffer overflow in Internet Explorer 4.0 via EMBED tag.

Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.

HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).

Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands.

PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.

The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.

Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request.

Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.

Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.

An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5.

The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.

The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters.

Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to execute commands via the STOR, RNTO, MKD, XMKD, RMD, XRMD, APPE, SIZE, and RNFR commands.

Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field.

Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name.

Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.

DNSTools CGI applications allow remote attackers to execute arbitrary commands via shell metacharacters.

Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.

SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.

The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication.

Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.

The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.