CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2000 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-0296 +Priv 2000-03-31 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck.
2 CVE-2000-0247 +Priv 2000-03-22 2017-10-09
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges.
3 CVE-2000-0245 2000-03-27 2017-10-09
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.
4 CVE-2000-0244 2000-03-29 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication.
5 CVE-2000-0237 2000-03-11 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.
6 CVE-2000-0235 Overflow +Priv 2000-03-27 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
7 CVE-2000-0233 +Priv Bypass 2000-03-15 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.
8 CVE-2000-0231 +Priv 2000-03-16 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.
9 CVE-2000-0230 Overflow +Priv 2000-03-13 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.
10 CVE-2000-0229 +Priv 2000-03-22 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.
11 CVE-2000-0223 Overflow +Priv 2000-03-10 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter.
12 CVE-2000-0207 Exec Code 2000-03-01 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.
13 CVE-2000-0206 +Priv 2000-03-05 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.
14 CVE-2000-0205 2000-03-03 2008-09-10
6.4
None Remote Low Not required None Partial Partial
Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.
15 CVE-2000-0202 +Priv 2000-03-08 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
16 CVE-2000-0199 2000-03-14 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password.
17 CVE-2000-0193 +Priv 2000-03-02 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges.
18 CVE-2000-0177 Exec Code 2000-03-02 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
DNSTools CGI applications allow remote attackers to execute arbitrary commands via shell metacharacters.
19 CVE-2000-0175 Overflow 2000-03-09 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.
20 CVE-2000-0172 +Priv 2000-03-03 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.
21 CVE-2000-0171 +Priv 2000-03-11 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges.
22 CVE-2000-0169 Exec Code 2000-03-15 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.
23 CVE-1999-0693 Overflow +Priv 2000-03-02 2018-05-02
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.