CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4201 CVE-2000-0439 2000-05-11 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.
4202 CVE-2000-0406 2000-05-10 2008-09-10
2.6
None Remote High Not required Partial None None
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
4203 CVE-2000-0402 2000-05-30 2018-10-12
2.1
None Local Low Not required Partial None None
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
4204 CVE-2000-0387 2000-05-09 2008-09-10
2.1
None Local Low Not required None Partial None
The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.
4205 CVE-2000-0382 2000-05-08 2008-09-10
2.6
None Remote High Not required Partial None None
ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site.
4206 CVE-2000-0375 2001-03-12 2008-09-10
2.1
None Local Low Not required None Partial None
The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.
4207 CVE-2000-0368 200 +Info 2001-03-12 2016-09-21
2.1
None Local Low Not required Partial None None
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
4208 CVE-2000-0366 1999-12-02 2008-09-10
2.1
None Local Low Not required None Partial None
dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.
4209 CVE-2000-0361 1999-12-14 2008-09-10
2.1
None Local Low Not required Partial None None
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.
4210 CVE-2000-0345 +Info 2000-05-03 2008-09-10
2.1
None Local Low Not required Partial None None
The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
4211 CVE-2000-0336 2000-04-21 2008-09-10
2.1
None Local Low Not required None Partial None
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
4212 CVE-2000-0334 2000-04-24 2008-09-10
2.1
None Local Low Not required Partial None None
The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.
4213 CVE-2000-0311 2000-04-20 2018-10-12
2.1
None Local Low Not required None Partial None
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
4214 CVE-2000-0309 DoS 2001-03-12 2008-09-10
2.1
None Local Low Not required None None Partial
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.
4215 CVE-2000-0293 2000-05-02 2008-09-10
2.1
None Local Low Not required None Partial None
aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaa_base when it deletes expired files from the /tmp directory.
4216 CVE-2000-0286 DoS 2000-04-16 2008-09-10
2.1
None Local Low Not required None None Partial
X fontserver xfs allows local users to cause a denial of service via malformed input to the server.
4217 CVE-2000-0281 DoS Overflow 2000-03-26 2008-09-05
2.1
None Local Low Not required None None Partial
Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message.
4218 CVE-2000-0280 DoS Overflow 2000-04-03 2008-09-05
2.6
None Remote High Not required None None Partial
Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.
4219 CVE-2000-0276 DoS 2000-04-10 2008-09-10
2.1
None Local Low Not required None None Partial
BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37.
4220 CVE-2000-0275 2000-04-10 2008-09-10
2.1
None Local Low Not required Partial None None
CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a user's PIN number, which allows an attacker with access to the .PDB file to generate valid PT-1 tokens after cracking the PIN.
4221 CVE-2000-0274 DoS 2000-04-10 2008-09-10
2.1
None Local Low Not required None None Partial
The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name.
4222 CVE-2000-0269 2000-04-18 2008-09-10
2.1
None Local Low Not required Partial None None
Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.
4223 CVE-2000-0266 Bypass 2000-04-18 2008-09-10
2.6
None Remote High Not required Partial None None
Internet Explorer 5.01 allows remote attackers to bypass the cross frame security policy via a malicious applet that interacts with the Java JSObject to modify the DOM properties to set the IFRAME to an arbitrary Javascript URL.
4224 CVE-2000-0264 +Priv 2000-04-17 2008-09-10
2.1
None Local Low Not required None Partial None
Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.
4225 CVE-2000-0263 DoS 2000-04-16 2008-09-10
2.1
None Local Low Not required None None Partial
The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.
4226 CVE-2000-0232 DoS 2000-03-30 2018-10-12
2.1
None Local Low Not required None None Partial
Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.
4227 CVE-2000-0227 DoS 2000-03-23 2017-12-19
2.1
None Local Low Not required None None Partial
The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets.
4228 CVE-2000-0184 2000-03-09 2008-09-10
2.1
None Local Low Not required Partial None None
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
4229 CVE-2000-0167 DoS 2000-02-15 2008-09-10
2.1
None Local Low Not required None None Partial
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
4230 CVE-2000-0147 2000-02-08 2008-09-05
2.1
None Local Low Not required None Partial None
snmpd in SCO OpenServer has an SNMP community string that is writable by default, which allows local attackers to modify the host's configuration.
4231 CVE-2000-0139 DoS 1999-12-03 2016-10-17
2.1
None Local Low Not required None None Partial
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.
4232 CVE-2000-0132 200 +Info 2000-01-31 2008-09-10
2.6
None Remote High Not required Partial None None
Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.
4233 CVE-2000-0129 DoS Overflow 2000-02-04 2008-09-10
2.1
None Local Low Not required None None Partial
Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file.
4234 CVE-2000-0124 Bypass 2000-02-03 2008-09-10
2.1
None Local Low Not required Partial None None
surfCONTROL SuperScout does not properly asign a category to web sites with a . (dot) at the end, which may allow users to bypass web access restrictions.
4235 CVE-2000-0089 2000-02-04 2018-10-12
2.1
None Local Low Not required Partial None None
The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.
4236 CVE-2000-0080 2000-01-10 2016-10-17
2.1
None Local Low Not required None Partial None
AIX techlibss allows local users to overwrite files via a symlink attack.
4237 CVE-2000-0076 1999-12-30 2016-10-17
2.1
None Local Low Not required None Partial None
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
4238 CVE-2000-0069 2000-01-01 2008-09-10
2.1
None Local Low Not required Partial None None
The recover program in Solstice Backup allows local users to restore sensitive files.
4239 CVE-2000-0067 2000-01-11 2008-09-10
2.1
None Local Low Not required Partial None None
CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack.
4240 CVE-2000-0028 Bypass 1999-12-23 2008-09-10
2.6
None Remote High Not required Partial None None
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
4241 CVE-2000-0019 1999-03-04 2008-09-10
2.1
None Local Low Not required Partial None None
IMail POP3 daemon uses weak encryption, which allows local users to read files.
4242 CVE-2000-0008 1999-12-26 2008-09-10
2.1
None Local Low Not required Partial None None
FTPPro allows local users to read sensitive information, which is stored in plain text.
4243 CVE-2000-0006 1999-12-25 2017-10-09
2.6
None Local High Not required Partial Partial None
strace allows local users to read arbitrary files via memory mapped file names.
4244 CVE-1999-1587 1999-12-31 2018-10-30
2.1
None Local Low Not required Partial None None
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
4245 CVE-1999-1572 1996-07-16 2017-10-18
2.1
None Local Low Not required Partial None None
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
4246 CVE-1999-1564 DoS 1999-09-02 2008-09-05
2.1
None Local Low Not required None None Partial
FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.
4247 CVE-1999-1554 1990-10-31 2008-09-05
2.1
None Local Low Not required Partial None None
/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users.
4248 CVE-1999-1545 1999-07-14 2016-10-17
2.1
None Local Low Not required Partial None None
Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users.
4249 CVE-1999-1540 1999-10-04 2017-12-18
2.1
None Local Low Not required Partial None None
shell-lock in Cactus Software Shell Lock uses weak encryption (trivial encoding) which allows attackers to easily decrypt and obtain the source code.
4250 CVE-1999-1538 1999-01-14 2016-10-17
2.1
None Local Low Not required Partial None None
When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password.
Total number of vulnerabilities : 4356   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 (This Page)86 87 88
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.