CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4401 CVE-2000-1247 16 2011-10-04 2017-08-28
2.1
None Local Low Not required Partial None None
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
4402 CVE-2000-1198 DoS 2001-08-31 2016-10-17
2.1
None Local Low Not required None None Partial
qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by creating lock files for other mail boxes.
4403 CVE-2000-1197 DoS 2001-08-31 2016-10-17
2.1
None Local Low Not required None None Partial
POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
4404 CVE-2000-1190 2001-08-31 2016-10-17
2.1
None Local Low Not required None Partial None
imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.
4405 CVE-2000-1178 2001-01-09 2018-05-02
2.1
None Local Low Not required None Partial None
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
4406 CVE-2000-1146 DoS 2001-01-09 2017-10-09
2.1
None Local Low Not required None None Partial
Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.
4407 CVE-2000-1144 2001-01-09 2017-10-09
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.
4408 CVE-2000-1143 2001-01-09 2017-10-09
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.
4409 CVE-2000-1142 Exec Code 2001-01-09 2017-10-09
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system.
4410 CVE-2000-1141 2001-01-09 2017-10-09
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.
4411 CVE-2000-1140 2001-01-09 2017-10-09
2.1
None Local Low Not required Partial None None
Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem.
4412 CVE-2000-1083 DoS Exec Code 2001-01-09 2018-10-12
2.1
None Local Low Not required None None Partial
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
4413 CVE-2000-1018 2000-12-11 2017-10-09
2.1
None Local Low Not required Partial None None
shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file.
4414 CVE-2000-1003 DoS 2000-12-11 2017-10-09
2.6
None Remote High Not required None None Partial
NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.
4415 CVE-2000-0972 2000-12-19 2017-10-09
2.1
None Local Low Not required Partial None None
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
4416 CVE-2000-0936 2000-12-19 2017-10-09
2.1
None Local Low Not required Partial None None
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.
4417 CVE-2000-0928 2000-12-19 2017-10-09
2.1
None Local Low Not required Partial None None
WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares.
4418 CVE-2000-0892 +Info 2001-07-21 2017-10-09
2.6
None Remote High Not required Partial None None
Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.
4419 CVE-2000-0881 2000-11-14 2017-12-18
2.1
None Local Low Not required Partial None None
The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files.
4420 CVE-2000-0879 2000-11-14 2017-12-18
2.1
None Local Low Not required None None Partial
LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and dccbkstshut are installed setuid root and world executable, which allows arbitrary local users to start and stop various LPD services.
4421 CVE-2000-0873 2000-11-14 2017-10-09
2.1
None Local Low Not required None Partial None
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.
4422 CVE-2000-0866 DoS 2000-11-14 2017-12-18
2.1
None Local Low Not required None None Partial
Interbase 6 SuperServer for Linux allows an attacker to cause a denial of service via a query containing 0 bytes.
4423 CVE-2000-0849 DoS 2000-11-14 2018-10-12
2.6
None Remote High Not required None None Partial
Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.
4424 CVE-2000-0829 DoS 2000-11-14 2017-10-09
2.1
None Local Low Not required None None Partial
The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.
4425 CVE-2000-0816 Exec Code 2000-10-06 2017-10-09
2.1
None Local Low Not required None Partial None
Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.
4426 CVE-2000-0771 DoS 2000-10-20 2018-10-12
2.1
None Local Low Not required None None Partial
Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
4427 CVE-2000-0768 2000-10-20 2018-10-12
2.6
None Remote High Not required Partial None None
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
4428 CVE-2000-0767 2000-10-20 2018-10-12
2.6
None Remote High Not required Partial None None
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.
4429 CVE-2000-0754 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.
4430 CVE-2000-0729 DoS 2000-10-20 2017-10-09
2.1
None Local Low Not required None None Partial
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
4431 CVE-2000-0726 2000-10-20 2017-10-09
2.6
None Remote High Not required Partial None None
CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.
4432 CVE-2000-0716 2000-10-20 2017-10-09
2.6
None Remote High Not required Partial None None
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.
4433 CVE-2000-0715 59 2000-10-20 2008-09-10
2.1
None Local Low Not required None Partial None
DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.
4434 CVE-2000-0691 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
4435 CVE-2000-0679 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
4436 CVE-2000-0650 Exec Code 2000-07-11 2017-10-09
2.1
None Local Low Not required None Partial None
The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.
4437 CVE-2000-0649 200 +Info 2000-07-13 2018-10-30
2.6
None Remote High Not required Partial None None
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
4438 CVE-2000-0633 2000-07-18 2017-10-09
2.1
None Local Low Not required None None Partial
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
4439 CVE-2000-0615 2000-07-19 2017-10-09
2.1
None Local Low Not required Partial None None
LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files.
4440 CVE-2000-0605 2000-07-10 2008-09-10
2.1
None Local Low Not required Partial None None
Blackboard CourseInfo 4.0 stores the local and SQL administrator user names and passwords in cleartext in a registry key whose access control allows users to access the passwords.
4441 CVE-2000-0565 2000-06-13 2017-10-09
2.1
None Local Low Not required Partial None None
SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.
4442 CVE-2000-0559 2000-06-07 2008-09-10
2.1
None Local Low Not required Partial None None
eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.
4443 CVE-2000-0553 Bypass 2000-05-26 2017-10-09
2.6
None Remote High Not required None Partial None
Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions.
4444 CVE-2000-0552 +Info 2000-06-06 2017-10-09
2.1
None Local Low Not required Partial None None
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
4445 CVE-2000-0531 DoS 1999-11-23 2017-12-18
2.1
None Local Low Not required None None Partial
Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.
4446 CVE-2000-0519 2000-06-05 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
4447 CVE-2000-0518 2000-06-05 2018-10-12
2.6
None Remote High Not required Partial None None
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
4448 CVE-2000-0503 2000-06-06 2008-09-10
2.6
None Remote High Not required Partial None None
The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.
4449 CVE-2000-0502 2000-06-08 2017-10-09
2.1
None Local Low Not required None Partial None
Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion.
4450 CVE-2000-0501 DoS 2000-06-16 2017-10-09
2.6
None Remote High Not required None None Partial
Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server.
Total number of vulnerabilities : 4610   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 (This Page)90 91 92 93
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.