| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2001-0679 |
|
|
Exec Code Overflow |
1999-11-08 |
2017-12-18 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote attacker to execute arbitrary code by sending a long HELO command to the server. |
|
2 |
CVE-2000-1206 |
|
|
|
1999-08-20 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files. |
|
3 |
CVE-2000-0531 |
|
|
DoS |
1999-11-23 |
2017-12-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets. |
|
4 |
CVE-2000-0489 |
|
|
DoS |
1999-09-05 |
2017-10-09 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers. |
|
5 |
CVE-2000-0481 |
|
|
DoS Overflow |
1999-06-01 |
2017-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name. |
|
6 |
CVE-2000-0412 |
|
|
|
1999-05-01 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The gnapster and knapster clients for Napster do not properly restrict access only to MP3 files, which allows remote attackers to read arbitrary files from the client by specifying the full pathname for the file. |
|
7 |
CVE-2000-0374 |
|
|
Bypass +Info |
1999-08-22 |
2017-10-09 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions. |
|
8 |
CVE-2000-0373 |
|
|
+Priv |
1999-06-01 |
2017-10-09 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges. |
|
9 |
CVE-2000-0371 |
|
|
|
1999-03-01 |
2008-09-10 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. |
|
10 |
CVE-2000-0370 |
|
|
Exec Code |
1999-01-29 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command. |
|
11 |
CVE-2000-0369 |
|
|
DoS |
1999-10-08 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service. |
|
12 |
CVE-2000-0367 |
|
|
+Priv |
1999-02-18 |
2008-09-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges. |
|
13 |
CVE-2000-0366 |
|
|
|
1999-12-02 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. |
|
14 |
CVE-2000-0365 |
|
|
|
1999-06-01 |
2016-10-17 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to write to other tty devices. |
|
15 |
CVE-2000-0364 |
|
|
|
1999-06-01 |
2016-10-17 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys. |
|
16 |
CVE-2000-0363 |
|
|
+Priv |
1999-10-22 |
2008-09-10 |
6.2 |
Admin |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory. |
|
17 |
CVE-2000-0362 |
|
|
Overflow +Priv |
1999-10-22 |
2008-09-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges. |
|
18 |
CVE-2000-0361 |
|
|
|
1999-12-14 |
2008-09-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information. |
|
19 |
CVE-2000-0358 |
|
|
|
1999-12-03 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers to crash a program. |
|
20 |
CVE-2000-0357 |
|
|
|
1999-12-03 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys. |
|
21 |
CVE-2000-0356 |
|
|
|
1999-10-13 |
2008-09-10 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts. |
|
22 |
CVE-2000-0355 |
|
|
|
1999-08-21 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrary files. |
|
23 |
CVE-2000-0353 |
|
|
Exec Code |
1999-06-28 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine. |
|
24 |
CVE-2000-0352 |
|
|
Exec Code |
1999-11-18 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL. |
|
25 |
CVE-2000-0333 |
|
|
DoS |
1999-05-31 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet. |
|
26 |
CVE-2000-0330 |
|
|
Exec Code |
1999-11-12 |
2018-10-12 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability. |
|
27 |
CVE-2000-0329 |
|
|
|
1999-11-11 |
2018-10-12 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability. |
|
28 |
CVE-2000-0328 |
|
|
|
1999-08-24 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking. |
|
29 |
CVE-2000-0327 |
|
|
Exec Code |
1999-10-21 |
2018-10-12 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability. |
|
30 |
CVE-2000-0325 |
|
|
Exec Code |
1999-08-20 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability. |
|
31 |
CVE-2000-0323 |
|
|
|
1999-07-28 |
2018-10-15 |
7.6 |
Admin |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability. |
|
32 |
CVE-2000-0165 |
|
|
Exec Code Overflow |
1999-11-13 |
2018-05-02 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands. |
|
33 |
CVE-2000-0153 |
|
|
|
1999-03-26 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack. |
|
34 |
CVE-2000-0139 |
|
|
DoS |
1999-12-03 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command. |
|
35 |
CVE-2000-0119 |
|
|
|
1999-12-22 |
2016-10-17 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. |
|
36 |
CVE-2000-0118 |
|
|
|
1999-06-09 |
2018-10-30 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing. |
|
37 |
CVE-2000-0100 |
|
|
+Priv |
1999-12-29 |
2018-10-12 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. |
|
38 |
CVE-2000-0076 |
|
|
|
1999-12-30 |
2016-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. |
|
39 |
CVE-2000-0073 |
|
|
DoS Overflow |
1999-11-17 |
2018-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. |
|
40 |
CVE-2000-0068 |
|
|
|
1999-12-14 |
2016-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail. |
|
41 |
CVE-2000-0060 |
|
|
DoS Overflow |
1999-12-27 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name. |
|
42 |
CVE-2000-0054 |
|
|
|
1999-01-03 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack. |
|
43 |
CVE-2000-0047 |
|
|
DoS Overflow |
1999-10-01 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Yahoo Pager/Messenger client allows remote attackers to cause a denial of service via a long URL within a message. |
|
44 |
CVE-2000-0043 |
|
|
Exec Code Overflow |
1999-12-30 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request. |
|
45 |
CVE-2000-0042 |
|
|
DoS Exec Code Overflow |
1999-12-29 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command. |
|
46 |
CVE-2000-0041 |
|
|
|
1999-12-28 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. |
|
47 |
CVE-2000-0040 |
|
|
+Priv |
1999-12-23 |
2008-09-10 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. |
|
48 |
CVE-2000-0039 |
|
|
|
1999-12-29 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. |
|
49 |
CVE-2000-0038 |
|
|
|
1999-12-23 |
2008-09-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
glFtpD includes a default glftpd user account with a default password and a UID of 0. |
|
50 |
CVE-2000-0037 |
|
|
+Priv |
1999-12-28 |
2016-10-17 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. |
