CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2001

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-0897 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed.
2 CVE-2000-0898 2001-01-09 2016-10-18
5.0
None Remote Low Not required None None Partial
Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file.
3 CVE-2000-0899 DoS 2001-01-09 2016-10-18
5.0
None Remote Low Not required None None Partial
Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the server and sending out multiple GET, HEAD, or POST requests and closing the connection before the server responds to the requests.
4 CVE-2000-1039 DoS 2001-01-09 2018-10-12
5.0
None Remote Low Not required None None Partial
Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE.
5 CVE-2000-1081 DoS Exec Code 2001-01-09 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
6 CVE-2000-1082 DoS Exec Code 2001-01-09 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
7 CVE-2000-1083 DoS Exec Code 2001-01-09 2018-10-12
2.1
None Local Low Not required None None Partial
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
8 CVE-2000-1084 DoS Exec Code 2001-01-09 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
9 CVE-2000-1085 DoS Exec Code 2001-01-09 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
10 CVE-2000-1086 DoS Exec Code 2001-01-09 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
11 CVE-2000-1087 DoS Exec Code 2001-01-09 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
12 CVE-2000-1088 DoS Exec Code 2001-01-09 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
13 CVE-2000-1089 Exec Code Overflow 2001-01-09 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
14 CVE-2000-1092 2001-01-09 2017-12-19
5.0
None Remote Low Not required Partial None None
loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter.
15 CVE-2000-1093 Exec Code Overflow 2001-01-09 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command.
16 CVE-2000-1094 Exec Code Overflow 2001-01-09 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.
17 CVE-2000-1095 Exec Code 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
18 CVE-2000-1096 Exec Code 2001-01-09 2018-05-03
3.7
None Local High Not required Partial Partial Partial
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
19 CVE-2000-1097 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.
20 CVE-2000-1098 DoS 2001-01-09 2008-09-05
5.0
None Remote Low Not required None None Partial
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request.
21 CVE-2000-1099 2001-01-09 2018-09-20
5.1
None Remote High Not required Partial Partial Partial
Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities.
22 CVE-2000-1100 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request.
23 CVE-2000-1101 Dir. Trav. 2001-01-09 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.
24 CVE-2000-1102 DoS 2001-01-09 2008-09-05
5.0
None Remote Low Not required None None Partial
PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to cause a denial of service (server crash) via "mode +owgscfxeb" and "oper" commands.
25 CVE-2000-1103 +Priv 2001-01-09 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
26 CVE-2000-1104 XSS 2001-01-09 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Variant of the "IIS Cross-Site Scripting" vulnerability as originally discussed in MS:MS00-060 (CVE-2000-0746) allows a malicious web site operator to embed scripts in a link to a trusted site, which are returned without quoting in an error message back to the client. The client then executes those scripts in the same context as the trusted site.
27 CVE-2000-1105 XSS 2001-01-09 2008-09-05
4.3
None Remote Medium Not required Partial None None
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
28 CVE-2000-1106 +Priv 2001-01-09 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs.
29 CVE-2000-1107 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash.
30 CVE-2000-1108 2001-01-09 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.
31 CVE-2000-1109 Exec Code +Priv 2001-01-09 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed.
32 CVE-2000-1110 2001-01-09 2008-09-05
5.0
None Remote Low Not required Partial None None
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.
33 CVE-2000-1111 DoS 2001-01-09 2017-10-10
5.0
None Remote Low Not required None None Partial
Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.
34 CVE-2000-1112 +Priv 2001-01-09 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability.
35 CVE-2000-1113 Exec Code Overflow 2001-01-09 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.
36 CVE-2000-1114 2001-01-09 2008-09-05
5.0
None Remote Low Not required Partial None None
Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20".
37 CVE-2000-1115 DoS Exec Code Overflow 2001-01-09 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
38 CVE-2000-1116 DoS Exec Code Overflow 2001-01-09 2017-12-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long command.
39 CVE-2000-1117 2001-01-09 2008-09-10
5.0
None Remote Low Not required Partial None None
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
40 CVE-2000-1118 Bypass 2001-01-09 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request.
41 CVE-2000-1119 Exec Code Overflow 2001-01-09 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.
42 CVE-2000-1120 Exec Code Overflow 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.
43 CVE-2000-1121 Exec Code Overflow 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.
44 CVE-2000-1122 Exec Code Overflow 2001-01-09 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.
45 CVE-2000-1123 Exec Code Overflow 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.
46 CVE-2000-1124 Overflow +Priv 2001-01-09 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.
47 CVE-2000-1125 2001-01-09 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
48 CVE-2000-1126 DoS Exec Code 2001-01-09 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service.
49 CVE-2000-1127 2001-01-09 2008-09-05
3.6
None Local Low Not required Partial Partial None
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable.
50 CVE-2000-1128 2001-01-09 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The default configuration of McAfee VirusScan 4.5 does not quote the ImagePath variable, which improperly sets the search path and allows local users to place a Trojan horse "common.exe" program in the C:\Program Files directory.
Total number of vulnerabilities : 130   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.