CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2000-0280 DoS Overflow 2000-04-03 2008-09-05
2.6
None Remote High Not required None None Partial
Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.
152 CVE-2000-0281 DoS Overflow 2000-03-26 2008-09-05
2.1
None Local Low Not required None None Partial
Buffer overflow in the Napster client beta 5 allows remote attackers to cause a denial of service via a long message.
153 CVE-2000-0286 DoS 2000-04-16 2008-09-10
2.1
None Local Low Not required None None Partial
X fontserver xfs allows local users to cause a denial of service via malformed input to the server.
154 CVE-2000-0293 2000-05-02 2008-09-10
2.1
None Local Low Not required None Partial None
aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow local users to delete arbitrary files by creating files whose names include spaces, which are then incorrectly interpreted by aaa_base when it deletes expired files from the /tmp directory.
155 CVE-2000-0309 DoS 2001-03-12 2008-09-10
2.1
None Local Low Not required None None Partial
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.
156 CVE-2000-0311 2000-04-20 2018-10-12
2.1
None Local Low Not required None Partial None
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
157 CVE-2000-0334 2000-04-24 2008-09-10
2.1
None Local Low Not required Partial None None
The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.
158 CVE-2000-0336 2000-04-21 2008-09-10
2.1
None Local Low Not required None Partial None
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
159 CVE-2000-0345 +Info 2000-05-03 2008-09-10
2.1
None Local Low Not required Partial None None
The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.
160 CVE-2000-0361 1999-12-14 2008-09-10
2.1
None Local Low Not required Partial None None
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.
161 CVE-2000-0366 1999-12-02 2008-09-10
2.1
None Local Low Not required None Partial None
dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.
162 CVE-2000-0368 200 +Info 2001-03-12 2016-09-21
2.1
None Local Low Not required Partial None None
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
163 CVE-2000-0375 2001-03-12 2008-09-10
2.1
None Local Low Not required None Partial None
The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.
164 CVE-2000-0382 2000-05-08 2008-09-10
2.6
None Remote High Not required Partial None None
ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site.
165 CVE-2000-0387 2000-05-09 2008-09-10
2.1
None Local Low Not required None Partial None
The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.
166 CVE-2000-0402 2000-05-30 2018-10-12
2.1
None Local Low Not required Partial None None
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
167 CVE-2000-0406 2000-05-10 2008-09-10
2.6
None Remote High Not required Partial None None
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
168 CVE-2000-0439 2000-05-11 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.
169 CVE-2000-0445 2000-05-24 2008-09-10
2.1
None Local Low Not required Partial None None
The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys.
170 CVE-2000-0455 Overflow 2000-05-29 2008-09-10
2.1
None Local Low Not required Partial None None
Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option.
171 CVE-2000-0456 DoS 2000-05-28 2008-09-10
2.1
None Local Low Not required None None Partial
NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog".
172 CVE-2000-0458 2000-04-22 2016-10-18
2.1
None Local Low Not required Partial None None
The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information.
173 CVE-2000-0461 DoS 2000-05-29 2008-09-10
2.1
None Local Low Not required None None Partial
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
174 CVE-2000-0462 2000-05-28 2008-09-10
2.1
None Local Low Not required Partial None None
ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.
175 CVE-2000-0485 2000-05-30 2018-10-12
2.1
None Local Low Not required Partial None None
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.
176 CVE-2000-0489 DoS 1999-09-05 2017-10-10
2.1
None Local Low Not required None None Partial
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.
177 CVE-2000-0501 DoS 2000-06-16 2017-10-10
2.6
None Remote High Not required None None Partial
Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server.
178 CVE-2000-0502 2000-06-08 2017-10-10
2.1
None Local Low Not required None Partial None
Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion.
179 CVE-2000-0503 2000-06-06 2021-07-23
2.6
None Remote High Not required Partial None None
The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.
180 CVE-2000-0518 2000-06-05 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
181 CVE-2000-0519 2000-06-05 2021-07-22
2.6
None Remote High Not required Partial None None
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
182 CVE-2000-0531 DoS 1999-11-23 2017-12-19
2.1
None Local Low Not required None None Partial
Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.
183 CVE-2000-0552 +Info 2000-06-06 2017-10-10
2.1
None Local Low Not required Partial None None
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
184 CVE-2000-0553 Bypass 2000-05-26 2017-10-10
2.6
None Remote High Not required None Partial None
Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions.
185 CVE-2000-0559 2000-06-07 2021-04-09
2.1
None Local Low Not required Partial None None
eTrust Intrusion Detection System (formerly SessionWall-3) uses weak encryption (XOR) to store administrative passwords in the registry, which allows local users to easily decrypt the passwords.
186 CVE-2000-0565 2000-06-13 2017-10-10
2.1
None Local Low Not required Partial None None
SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.
187 CVE-2000-0605 2000-07-10 2008-09-10
2.1
None Local Low Not required Partial None None
Blackboard CourseInfo 4.0 stores the local and SQL administrator user names and passwords in cleartext in a registry key whose access control allows users to access the passwords.
188 CVE-2000-0615 2000-07-19 2017-10-10
2.1
None Local Low Not required Partial None None
LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files.
189 CVE-2000-0633 2000-07-18 2017-10-10
2.1
None Local Low Not required None None Partial
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
190 CVE-2000-0649 200 +Info 2000-07-13 2020-11-23
2.6
None Remote High Not required Partial None None
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
191 CVE-2000-0650 Exec Code 2000-07-11 2017-10-10
2.1
None Local Low Not required None Partial None
The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.
192 CVE-2000-0679 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
193 CVE-2000-0691 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
194 CVE-2000-0715 59 2000-10-20 2008-09-10
2.1
None Local Low Not required None Partial None
DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to create or overwrite arbitrary files via a symlink attack on a temporary file.
195 CVE-2000-0716 2000-10-20 2017-10-10
2.6
None Remote High Not required Partial None None
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.
196 CVE-2000-0726 2000-10-20 2017-10-10
2.6
None Remote High Not required Partial None None
CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.
197 CVE-2000-0729 DoS 2000-10-20 2017-10-10
2.1
None Local Low Not required None None Partial
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
198 CVE-2000-0754 2000-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.
199 CVE-2000-0767 2000-10-20 2021-07-23
2.6
None Remote High Not required Partial None None
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.
200 CVE-2000-0768 2000-10-20 2021-07-23
2.6
None Remote High Not required Partial None None
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.