2000 CVEs

1243 CVEs published in 2000. 2 critical, 6 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2000
CVESeverityScorePublishedSummary
CVE-2000-0944Critical9.82000-12-19CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote…
CVE-2000-1218Critical9.82000-04-14The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Win…
CVE-2000-1254High7.52016-05-05crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote atta…
CVE-2000-0499High7.52000-06-08The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides…
CVE-2000-0498High7.52000-06-08Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
CVE-2000-0497High7.52000-06-08IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
CVE-2000-0342High7.52000-04-28Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the a…
CVE-2000-0258High7.52000-04-12IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Ch…
CVE-2000-1198Medium5.52001-08-31qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by cr…
CVE-2000-1178Medium5.52001-01-09Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of o…
CVE-2000-0972Medium5.52000-12-19HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting…
CVE-2000-0552Medium5.52000-06-06ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive infor…
CVE-2000-0338Medium5.52000-04-23Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the loc…
CVE-2000-12472011-10-05The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to…
CVE-2000-12462010-04-05NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO c…
CVE-2000-12452010-04-05Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restricti…
CVE-2000-12092002-08-12The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including thir…
CVE-2000-12082002-08-12Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper sys…
CVE-2000-12102002-03-22Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument…
CVE-2000-12152001-09-19The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies…