2000 CVEs
1243 CVEs published in 2000. 2 critical, 6 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2000-0944 | Critical | 9.8 | 2000-12-19 | CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote… |
CVE-2000-1218 | Critical | 9.8 | 2000-04-14 | The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Win… |
CVE-2000-1254 | High | 7.5 | 2016-05-05 | crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote atta… |
CVE-2000-0499 | High | 7.5 | 2000-06-08 | The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides… |
CVE-2000-0498 | High | 7.5 | 2000-06-08 | Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. |
CVE-2000-0497 | High | 7.5 | 2000-06-08 | IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. |
CVE-2000-0342 | High | 7.5 | 2000-04-28 | Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the a… |
CVE-2000-0258 | High | 7.5 | 2000-04-12 | IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Ch… |
CVE-2000-1198 | Medium | 5.5 | 2001-08-31 | qpopper POP server creates lock files with predictable names, which allows local users to cause a denial of service for other users (lack of mail access) by cr… |
CVE-2000-1178 | Medium | 5.5 | 2001-01-09 | Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of o… |
CVE-2000-0972 | Medium | 5.5 | 2000-12-19 | HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting… |
CVE-2000-0552 | Medium | 5.5 | 2000-06-06 | ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive infor… |
CVE-2000-0338 | Medium | 5.5 | 2000-04-23 | Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the loc… |
CVE-2000-1247 | | 2011-10-05 | The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to… | |
CVE-2000-1246 | | 2010-04-05 | NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allows remote authenticated users to cause a denial of service (abend) by sending an RNTO c… | |
CVE-2000-1245 | | 2010-04-05 | Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restricti… | |
CVE-2000-1209 | | 2002-08-12 | The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including thir… | |
CVE-2000-1208 | | 2002-08-12 | Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper sys… | |
CVE-2000-1210 | | 2002-03-22 | Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument… | |
CVE-2000-1215 | | 2001-09-19 | The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies… |